A cipher is a pair of a related algorithm that is used for encryption and decryption one algorithm encrypts data by applying a key to plaintext and the second algorithm decrypts, the data by applying a key to ciphertext, sometimes, but not all the time. The second algorithm in the cipher pair is the reverse of the first to help you understand, ciphers, let us look at some very basic classic ciphers. These can be done with a pen and paper and, of course, are not suitable for real data encryption. I just wanted to give you a working background knowledge of what it means to get ciphertext from plaintext and back again. Substitution ciphers are where plaintext is substituted with ciphertext based on the key transposition. Ciphers are where the characters in the plaintext are scrambled or, as we call it in cryptography permutated, the resulting ciphertext has the same characters as the plaintext just jumbled.

## Ceasar Cipher

Here is an example of a shift substitution, cipher known as Caesar cipher. We have the English alphabet laid out with the second alphabet, lined up with all the letters shifted six spots to the right, then, when we get to the end, we start back over at the beginning again to complete the list as an example. If we have the plaintext word, asparagus, the corresponding ciphertext string would be g i v y g x g m a y, so A would be G, S would be I, P would be V, and so on. If we sent this ciphertext to a recipient, then all the recipient would need to know the key rot, six or rotation six, and they could recreate this line up on their end and get asparagus back from the ciphertext. Now cracking these basic ciphers Isn’t that hard. Someone would just need to look for common letters like a and a so like. I said this would not hold up in the real world anymore. I mean it is not the days of Caesar anymore, all right.

## Symmetric versus Asymmetric Encryption

Our first cryptography concept is symmetric versus asymmetric encryption. Symmetric is often referred to as a secret key or shared key encryption. That is because of the same secret, shared key is used for both encryption and decryption. For this type of encryption, key management is the biggest concern. If there are two parties involved, a sender and a recipient, then both ends need a copy of the key and they need to have gotten them securely. That is called key distribution now, whether to parties or just one is involved. Keeping the secret key, a secret is crucial. Okay, what if you have multiple pairs communicating? Does everyone use the same key? That is not secure. Okay! So, then we have multiple keys to manage the more keys. The more complicated the key management process becomes. Even though key management is a concern. Symmetric is faster than asymmetric alone. I say alone because symmetric and asymmetric are often used together when comparing symmetric. Algorithms remember that strength is affected by the lengths of the key and the number of iterations through the algorithm. Even so, all symmetric algorithms can eventually be attacked with a brute-force attack. The stronger the algorithm the longer would take to find the key by trying every key choice until one works now we are talking days months years, hundreds of years, thousands of billions are the oldest universe. In some cases, if part of key management, you change your key in a shorter amount of time than a brute-force attack or other attack would work. You are good. As I said, the biggest issue for symmetric encryption is key management. Asymmetric encryption or public key encryption saves us from the need to pass out secret keys. Instead, math magically connected key pair is used, that is two keys, one half of the key pair is public, and the other is private. Either key can encrypt and either key can decrypt. If data is encrypted with the public key, then it would be decrypted with the private key. This would ensure the confidentiality of the data. If data is encrypted with the private key, then it would need to be decrypted with the public key. This would ensure the identity of the sender. Now from this, you need to realize that messages encrypted with the private key cannot be decrypted with the private key and, at the same time, the message is encrypted with the public. Key cannot be decrypted with the same public. Key. Remember that I said that symmetric and asymmetric can be used together in these cases. At the beginning of communications, the two asymmetric keys would be used to securely distribute a third secret key and then that secret key would be used for the rest of the communications.

## Digital Signatures

Digital signatures allow the owner to digitally sign a message. This proves authenticity, non-repudiation, and integrity. Authenticity and non-repudiation are done by confirming the data or message you have received are whom you think it has from integrity is achieved by confirming that the message was not altered during transit. If you cannot picture this quite yet, that is okay! I am going to show you an example: diagram of using digital signatures in just a few minutes when we talk about hashing so hold on. Okay, so you have heard me throw around the term non-repudiation a few times within this lesson. Non-Repudiation is assuring that the author of the message cannot later refute the fact that they sent the message they cannot disown it asymmetric. Encryption gives non- repudiation when a sender uses his or her private key to encrypt or sign a message. Besides the non-repudiation that is built into asymmetric encryption, there are sometimes added non-repudiation services that can be built into encryption and digital signatures. So, besides proof of origin, we can also get proof of integrity that the data has been received and has been received correctly. The one thing you need to be aware of is non-repudiation does not consider that a hooligan could have gained unauthorized access to someone’s computer and sent messages from there. So non-repudiation only works if the private key in the key pair is kept private, including someone using the computer in which it lives at this level of your security studies. You do not need to know how each algorithm mathematically works, but understanding the basics of the types of encryption methods will help you when choosing which algorithms to use for the different tasks in your environment.

