Just Enough Cryptography
"Just enough" cryptography can still be quite a bit — this is broken into a number of pages on different topics. The first page is an overview, so you can see where we're going. You might know some of the pieces and want to jump ahead, but if this is your first look at these vital information security tools, it will help if you've seen the road map.
|Terminology||We must first specify the terminology, so that everything else can make sense. Then the very obvious basics of encryption and decryption, and the not so obvious issue of initialization vectors.|
|Ciphers||There are both symmetric and asymmetric ciphers, and the distinction is important. There are many useful applications of asymmetric cryptography, so we need to see how they work. This gets into details like how RSA works, and specialities like Identity-Based Encryption.|
|The only completely secure cryptosystem is a One-Time Pad based on a truly random key stream. The RC4/5/6 cipher family emulates that, and there are ways to try to build your own One-Time Pad key generator from readily available hardware.|
|Once you have a wide choice of ciphers you immediately want to know how strong they are so you can make the best choice for your application. That involves issues like key length and the differences between symmetric and asymmetric ciphers.|
|Diffie-Hellman||Some times you need to negotiate a shared secret in an insecure environment. Diffie-Hellman key negotiation solves that problem. And sometimes you need to securely share a key among many people.|
|Cryptographic hash functions are another very important area of cryptography. You need to know what they are, and catch up on some recent events in the world of hash functions. Really!|
|Public-Key Infrastructure||Hash functions are used to protect data integrity and authenticate message sources in digital signatures, hashed message authentication codes (HMACs), and digital certificates. Those are needed to do things like make secure connections to web servers. All of these are involved in building a public-key infrastructure.|
|Cultural Cryptography||Finally, there are a few aspects of cultural cryptology, including cryptographic nerdcore rap, and cryptologic combinatorics in the works of Poe, Clarke, and Borges.|
|Where next?||If all this isn't enough, I have a suggested reading list where you can find far more details.|
"The man is insane who writes a secret
in any other way than one which will
conceal it from the vulgar and make
it intelligible only with difficulty
even to scientific men and
— Roger Bacon, Epistle on the Nullity of Magic, eighth chapter
"This Arte of Cypheringe, hath for
Relative, an Art of Discypheringe;
by supposition unprofitable;
but, as things are, of great use.
For suppose that Cyphars were well
managed, there bee Multitudes of them
which exclude the Discypherer.
But the rawness and unskillfulnesse of
Secretaries, and Clerks, in the Courts
of Princes, is such that many times
the greatest matters are committed
to futile and weake Cyphers."
— Roger Bacon, De Augmentis Scientaiarum, 1623, London
When cryptography is outlawed,
bayl bhgynjf jvyy unir cevinpl.
— Many people on the Internet, in an extremely simple