Security

This is the fifth article in a series on Cryptography for the Everyday Developer. Follow along to learn the basics of modern cryptography and encryption. When discussing encryption, you’ll often hear talk about the strength of a security system as measured in “bits.” For example, systems might advertise their strength as having 128-bits or 256-bits. But what exactly does security measured in bits mean? Let’s demystify this common yet sometimes misunderstood concept. ...

This is the third article in a series on Cryptography for the Everyday Developer. Follow along to learn the basics of modern cryptography and encryption. Without randomness, cryptography would be impossible because all operations would become predictable and therefore insecure. — Jean-Philippe Aumasson, Serious Cryptography The cryptographic strength of most systems lies in their ability to generate random numbers that cannot be easily guessed or reproduced, making it difficult for adversaries to crack the encryption or predict the output. Unfortunately for us, computers and the software that they run are very predictable. As long as they are given the same inputs each time, they’ll always come up with the same outputs. This is very good for reliability, but not so good for cryptography where randomness and unpredictability are required for secure operation. ...

This is the second article in a series on Cryptography for the Everyday Developer. Follow along to learn the basics of modern cryptography and encryption. A cipher is only useful if it is secure. What makes a cipher secure? Let’s remember the use case for classical ciphers — keeping messages confidential. Caesar’s cipher and Vigenère’s cipher both suffer from a similar flaw, which makes them insecure and unusable for secure communication. For both ciphers, the flaw is obvious — these ciphers allow an attacker to learn how the cipher works by inspecting the ciphertext itself. This allows an eavesdropper can decrypt the message given only the ciphertext. A secure cipher, on the other hand, is one where it is not possible to learn anything about the plaintext or the cipher’s behaviour even by inspecting numerous plaintext or ciphertext messages. ...