## symmetric encryption methods

The first is a block cipher, which breaks data off into fixed lengths chunks of bits called blocks. Then these blocks are encrypted one block at a time. A common block size is 64 bits or 128 bits. If the last part of the message can only say, fill up 110 of the 128 bits, then that black needs to be padded to take up the last 18 bits, the padding can be zeros and ones or more complex, padding practices for each block. That is put through the encryption algorithm. The result is the same size blocks of ciphertext, so 64 bits of plaintext gives us 64 bits of ciphertext out. As I said, black ciphers are symmetric encryption methods which, as you know, means the same secret key is used for encryption and decryption the trick to keeping block ciphers and other symmetric key methods. Secure is not reusing keys anytime. There are two ciphertext blocks that were encrypted with the same key. This is a chance for an attacker to compare them and crack the encryption. Using initialization vectors to create a fresh key space every time a good block cipher does not allow someone to deduce the key from looking at the ciphertext and the outputted ciphertext needs to change dramatically. If the input change is just a little block, ciphers are slower than stream ciphers, which we will talk about next stream.

## Ciphers

Ciphers are another symmetric encryption method. This time a continuous stream of bits or bytes are encrypted one at a time, instead of block by block this result. In a faster encryption that uses less processing power than block ciphers, obviously, a secure stream cipher does not continuously use the same key, but even with initialization vectors and pseudo-random key generators. The key spaces will repeat eventually the longer the period before repeat the better. Now, on to an asymmetric encryption method, elliptic curve, cryptography, remember that we said that asymmetric is slower than symmetric, while elliptic curve was created to speed up asymmetric encryption. Eco has a compact mathematical design that allows stronger encryption with shorter keys. It does this by using elliptical curves instead of integers as keys because of its speed and flexibility. Eco has many varied implementations, including being used on mobile devices that notoriously have limited processing power and space quantum cryptography is a super geeky fun concept that uses physics instead of math. This is now an emerging and expensive concept, that is still being researched. It could be a complete meaningful change for cryptography or be quickly replaced by the next important thing. The physics concept behind how this works is that when we measured data, we disrupt the data line. If we want to know the temperature of water by putting a thermometer in the water, we will change the temperature ever so slightly. Quantum cryptography applies this concept to polarized photons, with polarization filters. We can force the photon to take one polarization or another. The thing about photons is that once the polarized, you cannot measure the direction of their polarization without repolarizing them in the process. Therefore, quantum cryptography allows us to tell if data with ease dropped on during transit, so a very simplified example would be to polarize the photons in one direction, for a zero in another direction for one and then send binary data. If someone were to eavesdrop on these photons, while they are being sent, the polarization would be changed, there is one commercially available implementation of quantum cryptography called quantum key distribution where polarized photons are used to distribute keys.

**Cryptographic hashing produces a one-way message, digest that is used for integrity and password storage. **

Now, let us tackle cryptographic hashing. This is not encryption or decryption. Hashing algorithms create a unique numeric hash value. That is like a summary or a digest of a message. The idea is that no two pieces of data can create the same hash value when running through the same hashing algorithm. Now it is possible for two different messages to get the same hash value as if a very small key is used or if a hacker is trying a collision attack. This is not really something to worry too much about, but do be aware that even hashes can be cracked. The most important thing to remember is that hashing is one way you cannot derive the plaintext from a hash value. Remember you can create a hash from a document. You cannot recreate the document from the hash, even if you have the key so instead of confidentiality, hashing is used for integrity. If we take a hash and then later take another hash. If those two hashes match, we know the data was safe. If data is changed, then taking the second hash will result in a different value, some uses for hashing our message, digests, which really is just a name for the hash value off. So digital signatures, which we will talk about next and message, authentication codes or ma is ma. C’S do not offer non-repudiation because they use a shared secret key, but they are less vulnerable to attacks where the hacker has access to the hashing algorithm and puts in their own plaintext to try to figure out the key. By what comes out, you may have seen hash values that go with files that you download from the internet, and you use the hash value to make sure that the file that you have downloaded has not been messed with, like malware, has not been added to it. Cryptographic, hashing is also used all the time for password storage, user passwords are hashed and then those hashes are what is stored in the database. This allows passwords to be stored securely, not in plaintext when a user enters their password. The entered value is hashed and then that hash value is checked against the stored hash. Therefore, many passwords cannot be retrieved only reset, because there is no overview of passwords anywhere. Really, no one knows it, but you.