Cryptography: Concepts and Systems
Cryptographic Analogies
Secret Code: Represents a Symmetric Encryption Cipher and Key.
Lock: Represents a Public Key.
Lock’s Key: Represents a Private Key.
Video Resources
Fundamentals of Cryptography
PCI DSS Compliance
When handling credit card data, companies must enforce the Payment Card Industry Data Security Standard (PCI DSS). This ensures a minimum security level to:
Store data
Process data
Transmit data related to credit cards
Large organizations must ensure data is encrypted both at rest (stored) and in motion (being transmitted).
Key Terms
Plaintext: The original, readable message (document, image, or binary data).
Ciphertext: The scrambled, unreadable version after encryption.
Cipher: The algorithm or mathematical method used to convert plaintext to ciphertext.
Key: A string of bits used by the cipher. In asymmetric systems, the public key is known, but the private key remains secret.
Encryption: The process of converting plaintext to ciphertext using a cipher and key.
Decryption: The reverse process; recovering plaintext without the key should be mathematically infeasible.
Types of Ciphers & Encryption
Caesar Cipher
A simple historical "substitution" cipher that shifts letters by a fixed number.
Example: With a right shift of 3, "TRYHACKME" becomes "WUBKDFNPH."
Weakness: It is trivial to break because there are only 25 possible keys.
Symmetric Encryption
Uses the same key for both encryption and decryption.
DES (Data Encryption Standard): Adopted in 1977; now insecure (broken in <24 hours in 1999).
3DES (Triple DES): Applies DES three times. Deprecated in 2019.
AES (Advanced Encryption Standard): The current standard (adopted 2001). Uses keys of 128, 192, or 256 bits.
Asymmetric Encryption
Uses a pair of keys: a Public Key (for encryption) and a Private Key (for decryption). It is often referred to as Public Key Cryptography.
Key Exchange & Protocols
RSA (Rivest-Shamir-Adleman)
Based on the mathematical difficulty of factoring large prime numbers.
Key Generation: Creating the Public and Private pair.
Encryption: Sender uses the recipient's Public Key.
Decryption: Recipient uses their own Private Key.
Diffie-Hellman
Allows two parties to establish a shared secret key over an insecure channel without ever sending the key itself.
Process: Both parties agree on public parameters, exchange generated public values, and mathematically arrive at the same shared secret.
SSH (Secure Shell)
A protocol for operating network services securely.
Uses asymmetric cryptography to authenticate users via "Key Pairs" instead of passwords.
Common Key Types: RSA, ECDSA, and Ed25519 (popular for high security and fast performance).
SSL/TLS Certificates
Used to verify identity and establish encrypted connections (HTTPS).
Certificate Authority (CA): Validates domain ownership and issues certificates to businesses.
PGP and GPG
PGP (Pretty Good Privacy): A standard for email encryption; currently owned by Broadcom.
GPG (GNU Privacy Guard): A free, open-source version of PGP that supports versatile key management and S/MIME.
XOR Cryptography
XOR (Exclusive OR) is a logical operation used as a building block in complex ciphers.
The XOR Rule:
0 ⊕ 0 = 0
1 ⊕ 1 = 0
0 ⊕ 1 = 1
1 ⊕ 0 = 1 (The output is 1 only when the bits differ.)
Why XOR is Essential:
Reversibility: If you XOR the ciphertext with the key again, you get the original plaintext.
Speed: It is a lightweight machine instruction, making it very fast.
Usage: Found in the One-Time Pad (OTP), Stream Ciphers (Salsa20), and Block Ciphers (AES).
Python Example: XOR Implementation
import os
def xor_encrypt_decrypt(data: bytes, key: bytes) -> bytes:
"""Encrypt or decrypt data using XOR with the given key."""
return bytes([d ^ key[i % len(key)] for i, d in enumerate(data)])
# Generate a random 16-byte key and encrypt
key = os.urandom(16)
message = b"Secret Message"
ciphertext = xor_encrypt_decrypt(message, key)