Scribd Logo
Upload

Welcome to Scribd!

  • 45 views

    Safari - Aug 7, 2019 at 10:34 AM PDF

    Uploaded by

    benito amurao
    Cryptography is the science of securely transmitting information against third parties. It involves encryption to encode messages and hashing to irreversibly transform information into a string. There are two main types of encryption - symmetric which uses a shared key and asymmetric which uses a public/private key pair. Hashing is used to verify passwords by storing hashed passwords instead of the actual passwords. Salts are added to passwords to increase security against rainbow tables which map hashes to common passwords. Cryptography enables secure technologies like blockchain and online transactions.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    Safari - Aug 7, 2019 at 10:34 AM PDF

    Uploaded by

    benito amurao
    45 views1 page
    Cryptography is the science of securely transmitting information against third parties. It involves encryption to encode messages and hashing to irreversibly transform information into a string. There are two main types of encryption - symmetric which uses a shared key and asymmetric which uses a public/private key pair. Hashing is used to verify passwords by storing hashed passwords instead of the actual passwords. Salts are added to passwords to increase security against rainbow tables which map hashes to common passwords. Cryptography enables secure technologies like blockchain and online transactions.

    Original Title

    Safari - Aug 7, 2019 at 10:34 AM.pdf

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Cryptography is the science of securely transmitting information against third parties. It involves encryption to encode messages and hashing to irreversibly transform information into a string. There are two main types of encryption - symmetric which uses a shared key and asymmetric which uses a public/private key pair. Hashing is used to verify passwords by storing hashed passwords instead of the actual passwords. Salts are added to passwords to increase security against rainbow tables which map hashes to common passwords. Cryptography enables secure technologies like blockchain and online transactions.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    45 views1 page

    Safari - Aug 7, 2019 at 10:34 AM PDF

    Uploaded by

    benito amurao
    Cryptography is the science of securely transmitting information against third parties. It involves encryption to encode messages and hashing to irreversibly transform information into a string. There are two main types of encryption - symmetric which uses a shared key and asymmetric which uses a public/private key pair. Hashing is used to verify passwords by storing hashed passwords instead of the actual passwords. Salts are added to passwords to increase security against rainbow tables which map hashes to common passwords. Cryptography enables secure technologies like blockchain and online transactions.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 1

    The Basics of

    Cryptography
    With Applications in R
    Alyson Brown

    Source

    Have you ever wondered how companies


    securely store your passwords? Or how
    your credit card information is kept
    private when making online purchases?

    The answer is cryptography. The vast


    majority of internet sites now use some
    form of cryptography to ensure the
    privacy of its users. Even information
    such as emails from your Gmail account
    are encrypted as they float around in
    Googleʼs data centers.

    What is Cryptography?
    Cryptography is the science of
    transmitting information securely against
    potential third party adversaries.

    For example, think about “The Imitation


    Game.” For those who have seen the
    movie, you know that it is a story about
    how Alan Turing creates the first
    computer to decrypt the German Enigma
    machine — a machine that encoded all
    German communications, so that the
    Nazis could safely transmit messages by
    radio. Though these messages were
    easily intercepted by the Allies, the
    messages could not be understood
    because they were all encoded, or
    encrypted, with some foreign key which
    changed daily.

    Cover of “The Imitation Game”

    Encryption Algorithms

    N. Symmetric Key Encryption — In


    symmetric key algorithms, there is
    one common key, used to lock and
    unlock the encryption “box.” Both
    the sender and the receiver have the
    same key. Symmetric key algorithms
    are very fast because keys do not
    need to be very long; however, there
    exists the problem of sharing the
    common key in the first place as it
    could be intercepted and then the
    entire system is compromised.
    Q. Asymmetric Key Encryption — In
    asymmetric key algorithms, only the
    receiver holds the key. The receiver
    can publicly send out a lock (or
    method of locking our hypothetical
    box), for which only the receiver
    holds the key. The lock is called the
    public key, and the key is called the
    private key. Note: There is only
    one public key for each private
    key.

    Asymmetric Key Encryption:


    How does it work?*

    First, the receiver generates 2 public keys


    n and e, and one private key d by:

    N. Choosing 2 large prime numbers p &


    q, such that n = p*q.
    Q. Choosing another prime number e,
    such that 3<e<n-1.
    ^. Calculating d such that d*e-1 = k(p-
    1)(q-1).

    Next, youʼre ready to encrypt:

    N. Next transform the plaintext that you


    want to send into a number m, using
    the ASCII numerical representation
    or other method.
    Q. Encrypt the number m, by finding
    ciphertext c= m^e mod n.
    ^. Send n, e, and c to the receiver.

