Just Enough Cryptography

"Just enough" cryptography can still be quite a bit — this is broken into a number of pages on different topics. The first page is an overview, so you can see where we're going. You might know some of the pieces and want to jump ahead, but if this is your first look at these vital information security tools, it will help if you've seen the road map.

We must first specify the terminology, so that everything else can make sense. Then the very obvious basics of encryption and decryption, and the not so obvious issue of initialization vectors.

There are both symmetric and asymmetric ciphers, and the distinction is important. There are many useful applications of asymmetric cryptography, so we need to see how they work. This gets into details like how RSA works, and arcana like Identity-Based Encryption.

The only completely secure cryptosystem is a One-Time Pad based on a truly random key stream. The RC4/5/6 cipher family emulates that, and there are ways to try to build your own One-Time Pad key generator from readily available hardware.

Once you have a wide choice of ciphers you immediately want to know how strong they are so you can make the best choice for your application. That involves issues like key length and the differences between symmetric and asymmetric ciphers.

Some times you need to negotiate a shared secret in an insecure environment. Diffie-Hellman key negotiation solves that problem. And sometimes you need to securely share a key among many people.

Cryptographic hash functions are another very important area of cryptography. You need to know what they are, and catch up on some recent events in the world of hash functions. Really!

Hash functions are used to protect data integrity and authenticate message sources in digital signatures, hashed message authentication codes (HMACs), and digital certificates. Those are needed to do things like make secure connections to web servers.

Finally, there are a few aspects of cultural cryptology — cryptographic nerdcore rap, and cryptologic combinatorics in the works of Poe, Clarke, and Borges.

If all this isn't enough, I have a suggested reading list where you can find far more details.

If you're ready, start here

"The man is insane who writes a secret in any other way than one which will conceal it from the vulgar and make it intelligible only with difficulty even to scientific men and earnest students."
— Roger Bacon, Epistle on the Nullity of Magic, eighth chapter

"This Arte of Cypheringe, hath for Relative, an Art of Discypheringe; by supposition unprofitable; but, as things are, of great use. For suppose that Cyphars were well managed, there bee Multitudes of them which exclude the Discypherer. But the rawness and unskillfulnesse of Secretaries, and Clerks, in the Courts of Princes, is such that many times the greatest matters are committed to futile and weake Cyphers."
— Roger Bacon, De Augmentis Scientaiarum, 1623, London

When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl.
— Many people on the Internet, in an extremely simple rot13 substitution cipher.