12 April 2019
You made it to part 4! Here’s a quick overview of what we have broken down so far. We started with some basic vocabulary for cryptographic building blocks and talked about hash functions in Part 1, were introduced to symmetric ciphers, keys, and leakage in Part 2, and dove into asymmetric ciphers in Part 3. We’ve covered a lot, and we aren’t quite done! In this section we are going to take the foundations we have learned and apply them in a TLS deep dive.
31 January 2019
Welcome to Part 3! A quick recap of where we’ve been. In Part 1: Buzzwords and Hash Function we talked about some foundational cryptography vocab and were introduced to hash functions, how they’re used, and some drawbacks. In Part 2: Symmetric Ciphers we upped the complexity a bit and discussed symmetric ciphers, including important properties of keys and different modes that help us avoid leakage. Making great progress! In this section, we are going to ease more into crypto with asymmetric ciphers. Ready?
8 November 2018
In the first article in this series on the basics of crypto, "Ease Me Into Cryptography Part 1: Buzzwords and Hash Function", we learned some lingo and talked about the different aspects of hash functions. Remember that hash functions are one-way — we cannot reverse them algorithmically. We talked about why this is useful, however let’s get to something that we can encrypt AND decrypt. In cryptography, we call these ciphers. Just like in the last section, and in true “Explain Like I’m Five” fashion, let’s break this down. What is a cipher? What are symmetric ciphers? How are they useful? Are there any weaknesses?
26 September 2018
You know what it’s like being in security, and someone asks you what you do. Now imagine the responses when I tell people I do cryptography. And it’s not just outsiders. Even within a techie crowd, common responses range from “Ooof, that sounds complicated” to “I wouldn’t touch that with a ten-foot stick”. I usually laugh and assure people that, although it can be complex, the complexity is surmountable. Even my reassuring comments are met with disbelief and the persistence of a feeling of intimidation by the topic of cryptography. I would love nothing more than for my words to be met with intrigue rather than hesitation. So I’m here to prove to you that crypto is tackle-able, and you can be the one to tackle it. Cryptography is no longer a convenient addition. It is becoming more and more of a necessity for security and privacy. Organizations and consumers are demanding it. So, if you must learn it eventually, why not start now and why not learn the easy way. I fully admit that cryptography sounds intimidating, especially when it comes to adding it into your code. However, I firmly believe that the intimidation is solely because it is in an unfamiliar context. If the concepts can be broken down into bite-sized pieces, then our brains can more easily consume the crypto elephant. “Ease Me Into Cryptography”, a series of introductory articles for InfoSec professionals, will do just that.