Let me ask you a question. Do you want to learn about encryption hashing and secure communication? Do you want to understand what I mean when I say SHA256 or MD5? Not only that but do you want to know how all of these fit together as part of an information security plan for any organization. Well, then you’ve come to the right place.
Welcome to Cryptography and if you’ve never heard of this term, be sure to read the whole article and you won’t be disappointed.
Cryptography in its simplest form is the secure communication and Information sharing technique that involves certain mathematical concepts and calculations often known as algorithms, which has one main objective, which is to transfer data(messages, emails, files).
Alright, let’s break it down a little bit.
Whenever someone from someplace wants to send some data(Files, Video, Image, even a small text message saying “Hello” ), Cryptography techniques help to encrypt that data with the help of certain mathematical functions and algorithms. If you think this only applies to a select few people like government agencies trying to protect secrets or malicious hackers using encryption to cover their tracks. You’d be surprised to find out you probably use it every day. The most obvious example is the use of secure sockets layer or SSL and transport layer security.
You’re reading this article on Forensic Yard and any information you enter in this website is encrypted via SSL which is the lock sign you see in the URL box. Guess what? That’s cryptography.
Another example is using a virtual private network or VPN with encryption.You might have heard of the terms Proxy and VPN. The difference between these two is Proxy generally works on standard data transmission without encryption while VPN works on encryption i.e, data is transferred using encryption techniques.
But what really is this fancy term, Encryption? Let’s talk about it.
Encryption is the process that scrambles readable data or text so it can only be read by the person who has the secret key/code, or decryption key.
Encryption is the method of taking plain text, sort of a text message or email, and scrambling it into an unreadable format — referred to as “ciphertext.” This helps protect the confidentiality of digital information either stored on computer systems or transmitted through a network just like the internet.
When the intended recipient accesses the message, the data is translated back to its original form. this is often referred to as decryption.
To unlock the message, both the sender and also the recipient uses a “secret” encryption key — a collection of algorithms that scramble and unscramble data back to a readable format
But Encryption isn’t really that simple. It involves complex mathematical functions and algorithms which makes the process secure.
There are generally two types of Encryption:
- Symmetric encryption uses a single key to encrypt and decrypt data.
- Asymmetric encryption uses two different keys for encryption and decryption. A public key, which is shared publicly, encrypts the data. A private key, which is not shared, decrypts the data.
So this was Encryption. But what about other terminologies and techniques like cipher and hashing?
Let’s start our next discussion with hashing.
Hash algorithms are one way functions that take data and produce a unique hash value. Let’s take a look at how this works. Let’s say you had a file that contained some data and you wanted to send this file to someone else. But you need to find a way to provide some assurance that this file does not get modified along the way and that the other person gets the same information on the other end. One way you could do this is to use a hashing algorithm.
The way a hashing algorithm works is that you take the file, run it through the one way hash, and it returns a value of a specific link depending upon the algorithm. This value is unique and based upon the data or file you supplied to the algorithm. The most important aspect of this process is that this value will be the same for this file every time it is run through that algorithm. So to provide that assurance to both you and the intended recipient, you would run the file through the hashing algorithm and generate a hash value. Then you would send the file to the intended recipient along with the hash value generated. The recipient would then run the received file through the same algorithm and compare the results to the value you sent. If the value matches, it proves that the file was unmodified in transit.
This property of hashing algorithms makes them useful in a wide variety of applications from file downloads and transfers to digital signatures and even digital forensics. There are many online hashing tools available, which can be used to generate hashes of different files and data.
Another technique we’ll look at is the concept of salting. The application I would use in this example is how salting can protect passwords. Let’s say you had a Web site and wanted to provide customers with the ability to log in using a username and password, but needed some method to protect that information in storage. Well, salting expands upon the one-way hash that allows you to generate a unique value that cannot be reversed without also knowing the salt value.
Here’s how it works. You would start with the password you want to protect you then use the system to generate unique additional value to add to your password and called assault. These combined values are then run through a one-way hash to produce a hash value that can be stored in a password database. This provides stronger protection against attacks called dictionary attacks. In a dictionary attack, a hacker uses a long list of possible password values that can be hashed to compare against a compromised username and password list. Salting provides better protection because instead of competing possible hash values on the passwords alone, a hacker would also have to add in possible assault used to each password.
So finally we can get to the main player in this category, The Cipher.
Cipher, a cipher is a system used to create an encoded or secret message. This term can easily be confused with the term key, which we will discuss in a minute as we go over this.Keep in mind that a cipher is a system. The distinction will make more sense as we move on. In order to explain how safe it works, I’m going to give you a little history lesson of this Caesar safer to answer your first question. Yes, this cipher is named after Caesar because cryptography has been around for a long time to begin.
Let’s say you and another person, we’re looking to exchange letters that contained important personal information. Everything seems fine with this as it is. But what if someone else were to intercept that letter in transit? If the message is not protected, they would be able to read any important personal information that contained for Caesar, this included orders to his generals. So how did he protect the message? Well, that’s where the Caesar cipher comes in. The original message has not yet been encrypted. We call that plain text for this example. We’ll use the word “message” as our plain text. The Caesar shift is a shift cipher, meaning that each letter of the alphabet used in the message gets shifted, a certain number that’s agreed upon by both sides.
For example, if you wanted to use a shift of one, then A would become B, B would become C and so on. Each letter gets shifted by one. For this example, we’re going to use a shift of six. This gives us our key, which is A equals G.
Now remember I said I would clear up the difference between a cipher and a key. Well, here it is. Remember, the cipher is the system we use to encode the message. In this case, the shift which is the key gives us the information. We need to perform that action on this message. So once we take our key and use the cipher to encode the plain text message, we get ciphertext, which is this jumble of letters down here. Now back to our scenario. We have a plain text message and we are worried that it might be intercepted. When we send it. So in order to protect this message in transit, we’re going to run it through our shift cipher and shift six using our key A equals G, which will give us our cipher text.
Now, when we send the message, we are not worried about it being intercepted because it will be unreadable without the key. Since both of us know the key, we can encrypt and decrypt messages and protect our communication. You may notice that we don’t use this method for encryption anymore and with good reason it is easy to crack. If you’re shifting all the letters, there are only 26 possible shifts you could make. A human could simply crack this in less than an hour and a computer could crack it in less than a second.
So with this I conclude this article on Cryptography. Hope you’ve enjoyed it!