Cryptography
The art and science behind security principles
đ Hi, this is Akash with this weekâs newsletter. I write about security engineering to help you get into the world's best security teams. Thank you for your readership.
This week, Iâm sharing everything you need to know about Cryptography in your interviews. I hope itâs helpful; enjoy!
The power of cryptography is boundless.
It has won the war for the Allied forces during World War II.
Famous scientist, Alan Turing, is not only famous for the âTuring machineâ but also for breaking âEnigmaâ.
This allowed capturing encrypted German messages and thwarting U-boat attacks on convoys.
Turing built a machine to break the code. The making and breaking of this code are called âCryptographyâ.
Today, letâs explore the fundamentals of âCryptographyâ.
đ The Concept
Oxford defines Cryptography as âthe art of writing or solving codesâ.
Simply put, itâs all about figuring out how to code a message to protect its security properties.
A cryptography framework offers multiple security features -Â
Confidentiality: Encryption protects information from being accessed by unauthorized individuals
Integrity: Digitally signed messages canât be modified in transit without detection
Nonrepudiation: The sender of an encrypted message canât deny they sent it
Beyond this, cryptography is used in authentication, access control, and other security applications.
At the center, itâs an algorithm used in different ways. Letâs explore this algorithm at a conceptual level.
đ”ïž Cryptographic Algorithms
Cryptography is mathematics. If Iâm being honest thatâs what got me into this field.
To understand crypto, letâs break down what weâre trying to accomplish.
Nomenclature:
M = plaintext/message
C = ciphertext
K = key
f = cryptographic function
Then,
C = f(M, K)
The algorithm (A) converts M (message) to C (cipher) using a key (K).
Depending upon the usage, we can categorize it broadly into three categories:
1/ Encryption
The goal is to protect a message's confidentiality. Here, an algorithm takes a key shared between parties and encrypts the message. The recipient later uses the appropriate key to decrypt and retrieve the original text (read more on encryption in this article).
2/ Digital Signature
The goal is to ensure the authenticity of a message. After publishing, a newspaper editor would want to ensure the article stays unaltered. Readers would like to verify what theyâre reading is the original article. A digital signature uses encryption-like algorithms to protect the integrity of a message.
Digital signature algorithms rely on public key cryptography. Here, the source of the information signs the message with their private key. Any consumer can verify the signature by using the publisherâs public key.
3/ Hash Functions
Unlike other cryptographic functions, hash is one-way. It takes an input of variable size and outputs a fixed-length string.
Hash is also called digest, think of it as representing information in a minimized format.
Here are a few things to remember about hashing:
The core idea behind hashing is efficiency, it needs to be easy to compute
Given a message (m) and hash (h), it should be very hard to find another message (mâ) that has the same hash (h)
Given a hash (h), it should be impossible to find the message (m)
These topics are huge, we will cover them in detail in a future post.
đ Real-World Walkthrough
We discussed encryption, digital signature, and hash as concepts. Letâs solidify our understanding by applying these concepts to the real world.
Imagine your interviews for your dream security role have gone well. You got an offer letter from the company. It arrived in your mailbox. The recruiter is asking you to sign it electronically. We will break down whatâs happening.
As the offer letter arrived in your mailbox, it was encrypted. You donât want to share it with the world, do you?
What happens if you sign in and later deny signing it? In security, this is known as repudiation.
When you sign an offer, you use your private key to encrypt the hash of the offer letter and attach it to the document.
Woah, a lot happened there.
Letâs hear from you about why we would want to do that. Why not sign the content directly?
Share your thought process in the comment!
đŠâđ„ Interview Questions
What are the differences between Encryption and Digital Signature?
What is hashing? Why do we use hashing?
What is a âMessage Authentication Codeâ?
đ đŹ Get In Touch
Want to chat? Find me on LinkedIn.
If you want me to cover a particular topic in security, you can reach out directly on akash@chromium.org.Â
If you enjoyed this content, please đ share it with friends and consider đ subscribing if you havenât already. Your đ response really motivates me to keep going.