the process through which data is encoded so that it remains hidden from or inaccessible to unauthorized users. It helps protect private information, sensitive data, and can enhance the security of communication between client apps and servers.
Hashing (hash function): one-way cryptographic algorithm that takes an input message of arbitrary length and produces a fixed-length digest that can't be decoded (or is extremely difficult to decode). Hash algorithms are designed to be one way algorithms, so that hashed values don't need to be 'read', they only need to be 'matched'. Example use: storing passwords in a database.
Encrpytion: converting a string into another string that can be decoded using a key. Example use: sending credit card details via a web application. Encryption is less secure than hashing, but sending an encrypted (or hashed) credit card number to a retailer that can't be decoded is pointless. For that reason, encryption should only ever be used over hashing when it is necessary to decrypt the resulting message.
Salt(ing): appending or prepending a random string (called a salt) to the password before hashing. This ensures that two users with the same password will have two different password hashes. Salts should be of reasonable length (a good rule of thumb is to use salts that are at least equal to or greater than the size of the hash), and never reuse the same salt twice - always generate a new random salt for every new hash (this will need to be stored though, and a link maintained to the hash it belongs too).
Checksum (aka hashsum): an outcome of running a hash function on a piece of data (usually a single file). a checksum can be used to "check" that your data (or file) is the same as what was promised by the source of the data (or file). In this example, there is a clear difference in checksum:
This is a test. >> MD5 HASH CHECKSUM >>
This is a test >> MD5 HASH CHECKSUM >>
Alot of terminology is interchangeable:
A checksum (such as CRC32) is to prevent accidental changes. If one byte changes, the checksum changes. The checksum is not safe to protect against malicious changes: it is pretty easy to create a file with a particular checksum.
Symmetric cryptography uses SAME KEY to encrypt & decrypt.
A hash function maps some data to other data. It is often used to speed up comparisons or create a hash table. Not all hash functions are secure and the hash does not necessarily changes when the data changes.
A cryptographic hash function (such as SHA1) is a checksum that is secure against malicious changes. It is pretty hard to create a file with a specific cryptographic hash.
To make things more complicated, cryptographic hash functions are sometimes simply referred to as hash functions.
All of the following block ciphers, including Caeser and Vigenère, are symmetric.
Caeser cipher advantages:
Caeser cipher disadvantages:
- one of the easiest methods to use in cryptography and can provide minimum security to the information (good for children or persons who have very little experience with security and encryption)
- use of only a short key in the entire process
- one of the best methods to use if the system cannot use any complicated coding techniques
- requires few computing resources and can be done easily with a pen and paper
- simple structure usage
- can only provide minimum security to the information
- frequency of the letter pattern provides a big clue in deciphering the entire message
- due to the nature of the cipher, an encrypted number sequence has only 10 possibilities with a common key or shift to all numbers.
A block cipher takes a block of plaintext bits and generates a block of ciphertext bits, generally of same size:
see block cipher examples in Python from exam
Vigenère cipher - a polyalphabetic substitution cipher
key = "XYZ" key is wrapped until same len of msg - "XYZX"
plaintext = "MATE"
ciphertext = "JYSB"
Asymmetric cryptography uses DIFFERENT KEYS:
- to encrypt (public_key)
- to decrypt (private_key)
Both keys are 'linked' mathematically but it is computational infeasible to calculate the private key from the public key. This is slower but more secure encryption than symmetric cryptography. Public/private key encryption is a viable encryption method that could be used in the transmission of data between a secured section of a website and an end user.
recognise and describe features of symmetric (Data Encryption Standard — DES, Triple DES, AES — Advanced Encryption Standard, Blowfish and Twofish) and assymetric (RSA) encryption algorithms
no coding these, just be able to recognise and describe