Cryptography Fundamentals
Cryptography is the engine behind every “lock” on the internet - HTTPS, SSH, VPNs, signed software. This note builds the mental model from first principles, then gets practical.
Core Vocabulary
Section titled “Core Vocabulary”| Term | Definition |
|---|---|
| Cryptography | The practice of coding messages to hide them from third parties |
| Encryption | Applying a cipher to plaintext → ciphertext |
| Decryption | Reversing ciphertext → plaintext using a key |
| Cipher | Algorithm + key; algorithm is the process, key is the unique secret |
| Plaintext | Unencrypted readable data |
| Ciphertext | Encrypted unreadable data |
| Cryptanalysis | The study of breaking cryptosystems |
| Steganography | Hiding data inside innocuous-looking data (images, audio) - concealment, not encryption |
| Kerckhoff’s Principle | A system should be secure even if everything except the key is public knowledge |
Symmetric Encryption
Section titled “Symmetric Encryption”One key encrypts and decrypts. Both parties must share the key through a secure channel first.
Plaintext ──[KEY]──→ Ciphertext ──[same KEY]──→ PlaintextStream vs Block Ciphers
Section titled “Stream vs Block Ciphers”Ciphers├── Stream ciphers│ ├── Encrypt one bit/byte at a time│ ├── Fast - ideal for real-time use (VoIP, VPNs)│ └── Vulnerable if key stream is reused → use IV (Initialization Vector)│└── Block ciphers ├── Encrypt data in fixed-size blocks (e.g., 128 bits) ├── Same key applied based on the cipher mode └── More common for data-at-rest and structured dataBlock Cipher Modes
Section titled “Block Cipher Modes”The mode controls how blocks are chained together - critical to security:
| Mode | How it works | Risk |
|---|---|---|
| ECB (Electronic Code Book) | Each block encrypted independently with the same key | Identical plaintext blocks → identical ciphertext blocks (pattern leak) |
| CBC (Cipher Block Chaining) | XOR each block with previous ciphertext before encrypting | Parallelism impossible; IV needed for first block |
| CTR (Counter) | Encrypts a counter value, XORs with plaintext (turns block into stream) | Must never reuse counter+key pair |
| GCM (Galois/Counter Mode) | CTR + authentication tag (AEAD) | Nonce reuse is catastrophic |
Symmetric Algorithm Comparison
Section titled “Symmetric Algorithm Comparison”| Algorithm | Key Size | Block Size | Status |
|---|---|---|---|
| DES | 56-bit (effective) | 64-bit | Broken - brute-forceable since 1998 |
| 3DES | 112/168-bit | 64-bit | Deprecated; slow |
| AES-128 | 128-bit | 128-bit | Secure; standard |
| AES-256 | 256-bit | 128-bit | Secure; preferred for sensitive data |
| ChaCha20 | 256-bit | Stream | Fast on devices without AES hardware |
| RC4 | 40–2048-bit | Stream | Broken; never use |
Asymmetric Encryption (Public-Key Cryptography)
Section titled “Asymmetric Encryption (Public-Key Cryptography)”Two mathematically linked keys: a public key (share freely) and a private key (never share).
ENCRYPTION DECRYPTIONPlaintext ──[Bob's PUBLIC key]──→ Ciphertext ──[Bob's PRIVATE key]──→ Plaintext
SIGNING VERIFICATIONMessage ──[Alice's PRIVATE key]──→ Signature ──[Alice's PUBLIC key]──→ Valid/InvalidWhat Asymmetric Gives You
Section titled “What Asymmetric Gives You”| Property | Mechanism |
|---|---|
| Confidentiality | Encrypt with recipient’s public key; only their private key decrypts |
| Authenticity | Sign with sender’s private key; anyone with public key can verify |
| Non-repudiation | Only private key holder can produce that signature → can’t deny it |
| Integrity | Signature changes if message is tampered with |
Key Algorithms
Section titled “Key Algorithms”RSA (Rivest-Shamir-Adleman)
- Security relies on the difficulty of factoring the product of two large primes
- Used for: key exchange, encryption, digital signatures
- Recommended minimum key size: 2048-bit (4096-bit for long-lived keys)
- Vulnerabilities: side-channel attacks, weak prime generation, small key sizes
DSA (Digital Signature Algorithm)
- Designed for signing only (not encryption)
- Security depends on a random seed value - if the seed is predictable, the private key is recoverable
- Example: Sony PlayStation 3 (2010) - same nonce used twice → private key extracted
Diffie-Hellman (DH) Key Exchange
- Allows two parties to establish a shared secret over a public channel without ever transmitting the secret
- Not for encrypting data - for agreeing on a symmetric key
DH mental model ("colour mixing" analogy):
1. Alice and Bob agree on a public colour: YELLOW2. Alice picks secret: RED → mixes → ORANGE → sends to Bob Bob picks secret: BLUE → mixes → GREEN → sends to Alice3. Alice: GREEN + RED = BROWN (shared secret) Bob: ORANGE + BLUE = BROWN (same shared secret) Eavesdropper sees: YELLOW, ORANGE, GREEN - can't reverse to get secretsElliptic Curve Cryptography (ECC)
- Uses algebraic structure of elliptic curves over finite fields
- Same security as RSA with much smaller keys: ECC-256 ≈ RSA-3072 in strength
- Variants: ECDH (key exchange), ECDSA (signing)
- Used in: TLS 1.3, SSH, Bitcoin, modern code signing
| Algorithm | Key Size for ~128-bit security |
|---|---|
| RSA | 3072-bit |
| DH | 3072-bit |
| ECC | 256-bit |
| AES | 128-bit |
The hybrid model (how TLS actually works):
1. Asymmetric crypto (ECDH) → agree on a shared session key2. Symmetric crypto (AES-GCM) → encrypt all data with that session keyAsymmetric is used only for key exchange (slow but safe); symmetric handles the data (fast).
