Mar 12, 2022

Basic cryptography terms for beginners

Hi guys, I thought to start a tutorial serious on cryptography. Because it's an essential subject to learn. So in this document, I'll cover some basic terms in cryptography. The scope of this document is not to explain those terms deeply. Let's get a quick idea about them. In future tutorials, we are going to learn them one by one.

Plain text/Clear text.

The name says it's all. Actually, this is the form normally see data. Or we can call them nonencrypted data. If someone has could manage to access data he can directly read and understand them even a malicious user can read those data. Actually, this is the place we want cryptography.

Ciphertext.

When we apply cryptography methods to data we get a ciphertext as the output. In many times the cipher's text will be totally unreadable.

Algorithm

In the above, I said that we use a cryptography method to transform the clear text into a cipher. Actually what we use is an algorithm. The algorithm is a mathematical formula that does some operations and outputs a string. Usually, these algorithms use mathematical concepts like calculus, probability, complex numbers, permutations, etc. We'll talk more about these in future tutorials.

Key

This is something we use as a key. :-). When we encrypt data we use a key. So if we want to decrypt them we need the same key. Actually, the same key is not used in every form of cryptography. In some times we use a pair of public keys and a private key. I'll explain those in deeply later.

Cracking encryption

We saw that if we want to access original data (Get clear text from cipher) we need the key. But there are some ways to crack the encryption. This is totally dependent on the algorithm and the key which is used to encrypt.

Hashing

Hashing is a special thing in this subject. What happens here is to take a string as input and generate a unique string. That unique string is something that is called a hash. This output hash has a unique length. There are many hashing algorithms like MD5, SHA, etc. Theoretically, it's impossible to get the original string from a hash. So what's the usage of hashing if we can't get original data again? Think there is a web application that uses salting. It saves passwords in the following way. Let's imagine the user enters 'hacksland' as his password when registering. Now it adds a string 'physics' as a salt. Now password string becomes 'hackslandphysics'. Now web app generates MD5 hash for this string and saves it in its database. Now whenever the user enters his password to log in web app add the salt again and generate a MD5 hash. After it compares this hash with an old one which is saved in the database.

Cracking hashes

I mentioned that it is impossible to retrieve original data from a hash. So what does mean by crack hashes? Don't misunderstand that cracking is not something like decrypting a cipher. What we do here is compare a hash with pre-generated hashes. Think this way. We have a list of common passwords. We generate the unique hash for every password. Also, we have a map between every password and its hash. Now when we want to crack a hash we compare it with our hash list. Of one of the hash matches, we can find the password.

Salting

Salting is a method that is used to increase the security of hashing. In the above I said we can crack a hash if we have a pre-generated hash list. Think there is a web application that uses salting. It saves passwords in the following way. Let's imagine the user entering 'hacksland' as his password when registering. Now it adds a string 'physics' as a salt. Now password string becomes 'hackslandphysics'. Now web app generates MD5 hash for this string and save it in its database. Now, whenever the user enters his password to log in web app add the salt again and generate MD5 hash. After it compares this hash with the old one which is saved in the database.

Mar 13
Reverse TCP shell with Metasploit

Metasploit is an awesome tool. It can be used to automate the exploitation process, generate....

Mar 12
Remote Command Execution

In this. article we are going to see another interesting topic in web application hacking. This is....

Jun 06
Best programming languages for hackers

Do you want to learn hacking? That's great, it is an awesome topic to learn. Some of you may....

Replying to 's comment Cancel reply
ABOUT AUTHOR
Thilan Danushka Dissanayaka

Thilan Dissanayaka

Hi, I'm Thilan from Srilanka. An undergraduate Engineering student of University of Ruhuna. I love to explorer things about CS, Hacking, Reverse engineering etc.

CATEGORIES
SOCIAL
RANDOM ARTICLES