Cryptography
i will start with a simple definition, its basically the art of hiding the meaning of a text. you give it a text, it gives you an incomprehensible text.
lets try to learn with an scenario :
Bob and Alice needs to share confidential information via email, only them can read it.
Bob decides to employ cryptography, encrypting the message plaintext into an unreadable gibberish ciphertext using a cipher and a secret key. Alice, possessing the key, decrypts the ciphertext back into readable text. This process ensures that only Bob and Alice can access the true content of their communications, making the message meaningless to anyone without the key or cipher knowledge. ok
the cipher? so should wee protect the algorithm too? nope you dont, cryptographic algorithms are mostly public to use. The real security lies in the key; it’s this that needs safeguarding, not the algorithm itself. its one of the aspects of the key.
But what if someone attempts to brute-force the key? exactly, protecting the key is not only hiding it from adversaries but also creating a strong key. strong? a long key. here i can talk to you about keyspace, how much keys is possible in a possible bucket of keys? the bigger the space the harder to bruteforce it.
So, you might think, “Cool, let’s just pick the biggest key pool and call it a day.” Hold up, not so fast. Yeah, a ginormous keyspace sounds awesome, but your computer’s gotta be able to handle it. Bigger keys mean your computer’s gotta work overtime on the encrypting and decrypting, which could slow things down. So, yeah, you wanna keep things Fort Knox-level secure, but also make sure your computer can keep up without throwing a fit. It’s all about striking that sweet spot between keeping things locked down and not making your computer wheeze.
today there is three ways of cryptography that can be used, also called as cryptosystems.
Symmetric, Asymmetric and Hash
symmetric (called also “secret key” encryption)
in symmetric encryption, both alice and bob shares the same key, which can encrypt and decrypt information. and as the name suggests, this key must remain secret.
its a good cryptosystem, until its shared by many. becomes a single point of failure, one user compromised and its done. also how to share? you cant just share it remotely in unsecure channel, its like pouring water on a duck’s back.
example : AES, Blowfish and IDEA.
Asymmetric (called also “public key” encryption)
Asymmetric encryption uses a pair of keys, in this system one key is for encryption and one is for decryption. they have no information about each other which makes possible for using one as public (public key) and one private (private key).