Rotors of M-209 cipher machine.

Just Enough Cryptography


An introduction to "just enough" cryptography can still be quite a bit. This series of pages is broken into several topics. This first page is an overview, so you can see where we're going. You might know some of the pieces and want to jump ahead, but if this is your first look at these vital information security tools, it will help if you've seen the road map.

We must first specify the terminology, so that everything else can make sense. Then the very obvious basics of encryption and decryption, and the not so obvious issue of initialization vectors.
There are both symmetric and asymmetric ciphers, and the distinction is important. There are many useful applications of asymmetric cryptography, so we need to see how they work. This gets into details like how RSA works, and specialties like quantum key distribution or QKD, and Identity-Based Encryption.
The only completely secure cryptosystem is a One-Time Pad based on a truly random key stream. The stream ciphers family emulate a weakened version, and there are ways to try to build your own One-Time Pad key generator from readily available hardware.
Once you have a wide choice of ciphers you immediately want to know how strong they are so you can make the best choice for your application. That involves issues like key length and the differences between symmetric and asymmetric ciphers.
Some times you need to negotiate a shared secret in an insecure environment. Diffie-Hellman key negotiation solves that problem. Once you can easily and safely negotiate new keys, you should make your session keys ephemeral which can lead to Perfect Forward Secrecy And sometimes you need to securely share a key among many people.
Cryptographic hash functions are another very important area of cryptography. You need to know what they are, and catch up on some recent events in the world of hash functions. Really!
Hash functions are used to protect data integrity and authenticate message sources in digital signatures, hashed message authentication codes (HMACs), and digital certificates. Those are needed to do things like make secure connections to web servers. All of these are involved in building a public-key infrastructure.
Finally, there are a few aspects of cultural cryptology, including cryptographic nerdcore rap, and cryptologic combinatorics in the works of Poe, Clarke, and Borges.
If all this isn't enough, I have a suggested reading list where you can find far more details.

If you're ready, start learning about cryptography here

"This Arte of Cypheringe, hath for Relative, an Art of Discypheringe; by supposition unprofitable; but, as things are, of great use. For suppose that Cyphars were well managed, there bee Multitudes of them which exclude the Discypherer. But the rawness and unskillfulnesse of Secretaries, and Clerks, in the Courts of Princes, is such that many times the greatest matters are committed to futile and weake Cyphers."
— Roger Bacon, De Augmentis Scientaiarum, 1623, London

"The man is insane who writes a secret in any other way than one which will conceal it from the vulgar and make it intelligible only with difficulty even to scientific men and earnest students."
— Roger Bacon, Epistle on the Nullity of Magic, eighth chapter

When cryptography is outlawed,
bayl bhgynjf jvyy unir cevinpl.

— Many people on the Internet, in an extremely simple rot13 substitution cipher.