Cryptography and its variations
Cryptography is the study of techniques for secure communication. Simply, it’s all about constructing and analyzing the protocols by replacing a unit of plaintext with a code word that preventing the third parties from reading your private information. Not only that, it’s also used in various aspects of information security such as data confidentiality, data integrity, authentication, and non-repudiation. It includes methods such as microdots, merging words with images, and other ways to hide information in storage or transit. Cryptography exists at the intersection of the disciplines of mathematics, computer science, electrical engineering, communication science, and physics. Its applications are applied in e-commerce, chip-based payment cards, digital currencies, computer passwords, and military communications.
Ancient period of Cryptography
Before the modern era, cryptography focused on conversion of messages from a simple text form to a complex one and back again at the other end, rendering it unreadable by interceptors or eavesdroppers without secret knowledge. Cryptography derived from the Greek kryptos, meaning hidden. The origin of cryptography is usually dated from about 2000 BC, with the Egyptian practice of hieroglyphics. These consisted of complex pictograms which meant this was only known to an elite few. The first modern cipher was used by Julius Caesar (100 BC to 44 BC), who did not trust his messengers when communicating with his governors and officers. For this reason, he created a system in which each character in his messages was replaced by a character three positions ahead of it in the Roman alphabet. The technology has expanded beyond confidentiality concerns to include techniques for message integrity checking, sender/receiver identity authentication, digital signatures, interactive proofs and secure computation, among others.
Since the development of rotor cipher machines in World War I and the advent of computers in World War II, the methods used to carry out cryptology have become increasingly complex and its applications are becoming more widespread. In the modern cryptography, there exist information-theoretically secure schemes which probably cannot be broken even with unlimited computing power. A modern cryptosystem is based on mathematical theory and computer science practice, and its algorithms are designed around computational hardness assumptions. Encryption technology now attempts by a different platform to ensure secrecy in communications, such as spies, military leaders, and diplomats. Today, the most advanced cryptosystems and ideas are now in the public domain, because the Internet has allowed the spread of powerful programs and the underlying the techniques of cryptography.
The types of cryptography
Here only one key is used for both encryption and decryption. This type of encryption is also referred to as symmetric encryption. Both sender and receiver share a single key. The sender uses a key to encrypt the plaintext and send ciphertext to the receiver, the receiver applies the same key which applied by send to decrypt the message and recover the plain text. The key is must be known by both to encrypt or decrypt the message in plaintext. Advanced encryption standard (AES) with 128, 192, or 256-bit keys is the standard for symmetric encryption.
In Public-Key Cryptography, two related keys which public and private key. A public key is freely distributable and used for encryption. But the paired private key remains secret and used for decryption. That means, the private key can be accessible only by the owner. The sender encrypts the information using the receiver’s public key. If the receiver knows who sent that message, the receiver can decrypt it by using his/her private key. RSA and elliptical curve cryptography (ECC) with at least 2048-bit keys are the standards for asymmetric encryption.
Hash functions are different from SKC and PKC. They use no key and are also called one-way encryption. Hash functions are mainly used to remained unchanged a file when applying cryptography. Because of that, in its algorithm, there is no key to be used. A fixed-length hash value is computed as per the plain text that makes it impossible for the contents of the plaintext to be recovered. Hash functions also used by many OS to encrypt passwords. MD5 and SHA-1 are common hashing algorithms used today.
How to protect keys/passwords
When things need to keep secret, a secure cryptosystem is a final solution to that situation. Take the appropriate steps to protect any keys that your systems use. But remember, never store encryption keys in clear text along with the data. Here are three common methods for protecting keys -
Store keys in a file system and protect them with strong access control lists (ACLs).
Encrypt your data encryption keys (DEKs) with a second key encrypting key (KEK). The KEK should be generated using password-based encryption (PBE). A password is known to a minimal number of administrators that can be used to generate a key by using an algorithm such as bcrypt, scrypt, or PBKDF2 and used to bootstrap the cryptosystem.
A hardware security module (HSM) can be used to store keys securely. It’s a tamper-resistant hardware appliance. The code can make API calls to an HSM to provide keys when needed or to perform decryption of data on the HSM itself.
Make sure that you only use algorithms, key strengths, and modes of operation that only can keep your system protected.