Hi guys, I thought to start a tutorial serious on cryptography. Because its an essential subject to learn. So in this document I'll cover some basic terms in cryptography. The scope of this document is not to explain those terms in deeply. Let's get a quick idea about them. In future tutorials we are going to learn them one by one.
Plain text/Clear text.
The name says it's all. Actually this is the form normally we see data. Or we can call them as non encrypted data. If someone has could managed to access data he can directly read and understand them even a malicious user can read those data. Actually this is the place we want cryptography.
When we apply a cryptography methods on data we get a cipher text as the output. In many times the ciphers text will be totally unreadable.
In above I said that we use a cryptography method to transform clear text into a cipher . Actually what we use is an algorithm. Algorithm is a mathematical formula that do some operations and output a string. Usually these algorithms use mathematical concepts like calculus , probability, complex numbers, permutations etc. We'll talk more about these in future tutorials.
This is something we use as a key. :-). When we encrypt data we use a key. So if we want to decry-pt them we need the same key. Actually the same key is not used in every form of cryptography. In some times we use a pair of public key and a private key. I'll explain those in deeply later.
We saw that if we want to access original data (Get clear text from cipher) we need the key. But there are some ways to crack the encryption. This is totally depended on the algorithm and the key which is used to encrypt.
Hashing is a special thing in this subject. What happen hear is take an string as input and generate an unique string . That unique string is something that called as a hash. This output hash has a unique length. There are many hashing algorithms like md5, sha etc. Theoretically it's impossible to get the original string from a hash. So what's the usage of hashing if we can't get original data again? Think there is a web application that uses salting. It saves passwords in following way. Let's imaging user enter 'hacksland' as his password when registering. Now it add a string 'physics' as a salt. Now password string becomes 'hackslandphysics'. Now web app generate md5 hash for this string and save it in it's database. Now whenever user enter his password to login web app add the salt again and generate md5 hash. After it compare this hash with old one which is saved in database.
I mentioned that it is impossible to retrieve original data from a hash. So what does mean by crack hashes? . Don't misunderstand that cracking is not something like decrypt a cipher. What we do hear is comparing a hash with pre-generated hashes. Think this way. We have a list of common passwords. We generate the unique hash for every password. Also we have a map between every password and its hash. Now when we want to crack a hash we compare it with our hash list. Of one of a hash match we can find password.
Salting is a method that used to increase the security of hashing. In above I said we can crack a hash if we have a per generated hash list . Think there is a web application that uses salting. It saves passwords in following way. Let's imaging user enter 'hacksland' as his password when registering. Now it add a string 'physics' as a salt. Now password string becomes 'hackslandphysics'. Now web app generate md5 hash for this string and save it in it's database. Now whenever user enter his password to login web app add the salt again and generate md5 hash. After it compare this hash with old one which is saved in database.