I’ve decided to do a little talk on cryptography today as it forms the basis for many emerging technologies in the IT space. It’s also the reason why we can communicate and make transactions securely on the internet.
The term cryptography has been in existence for decades now and many of us have come across it or have used it at various instances without fully understanding it. If you’re one of those people or just someone looking to get more knowledge for a project, assignment or just for the purpose of information gathering, this post is for you.
Alright, enough jibi jaba, let’s get down to business.
What is Cryptography?
The word Cryptography comes from 2 greek words; “Krytos” and “graphien”. Krytos means “hidden” or “secret” and “graphien” “the science of” or “the study of techniques”. So simply put, Cryptography is the study of techniques for secret communication or the science that is concerned with secret communication. The word secret is very important because it refers to confidentiality which is a key component of information security as a whole. Ok, let’s take a quick detour.
There are three components of information security, i.e for a system to be classified as being secure, these 3 things must be in place;
- Confidentiality – meaning the information being sent through the system must be restricted to only the parties involved in the communication and no other entity.
- Integrity – the information being sent through the system must not be tampered with i.e. the same information sent must be the same information received.
- Availability – the information must be available at all times when it’s needed.
Alright we’re back. From the 3 concepts explained above, you can now see how cryptography plays an important role in ensuring that information systems are secured. The whole aim of implementing cryptography and other measures as regarding digital information is to achieve the 3 concepts stated above.
I like to think of cryptography as a box that contains so many components. Each of those components, too, contain their own components and those other components their own components and on and on. So, let’s think of cryptography as a big box which contains various tools which are used in achieving information security (As explained above, we already know what it takes for a system to be secure).
As we go on, we’ll discuss some of these tools or as I like to call them, components of cryptography.
One of these components is encryption.
Contrary to what many people think, encryption is not exactly the same thing as cryptography. Many use the two interchangeably but they’re not exactly the same. Encryption is a technique used in cryptography in which a message written in human readable form called “plain text” is converted to apparent nonsense (at least to humans) called a “cipher text” using something called a key.
Remember we said cryptography is a study of techniques used for secret communication. Well, yeah, encryption is one of those techniques; so it’s not actually equal to cryptography, it’s just a component of it. We’ll take a deeper look at it later on.
Another component of cryptography is something called hashing. Yeah, hashing. What is hashing?
Hashing, too, like encryption transforms plain text into cipher text but the difference is; while in encryption you can convert your cipher text back to your plain text (i.e. your original message) through a process called decryption, in hashing, the original message can’t be gotten back. It is used in systems where the original message doesn’t need to be decoded e.g. password authentication.
For example, when a user creates a new user account with their password, the password is hashed and stored in a database. Whenever such a user attempts to login, they enter the password. The password is then hashed and checked against the password that’s already stored in the database. If they match, authentication is completed, if not, access is denied.
So really, it’s just a process of comparing two password hashes to see if they match. This works fine because a piece of plain-text when hashed would always produce the same corresponding cipher text. Examples of hash algorithms include the MD4 and MD5 hash algorithm, the SHA0, SHA1 and SHA2.
Now let’s a deeper look at encryption. We shall discuss concepts such as symmetric encryption, asymmetric encryption otherwise called public key encryption and the AES encryption algorithm.
What is encryption?
Encryption is a component of cryptography that involves encoding a message or information in such a way that only certain (authorized) parties can have access to it and those who are not authorized cannot.
Encryption does not prevent interception of messages. It denies the intelligible content to interceptors. In an encryption scheme, the intended information or message, referred to as plaintext, is encrypted using an encryption algorithm consisting of a key to generate a cipher text that can be read only if decrypted.
Key ciphers can be classified into two, namely:
- Block cipher
- Stream cipher
Block ciphers encrypt input (plain text) in blocks i.e they break plain text into blocks of a particular length and encrypt one block at a time.
Stream ciphers encrypt input as individual characters i.e they encrypt one character after the other.
There are two types of encryption. Symmetric encryption and asymmetric encryption.
Symmetric/private key encryption.
Symmetric key encryption involves the use of one key for both encryption and decryption. The sender encrypts the message into a cipher text using a particular key and it is decrypted by the recipient back to its original form using the same key. Some symmetric encryption algorithms include the Data Encryption Standard (DES), it’s successor, Advanced Encryption Standard (AES).
Symmetric-key cryptosystems use the same key for encryption and decryption of a message, though a message or group of messages may have a different key than others.
A significant disadvantage of symmetric ciphers is the key management necessary to use them securely. Each distinct pair of communicating parties must, ideally, share a different key, and perhaps each cipher text exchanged as well. The number of keys required increases as the square of the number of network members, which very quickly requires complex key management schemes to keep them all consistent and secret.
Asymmetric/public key encryption.
Asymmetric encryption involves the use of different keys in its operation, one key called a public key is used to encrypt messages then sent, the recipient then uses a corresponding private key to decrypt the message.
A public key system is so constructed that calculation of one key (the ‘private key’) is computationally infeasible from the other (the ‘public key’), even though they are necessarily related. Instead, both keys are generated secretly, as an interrelated pair. In public-key cryptosystems, the public key may be freely distributed, while its paired private key must remain secret. In a public-key encryption system, the public key is used for encryption, while the private or secret key is used for decryption.
Wheww!!! That’s quite a lot we’ve said so far, so let’s do a quick recap and this time with illustrations. So below is a box called cryptography:
When we open up the box we find 2 things; encryption and hashing
When we further open encryption we find things such as DES and AES which are symmetric in nature i.e they use one key for both encryption and decryption and RSA(Rivest-Shamir-Adleman) which is asymmetric as it uses different keys for encryption and decryption.
When we further open hashing we find MD5, SHA1 etc. which are hash algorithms.
So in simple terms, that’s pretty much what cryptography is, in the next post, we’ll talk about the Advanced Encryption Standard, AES.