Cryptography Fundamentals
Cryptography is the science of protecting information by transforming it into an unreadable format for unauthorized parties. It is the mathematical backbone of nearly every security control in modern systems — from HTTPS to password storage to digital signatures.
Core Cryptographic Concepts
- Plaintext: The original, readable message or data before encryption
- Ciphertext: The encrypted, unreadable output produced by applying a cryptographic algorithm to plaintext
- Key: A secret value used by the algorithm to encrypt or decrypt. The security of modern cryptography relies entirely on key secrecy, not algorithm secrecy (Kerckhoffs's Principle)
- Encryption: Converting plaintext to ciphertext (requires a key)
- Decryption: Converting ciphertext back to plaintext (requires the correct key)
- Cryptographic algorithm (cipher): The mathematical function that performs encryption/decryption — AES, RSA, ChaCha20
Encryption vs. Hashing vs. Encoding
# These are DIFFERENT operations — commonly confused
ENCRYPTION (reversible with key):
Plaintext → [encrypt with key] → Ciphertext
Ciphertext → [decrypt with key] → Plaintext
Use for: protecting data in transit and at rest (files, messages, databases)
HASHING (one-way, irreversible):
Data → [hash function] → Fixed-length digest
hash("password") → "5f4dcc3b5aa765d61d8327deb882cf99"
Cannot reverse the hash to get "password"
Use for: password storage, file integrity verification, digital signatures
ENCODING (no security — just format transformation):
Data → [encode] → Different format (Base64, URL encoding, Hex)
"Hello" → Base64 → "SGVsbG8="
"SGVsbG8=" → Base64 decode → "Hello"
Use for: data serialization, transmission format (NOT for security!)
# Base64 is NOT encryption — anyone can decode it instantlyCryptographic Properties
- Confidentiality: Encryption ensures only authorized parties can read the data
- Integrity: Hashes and MACs (Message Authentication Codes) detect any modification to data
- Authentication: Digital signatures prove the identity of the sender
- Non-repudiation: Digital signatures prevent senders from denying they sent a message
- Perfect Forward Secrecy (PFS): Session keys are ephemeral — compromising the server's long-term private key does not decrypt past recorded sessions. Used in modern TLS with ECDHE key exchange
Common Mistakes
- Using Base64 as 'encryption' — Base64 is encoding, not encryption; anyone can decode it immediately
- Confusing hashing with encryption — hashed passwords cannot be decrypted; they must be cracked (brute force); encrypted data can be decrypted with the key
- Rolling your own cryptography — implementing cryptographic algorithms from scratch introduces subtle vulnerabilities; always use well-audited libraries (cryptography.io, libsodium)
Tip
Tip
Practice Cryptography Fundamentals in small, isolated examples before integrating into larger projects. Breaking concepts into small experiments builds genuine understanding faster than reading alone.
The CIA Triad is the foundation of information security
Practice Task
Note
Practice Task — (1) Write a working example of Cryptography Fundamentals from scratch without looking at notes. (2) Modify it to handle an edge case (empty input, null value, or error state). (3) Share your solution in the Priygop community for feedback.
Quick Quiz
Common Mistake
Warning
A common mistake with Cryptography Fundamentals is skipping edge case testing — empty inputs, null values, and unexpected data types. Always validate boundary conditions to write robust, production-ready cybersecurity code.
Key Takeaways
- Cryptography is the science of protecting information by transforming it into an unreadable format for unauthorized parties.
- Plaintext: The original, readable message or data before encryption
- Ciphertext: The encrypted, unreadable output produced by applying a cryptographic algorithm to plaintext
- Key: A secret value used by the algorithm to encrypt or decrypt. The security of modern cryptography relies entirely on key secrecy, not algorithm secrecy (Kerckhoffs's Principle)