Thilan Dissanayaka Cryptography May 03

Basic concepts of Cryptography

Cryptography is the art and science of securing information. In today’s interconnected world, where data is constantly being transmitted across networks, cryptography plays a vital role in ensuring that sensitive information is protected from unauthorized access.

Whether you're sending an email, making an online payment, or accessing a secured server, cryptographic principles are silently working behind the scenes to protect your data.

Why Cryptography Matters

At its core, cryptography ensures:

  • Confidentiality: Information is only accessible to those authorized.
  • Integrity: Data has not been altered or tampered with.
  • Authentication: Verifies the identity of the sender or receiver.
  • Non-repudiation: Prevents someone from denying their involvement in a communication or transaction.

Meet Alice, Bob, and Trudy

Cryptography scenarios often involve three fictional characters:

mi6lu0rzlmbmq9k21kgz.png

  • Alice: The sender of a message.

  • Bob: The intended recipient.

  • Trudy (the intruder): The malicious third party trying to intercept, modify, or impersonate communications between Alice and Bob.

These characters help us visualize the roles and threats in a cryptographic system.

Basic Cryptographic Terminology

Here are some key terms you'll encounter:

  • Plaintext: The original readable message (e.g., "Hello, Bob!").

  • Ciphertext: The encrypted message that appears unreadable (e.g., "5A2B1C...").

  • Encryption: The process of converting plaintext into ciphertext.

  • Decryption: Converting ciphertext back into plaintext.

  • Key: A piece of information used in encryption/decryption.

  • Algorithm: The procedure used for encryption and decryption.

  • Key Exchange: The method by which cryptographic keys are securely shared.

  • Digital Signature: A cryptographic code that verifies the authenticity and integrity of a message.

  • Certificate: A digital document used to prove ownership of a public key.

The Three Main Types of Cryptographic Techniques

1. Symmetric Key Cryptography (Secret Key Cryptography)

How it works: The same secret key is used for both encryption and decryption.

Requirement: Both Alice and Bob must securely share and store the secret key.

Example Algorithms: AES (Advanced Encryption Standard), DES (Data Encryption Standard).

Analogy: Like using the same key to lock and unlock a door.

Scenario: Alice encrypts a message using a shared key and sends it to Bob. If Trudy intercepts the message but doesn't have the key, she can't read it.

2. Asymmetric Key Cryptography (Public Key Cryptography)

How it works: Uses two keys — a public key (shared openly) and a private key (kept secret).

Key Principle: What one key encrypts, the other can decrypt.

Solves: The problem of key exchange.

Example Algorithms: RSA, ECC (Elliptic Curve Cryptography).

Analogy: Everyone has your locked mailbox (public key), but only you have the key to open it (private key).

Scenario: Bob publishes his public key. Alice uses it to encrypt a message. Only Bob, who has the corresponding private key, can decrypt it — even if Trudy intercepts the ciphertext.

3. Hash Functions

Purpose: Creates a unique, fixed-length hash from input data.

One-way: You can’t retrieve the original data from the hash.

Uses: Data integrity, password storage, digital signatures.

Example Algorithms: SHA-256, MD5, Keccak.

Analogy: Like taking a fingerprint of data.

Scenario: Alice hashes a message before sending it. Bob receives the message and the hash. He computes the hash of the received message and compares it. If they match, the message wasn't altered by Trudy.

ALSO READ
Introduction to Edge Computing
Mar 23 Computing Concepts
Introduction to Edge Computing

Edge computing is a distributed computing paradigm where computation and data storage are performed closer to the location where it is needed. Instead of relying solely on a centralized data center,....

Error based SQL Injection
Apr 26 Web App Hacking
Error based SQL Injection

In the previous example, we saw how a classic [SQL Injection Login Bypass](https://hacksland.net/sql-injection-login-bypass) works. SQL Injection is not all about that. The real fun is we can extract....

SQL injection login bypass
Apr 26 Web App Hacking
SQL injection login bypass

SQL Injection (SQLi) is one of the oldest and most fundamental web application vulnerabilities. While it’s becoming rarer in modern web apps due to better coding practices and frameworks,....

Boolean based Blind SQL Injection
Apr 26 Web App Hacking
Boolean based Blind SQL Injection

Blind SQL Injection happens when: There is a SQL injection vulnerability, BUT the application does not show any SQL errors or query outputs directly. In this case, an attacker has to ask....

Observer Pattern explained simply
Apr 26 Software Architecture
Observer Pattern explained simply

When one object needs to notify many other objects about changes in its state **automatically**, the **Observer Pattern** steps in. ## What is the Observer Pattern? - Defines a....

Building and Extending a PHP Web Shell
Apr 27 Web App Hacking
Building and Extending a PHP Web Shell

A **web shell** is a script that enables an attacker to gain remote control over a web server. It is especially useful for **post-exploitation tasks**, allowing an attacker to execute arbitrary....

ABOUT

Dive deep into the fascinating world of cybersecurity — where knowledge is power, and every byte matters.

Explore expertly written articles on system exploitation, web application hacking, exploit development, malware analysis, cryptography, and more.

CATEGORIES