User:Opalraava/crypto

The crypto community

 * lists.cyperpunks.ca
 * Cryptography portal, Cryptography category, Cryptography wikiproject.

Cryptography
Modern cryptography is a big, but layered subject. Here are the layers, from low to high level:

Mathematics
The first layer is the mathematical one. It aims to design algorithms and attacks on those algoritms. For example if you can mathematically prove from the mathematics of a cipher that you can find the key faster than by brute force (simply trying all keys), you 'broke' it, without ever writing a line of real computer code.

Low-level cryptography
There are two kinds of cryptography: First, there is the original symmetric cryptography, where there is one key, shared by both parties exchanging the message. The second kind of cryptography is public key cryptography, where there are two keys, a (non-secret) public key and a related (secret) private key. Here the idea is that you can use my public key to encrypt something that only I (with my private key) can decrypt.


 * Message digests, or cryptographic hash functions (or MD) are simply functions that take some data, a file for example, and calculate a checksum of that data. There are no keys involved. It's just a function taking input and producing output. But if only one bit of the original data is changed, the output value of the hash function changes (completely). And given some hash function output, it's impossible to figure out what the original data was. An example of a message digest is SHA-2.


 * Random number generation: In cryptography, one often needs random numbers, but very good quality random numbers. The algorithms that are able to create such random numbers are called cryptographically secure pseudorandom number generators or CSPRNG.


 * A Key derivation function or KDF takes as input a password and creates a cryptographic key from that. So the two are different concepts: A password might be "hello you" and an algorithm might require a key of, say, 32 bytes. One could append (pad) the password with zeroes for example to get to the right length, but we can do much better. A good KDF is a tool against brute-force attacks, because it is often made in such a way that it is very computationally intensive. Examples are: PBKDF2 and scrypt.


 * A Message authentication code, or MAC, it does require a (secret) key. This way both the integrity and the authenticity of a block of data can be ensured for those that have that secret key. This use of a single secret key makes MAC part of the symmetric cryptography domain. In public key cryptography you can do something better: it is called a digital signature and not only provides integrity, but proof to anyone with the public key that the message was signed by me (because I have the secret key).


 * Symmetric ciphers and their modes of operation: Symmetric cryptography means that the same key is used for encryption and decryption. This single key must remain secret. In contrast, with public-key cryptography there are two keys, a public key and a (secret) private key. There are symmetric stream ciphers and symmetric block ciphers, where the most important group are the block ciphers. Where stream ciphers can encrypt arbitrary long streams of data, block ciphers operate on a fixed block of data, and to allow the encryption of arbitrary long amounts of data, the block cipher is chained together in some way, this is called the block cipher mode of operation or cipher mode. Newer cipher modes combine message authentication and encryption in one mode, this is called authenticated encryption, or AEAD mode. An example of an AEAD mode is the Galois/Counter Mode.


 * Public-key cryptography: The use of Public-key cryptography is very important for the functioning of the Internet. In short, one can use the public key for encryption, and the private key for decryption. One recent development is the use of Forward secrecy in Key-agreement protocols.

Mid-level cryptography and protocols

 * Public key certificates and certificate authorities:
 * X.509 Certificates:
 * PKCS 11:
 * Secure Sockets Layer (SSL) / Transport Layer Security (TLS): SSL/TLS, ocsp providers: OpenSSL, GnuTLS.
 * Internet Protocol Security (IPsec):
 * Domain Name System Security Extensions (DNSSEC):
 * Email: DMARC / DomainKeys Identified Mail (DKIM):
 * Wireless Security:
 * Kerberos:
 * OTR:

High-level, user visible crypto

 * HTTPS:
 * SSH:
 * OpenVPN:
 * PGP / GnuPG:
 * Cryptocat:
 * Pidgin:
 * Bitcoin: Bitcoin is a crypto-currency using a distributed transaction database called the Blockchain.