    If this was hard to follow, please see the


    example code on my Github, which walks
    you through each step of the process,
    using a package in R called ‘opensslʼ.
    Excerpt seen below:

    R code on Github to practice encrypting & decrypting


    messages

    Signatures
    Another important aspect of encryption is
    the ability to sign a message. It allows you
    to verify senders and avoid sending
    sensitive information to the wrong users
    and/or public keys.

    How to Sign a Message

    Create a signature M, such that S = M^d


    mod n, and send S along with your
    message. Remember that d is your
    private key.

    How to Verify a Signature

    The receiver can quickly establish that


    the signature is valid if M= S^e mod n.

    R code on Github to sign & verify a message

    Hashing
    Youʼll notice in the sample code above, I
    used a function sha256() for a variable
    m_hash. Hashing is a one-way
    cryptographic function that allows you to
    irreversibly transform information into a
    string of letters and numbers called a
    hash. Hashing is different from encryption
    because a hash is meant to be impossible
    to decrypt, though many have tried, and
    some have succeeded. When you hear
    about a password or other security
    breach, it is usually referring to a
    cryptographic hack in which hackers have
    been able to match hashes back to the
    original text.

    How it works:

    There are various hashing algorithms


    (MD, SHA1, SHA2, & SHA3), but we will
    focus on the SHA256 algorithm as it is
    most common today.

    The SHA256 algorithm first converts text


    into a string of 256 bits (hence the name)
    of 0 and 1. An example would be:

    11100010101110001010111000101011100
    01010111000101011100010101110001010
    11100010101110001010111000101011100
    01010111000101011100010101110001010
    11100010101110001010111000101011100
    01010111000101011100010101110001010
    11100010101110001010111000101011100
    01010000101

    Since these binary hashes are extremely


    long to display, they are then converted
    hexadecimal format (a 64 character
    combination of values 0–9 & a-f), with
    each section of 4 bits representing on
    character. An example of the hexadecimal
    representation is:

    a235810cd87df030d78e890d90c187cc0
    4a09ad09b289b91bbae9d890f987e

    Passwords

    A major use of hashing is in password


    verification. It would be extremely unsafe
    for your bank to keep a database of
    passwords, so it maintains a database of
    hashes, that correspond to your actual
    password. When log in to your bank
    online, the system hashes your password,
    and then checks it against the hash that it
    has on file for you.

    This system works because hashing


    algorithms will always produce the
    same hash for the same password—
    hashes are not a random combination
    of characters. Hashing is also the
    reason that it is important to have
    complex and unique passwords,
    because if I compute the hash for
    “password123”, and I match it up to
    the hash that corresponds to you,
    then I know your password is
    “password123,” and I can easily hack
    your bank account online.

    Bonus Content!
    Rainbow tables

    Rainbow tables are databases of hashes


    to common passwords.

    Take ATM pin codes for example. There


    are 10,000 combinations of 4-digit ATM
    pin codes using digits 0–9. A rainbow
    table would provide the hash for each of
    the 10,000 codes, and a hacker could use
    this list of hashes to map the hash back
    to your code, thus decoding your pin
    number from its hash.

    How can I sleep at night?

    Relax! Banks and most other


    organizations understand that hackers
    want to obtain sensitive information, so
    they typically provide an extra layer of
    security through something called a
    “salt.”

    Salts are extra strings of


    characters added to a
    password (or other
    information) to make it
    more unique, longer, and
    more difficult to hack.

    Instead of having a pin = “0000,” adding a


    salt would change your pin to something
    like “0000B_of_A_salt,” which would have
    an entirely different hash. Organizations
    can creatively use salts to make hacking
    extremely difficult. In order to use a
    rainbow table to crack such an algorithm,
    you would need a rainbow table for each
    possible salt, adding tremendously to the
    number of possible combinations of pin
    numbers.

    Blockchain

    Cryptography enables blockchain to


    verify senders in a network through
    signatures, as well as ensure that past
    transactions and records, known as
    “blocks,” cannot be changed.

    Blockchain also utilizes hashing


    algorithms to assign a unique hash to
    each block, allowing you to distinguish
    between blocks.

    Conclusion
    Now that you know all about hashing and
    encryption, take a look at this short video
    about how Alan Turing was able to
    successfully “hack” the German Enigma
    machine, and watch the movie if you
    havenʼt already!

    *Note: For the purposes of this article, I


    have focused on an asymmetric
    encryption algorithm called RSA (Rivest,
    Shamir, and Adleman) Encryption.

    You might also like