1. Cryptography - What and Why?

Motivation behind writing yet another cliché' article

Since the eternity of the time, I was scared from learning cryptography. I thought it was complex as it is related to mathematics (it is!). But when I finally learnt it, I felt that the complexity exists only if you have to make the algorithms yourself! Not if you want to use. Hence I felt pity and decided to leave the creating part to the PhD candidates :P

If you're here, either you're absolutely beginner, or you are like me who dreaded these concepts and somehow have survived but it is always at the back of your mind. Or you just want to roast me...

Throughout the article, I will be trying to use only the required amount of words to explain something. Because sometimes, too much explanation complicates instead of simplifying.

Nevertheless, let's start...

Introduction

Wikipedia definition:

Cryptography: Cryptography, or cryptology (from Ancient Greek: κρυπτός, romanized: kryptós "hidden, secret"; and γράφειν graphein, "to write", or -λογία -logia, "study", respectively[1]), is the practice and study of techniques for secure communication in the presence of adversarial behavior.

Too complicated right? I felt so as well..

Now let's see how I have understood till now:

As far as we developers are concerned, Cryptography is the way to do 2 simple things:

  1. Convert some data from one form to another form such that only the intended recipients are able to read that data. For everyone else, it appears as garbage/irrelevant.

  2. Validate the authenticity of some data. For example, let's say Bob writes a letter and sends it somewhere randomly, then everyone else who receives that letter are able to somehow verify with 100% confidence that the letter was written by Bob only.

How do we achieve these capabilities? We will see later. First let's dive down to some basic terms which we need to understand first.

Encryption, Decryption and Cipher text

Encryption: To convert data from plain form to a cryptic form (So that people other than intended recipients cannot understand it).

Decryption: To convert data from cryptic form back to the plain form (Ideally by intended recipients).

Cipher Text: Encrypted text

Types of Encryptions

encryption-types.png

In summary:

Symmetric Encryption: One key is used for both encryption and decryption.

Asymmetric Encryption: Two keys are used. One for encryption, and one for decryption. Keys are generated in pairs.

Hashing/Hash Function

Process of taking in some data and doing some calculation with it so that the output is a fixed length of characters.

The function that takes care of doing that calculation is called Hash Function.

Must have properties of a Hash function:

  1. If the data is unchanged, then every time we calculate the hash, it must be the same!

  2. If the data is changed (even 1 single bit), the hash must change!

  3. The length of the calculated hash must always be the same for a specific hash function!

    • For example, let's say this article is 1000 characters in length. If I calculate it's hash by a function called SHA256 (Don't worry! We will learn), it will give only 256 bits (i.e. 64 characters) as the result.

Should have properties of an Ideal Hash function:

  1. It should be impossible (ideally) to obtain the original data/part of original data from it's Hash.

  2. If the data is changed (even 1 single bit), the hash should change Significantly.

  3. It should be impossible (ideally) to generate same hash without the original data (Probability of Hash Collision should be near impossible).

    • Let's say we calculate the hash of your profile picture and it comes as ABCD. The hash function should be such that it is near impossible to create another picture, which is different from your profile picture, but when we calculate it's hash, it is also equal to ABCD.
  • Hash Collision: This behavior of a hash function that it calculates same hash for 2 different things is called Hash Collision.

Requirements to go Further:

No tutorial is complete without practical knowledge! Hence, we will see how everything is done practically after reading the theory part!

  1. A laptop/pc/mac/linux/unix/virtual device where you can run simple commands in a terminal.

    I will be running windows but it doesn't matter as mostly you will see the terminal.

  2. Install LibreSSL in the above device as we will be using it. You will find numerous tutorials how to do so on YouTube or whatever.

*Why LibreSSL? Because LibreSSL is fork of OpenSSL created in 2014 to keep it update with latest algorithm implementations and fixing the vulnerabilities as soon as possible. If you don't have access to LibreSSL for some reason, feel free to use the latest version of OpenSSL. Commands are going to be the same anyway.