Hashing
Section titled “Hashing”A hash function maps arbitrary-length input to a fixed-size output (digest). It is one-way - you cannot reverse a hash to get the original input.
"password123" ──[SHA-256]──→ ef92b778bafe771... (64 hex chars = 256 bits)"password124" ──[SHA-256]──→ 0b14d501a5944a7... (completely different)Required Properties of a Cryptographic Hash
Section titled “Required Properties of a Cryptographic Hash”| Property | Meaning |
|---|---|
| Deterministic | Same input always produces same output |
| Fast to compute | Efficient forward direction |
| Pre-image resistant | Can’t reverse hash → original input |
| Second pre-image resistant | Can’t find different input with same hash |
| Collision resistant | Computationally infeasible to find two inputs that hash to same value |
| Avalanche effect | Tiny input change → wildly different output |
Hash Algorithm Status
Section titled “Hash Algorithm Status”| Algorithm | Digest Size | Status |
|---|---|---|
| MD5 | 128-bit | Broken - collisions trivially generated |
| SHA-1 | 160-bit | Broken - collision demonstrated in 2017 (SHAttered) |
| SHA-256 | 256-bit | Secure - current standard |
| SHA-3 (Keccak) | 256/512-bit | Secure - different design from SHA-2, diversifies risk |
| BLAKE3 | 256-bit | Secure + very fast - emerging choice |
# Compute SHA-256 of a filesha256sum /path/to/file.iso
# Compute MD5 (only for checksums, NOT for security)md5sum /path/to/file
# Verify downloaded file integrityecho "expected_hash filename" | sha256sum --checkPractical Uses of Hashing
Section titled “Practical Uses of Hashing”Password storage - never store plaintext passwords:
User sets password: "hunter2"System stores: sha256("hunter2" + salt) = 3d70e47...At login: hash entered password + same salt → compareFile integrity - verify a download hasn’t been tampered with:
# Download file + check against published SHA-256curl -O https://example.com/ubuntu.isoecho "published_hash ubuntu.iso" | sha256sum -cGit object storage - every commit, tree, and blob is identified by its SHA-1 (→ SHA-256 in progress) hash.
Password Salting & Defense
Section titled “Password Salting & Defense”Why Salting is Essential
Section titled “Why Salting is Essential”Without salts, two users with the same password get the same hash → one lookup table (rainbow table) cracks everyone.
Without salt: user1: sha256("password") = 5e884898... user2: sha256("password") = 5e884898... ← identical! one table cracks both
With salt (random per user): user1: sha256("password" + "a7f3x2") = 9b2c4e1... ← unique user2: sha256("password" + "k9m1p8") = 4d7a3c2... ← uniqueModern Password Hashing
Section titled “Modern Password Hashing”Use a deliberately slow KDF (Key Derivation Function), not a raw hash:
| KDF | Why it’s used |
|---|---|
| bcrypt | Built-in salt, tunable cost factor |
| scrypt | Memory-hard (resists GPU/ASIC attacks) |
| Argon2id | 2015 Password Hashing Competition winner; recommended default |
| PBKDF2 | Widely supported; weaker than Argon2 but FIPS-approved |
# Generate an Argon2id hash (Linux, requires argon2 package)echo -n "mypassword" | argon2 "random_salt" -id -t 3 -m 16 -p 4Message Authentication Codes (MACs)
Section titled “Message Authentication Codes (MACs)”A MAC uses a shared secret key to produce a tag that proves:
- The message came from someone with the key (authenticity)
- The message was not modified (integrity)
Sender: MAC = HMAC(key, message) → sends (message + MAC)Receiver: recompute MAC using same key + received message if computed MAC == received MAC → authentic and intactMAC Algorithms
Section titled “MAC Algorithms”| Type | Algorithm | Mechanism |
|---|---|---|
| HMAC | HMAC-SHA256, HMAC-SHA3-256 | Hash function + secret key (most common) |
| CMAC | AES-CMAC | Block cipher (AES) in CBC mode as MAC |
| GMAC | Part of AES-GCM | GCM authentication tag (integrated with encryption) |
MAC vs Hash vs Digital Signature
Section titled “MAC vs Hash vs Digital Signature”| Property | Hash | MAC | Digital Signature |
|---|---|---|---|
| Requires key | No | Yes (shared) | Yes (private key) |
| Provides integrity | Yes | Yes | Yes |
| Provides authenticity | No | Yes (to key holders) | Yes (to anyone) |
| Non-repudiation | No | No | Yes |
| Example | SHA-256 | HMAC-SHA256 | RSA-SHA256, ECDSA |