It's been 3 weeks that I started developing WarShield, a file encryption CLI. So I wanted to tell you everything important I know today about cryptography.
Keys (passwords) in cryptography
In case you want to encrypt your data, it's good to be able to decrypt it too: that's why you use a key, more commonly named as password.
Keys in cryptography are grouped in two categories:
- Symmetric-key cryptography
- Public-key cryptography, also called as asymmetric-key cryptography
Symmetric-key cryptography algorithms uses only one key to encrypt and decrypt a value, unlike public-key cryptography algorithms that uses a "public key" to encrypt and a "private key" to decrypt.
Image credits: SSL2Buy
Those keys must be exactly the same length as required by the encryption algorithm. For instance, an algorithm like AES-256-GCM require a 128 bit key (32 characters), GCM being the "mode of operation" that define how the algorithm works to provide additional informations like authenticity.
But don't worry, you don't need to have 32 characters passwords, event though it would be secure. You can (and must) hash your keys to provide a secure and well sized key.
Random and authenticity
If you encrypt multiple values with the same key, the outputs would leak some informations about your key. Which you don't want for security reasons. A great way to secure your encrypted values is to make them fully random. And here you have: the Initialization Vector.
Initialization Vector (IV)
This technique is basically a way to mix your key with another value, best being a random value.
It's size depends on the defined encrypting algorithm mode of operation and must be given manually. It's not generated by the algorithm.
Authentication and integrity
Maybe you heard about MD5 algorithm to check if your downloaded file contain all the wanted data? Well, it's called integrity. It ensure that your data is exactly the one you want.
Authentication involve integrity and make sure that your data has been encrypted by a specific entity (for instance, a computer). It's a way to ensure the non-repudiation of data, in clear, it's mean to be sure that the data isn't falsified. An authentification value is called a Tag or a MAC (Message Authentication Code).
The most used integrity algorithms are SHA1 and MD5. For authentication algorithms it's HMAC, checksum and CMAC. There is bunch of others algorithms but here's the main ones.
Image credits: Wikipedia
And... That's it! There is nothing more to say about the basics of cryptography. Sure I could talk about different encryption algorithms but I find it useless in this case.
I will learn more and more about cryptography, improve my projects and maybe my own security. Hope that you learned too about cryptography 😄
Top comments (18)
Your last paragraph on Authenticity sounds wrong and misleading. You're putting everything in the same bag. It would have been better to explain what HMAC is instead of comparing it to md5 which is a hashing function and provides absolutely no authenticity, only integrity.
Rework finished, hope that you will enjoy it!
You're right, I somehow poorly formulated the paragraph, it need a rework :)
Excellent write up!
So now I'm curious about something. Did you happen to come across the proposed RSA alternatives for asymmetrical key pairs that use things like EC25519 in order to move away from NSA created standards? If so, what was your take?
ECC curves are far from what I know at this time.. If your question was about how to don't use NSA standards (like AES), I would use something like 3DES, former competitor of AES before AES was declared as the US government's standard.
Thanks for sharing! Informative😀
I've always wondered about the IV. Since it's random, you probably store it along with your encrypted data (but as an unencrypted value). Am I right? Is it the same thing as a "salt"?
It's literally the same thing as a salt, it's mixed with the key like you mix some cheeses to make a fondue
Just a small point, but encryption and ciphers are two different things. A cipher consists of nothing more than a character (or byte) map from one alphabet to another.
Beyond that, nice work!
I'll note that! I'm not an english native. In french, the word "crypting" doesn't really have the purpose of transforming a text to a ciphertext, there's a website dedicated to this word because of bad uses.
Thanks you for tell me that, I'll not make this error anymore!
(post fixed)
Thanks for sharing your learnings, keep up the great work
Thanks, the community helps me alot to improve myself! Hope that people like my posts as I like to make them!
I describe What is Cryptography in an easy way
I would like to to use case examples with scripts #showusthescripts!
It's hard to show proper code of how cryptography works. You can't show code in an essay because your readers could not understand the programming language you use.
It's more like an explication than a demonstration.
I understand Im just a snippet snob I guess lol
"This technique is basically a way to mix your key with another value, best being a random value."
Is this what you call a salt ??
It's theoricaly the same thing as a salt, a salt is mostly used in hashing, where it will be append to the original value then hashed. An IV is XORed with a value (here a key)