Cryptography fundamentals for hackers
What is cryptography?
Cryptography literally means “secret writing.” It’s the science of protecting sensitive data from being read (or modified) by unauthorized parties such as eavesdroppers, wiretappers and so on.
While ancient encryption algorithms have largely been broken, modern cryptography is based on strong mathematical principles and has been subjected to intensive study by professional cryptographers. As a result, cryptography, when used correctly, can be an effective defense for data privacy. However, even a small mistake in design or implementation can give an ethical hacker the necessary opening to break open the encryption and read the encrypted data.
Fundamentals of cryptography
Before diving into the details of how cryptography works, it’s important to understand the terminology. Technically, cryptography (creation of codes) is a subfield of cryptology (the study of codes), but both terms are often used interchangeably. The other subfield of cryptology, cryptanalysis, focuses on trying to break encryption algorithms.
Every good encryption algorithm has at least three main components: the plaintext, the ciphertext and the secret key.
The plaintext is the message that will be protected by the encryption algorithm. While this message is often the secret that a hacker is trying to steal, it may also be under the control of the hacker. Most encryption algorithms are protected against known plaintext attacks, where the attacker knows the plaintext and is trying to learn the secret key.
The ciphertext is the result of encrypting the plaintext with a secret key. A ciphertext should be essentially indistinguishable from a random number. This is accomplished by creating encryption algorithms with high confusion (making each bit of ciphertext dependent on several bits of the secret key) and diffusion (ensuring that flipping one bit of the plaintext flips an average of half of the bits of the ciphertext).
The secret key (Read more...)
*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Howard Poston. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/BWbHlBbmnTM/
