Ease Me Into Cryptography Part 4: TLS – Applied Cryptographic Foundations

EH-Net - Daw - Ease Me Into Cryptography Part 4: TLSYou made it to part 4! Here’s a quick overview of what we have broken down so far. We started with some basic vocabulary for cryptographic building blocks and talked about hash functions in Part 1, were introduced to symmetric ciphers, keys, and leakage in Part 2, and dove into asymmetric ciphers in Part 3. We’ve covered a lot, and we aren’t quite done! In this section we are going to take the foundations we have learned and apply them in a TLS deep dive.

As with each of the chunks of this series, we are going to break things down one step at a time, just like the subreddit “Explain Like I’m Five” does! Let’s start with some key terms:

  • TLS stands for Transport Layer Security. This is a protocol used for secure communication on the Internet.
  • The TLS Handshake is the series of steps that occur at the beginning of a TLS session to negotiate a shared key.
  • A digital certificate (or just certificate) is a document used to prove the identity of parties on the Internet.
  • A cipher suite is a combination of algorithms to be used in concert while utilizing the TLS protocol. It defines the algorithms to be used in different steps of the protocol.

We will use these terms in context, so as usual don’t worry about memorizing! They will become familiar as we continue to revisit them. So first…

What is TLS?

TLS stands for Transport Layer Security, and it is a protocol that allows two parties to communicate over a network in a secure fashion. It will be a great reinforcement of the foundations introduced up to this point, because it employs a few different cryptographic techniques. We are going to talk specifically about how TLS leverages the cryptographic foundations (Read more...)

*** This is a Security Bloggers Network syndicated blog from The Ethical Hacker Network authored by Ellie Daw. Read the original post at:

Integrated Security Data PulseMeter

Step 1 of 7

What percentage of your organization’s security data is integrated into a SIEM or data repository you manage? (Select one)(Required)