👋 Hi, this is Akash with this week’s newsletter. I write about security engineering to help you get into the world's best security teams. Thank you for your readership.
This week, I’m sharing everything you need to know about Cryptography in your interviews. I hope it’s helpful; enjoy!
The power of cryptography is boundless.
It has won the war for the Allied forces during World War II.
Famous scientist, Alan Turing, is not only famous for the “Turing machine” but also for breaking “Enigma”.
This allowed capturing encrypted German messages and thwarting U-boat attacks on convoys.
Turing built a machine to break the code. The making and breaking of this code are called “Cryptography”.
Today, let’s explore the fundamentals of “Cryptography”.
📖 The Concept
Oxford defines Cryptography as “the art of writing or solving codes”.
Simply put, it’s all about figuring out how to code a message to protect its security properties.
A cryptography framework offers multiple security features -
Confidentiality: Encryption protects information from being accessed by unauthorized individuals
Integrity: Digitally signed messages can’t be modified in transit without detection
Nonrepudiation: The sender of an encrypted message can’t deny they sent it
Beyond this, cryptography is used in authentication, access control, and other security applications.
At the center, it’s an algorithm used in different ways. Let’s explore this algorithm at a conceptual level.
🕵️ Cryptographic Algorithms
Cryptography is mathematics. If I’m being honest that’s what got me into this field.
To understand crypto, let’s break down what we’re trying to accomplish.
Nomenclature:
M = plaintext/message
C = ciphertext
K = key
f = cryptographic function
Then,
C = f(M, K)
The algorithm (A) converts M (message) to C (cipher) using a key (K).
Depending upon the usage, we can categorize it broadly into three categories:
1/ Encryption
The goal is to protect a message's confidentiality. Here, an algorithm takes a key shared between parties and encrypts the message. The recipient later uses the appropriate key to decrypt and retrieve the original text (read more on encryption in this article).
2/ Digital Signature
The goal is to ensure the authenticity of a message. After publishing, a newspaper editor would want to ensure the article stays unaltered. Readers would like to verify what they’re reading is the original article. A digital signature uses encryption-like algorithms to protect the integrity of a message.
Digital signature algorithms rely on public key cryptography. Here, the source of the information signs the message with their private key. Any consumer can verify the signature by using the publisher’s public key.
3/ Hash Functions
Unlike other cryptographic functions, hash is one-way. It takes an input of variable size and outputs a fixed-length string.
Hash is also called digest, think of it as representing information in a minimized format.
Here are a few things to remember about hashing:
The core idea behind hashing is efficiency, it needs to be easy to compute
Given a message (m) and hash (h), it should be very hard to find another message (m’) that has the same hash (h)
Given a hash (h), it should be impossible to find the message (m)
These topics are huge, we will cover them in detail in a future post.
🌎 Real-World Walkthrough
We discussed encryption, digital signature, and hash as concepts. Let’s solidify our understanding by applying these concepts to the real world.
Imagine your interviews for your dream security role have gone well. You got an offer letter from the company. It arrived in your mailbox. The recruiter is asking you to sign it electronically. We will break down what’s happening.
As the offer letter arrived in your mailbox, it was encrypted. You don’t want to share it with the world, do you?
What happens if you sign in and later deny signing it? In security, this is known as repudiation.
When you sign an offer, you use your private key to encrypt the hash of the offer letter and attach it to the document.
Woah, a lot happened there.
Let’s hear from you about why we would want to do that. Why not sign the content directly?
Share your thought process in the comment!
🐦🔥 Interview Questions
What are the differences between Encryption and Digital Signature?
What is hashing? Why do we use hashing?
What is a “Message Authentication Code”?
👋 💬 Get In Touch
Want to chat? Find me on LinkedIn.
If you want me to cover a particular topic in security, you can reach out directly on akash@chromium.org.
If you enjoyed this content, please 🔁 share it with friends and consider 🔔 subscribing if you haven’t already. Your 💙 response really motivates me to keep going.