A Beginner’s Guide to Cryptography & Some Useful Resources

Cryptography is a method of secret communication that uses ciphers and decryption to encode and decode information. It is used to encrypt and decrypt data using mathematical equations. It’s employed in various applications, including email, file sharing, and secure communications.

A Beginner’s Guide To Cryptography

Cryptography is used all around us. But what is cryptography? In this article, I’ll explain what cryptography is, and how it’s used to protect your personal information.

@CLHauk Updated: February 11, 2022

Data Encryption Icon

E ven though you might not be aware of it, you encounter cryptography multiple times a day. Heck, whether you realize it or not, you may have even used cryptography yourself to send “secret” notes to your friends in grade school.

Cryptography - screenshot 2

Whether you’re pumping gas at the gas pump, ordering something from Amazon, paying for your groceries with a credit card, or watching a movie you’ve rented from iTunes, cryptography protects your information every step of the way.

But if you think that the subject of cryptography is better left to developers, hackers, and the battles between Apple and the FBI, you’re wrong.

You need to understand what cryptography (encryption) is, how it’s used to protect your data both on the net and on your devices, and how you can take advantage of it to keep your valuable information safe from prying eyes.

If you don’t, you’re leaving yourself open to the bad guys.

In this article, I’ll go over how cryptography has been used (even in the days before computers), how it works, why it matters, and the types of cryptography used today.

I will also explain how cryptography is used in today’s world, how you can use it to protect yourself online and offline, and why cryptography isn’t a perfect solution to your data protection needs.

The History of Cryptography

The history of cryptography goes back way beyond the advent of the computer – or any machine, for that matter.

Clay tablets from Mesopotamia, from around 1500 BC, show signs of encryption being used to protect information . The tablets record a craftsman’s formula for pottery glaze. It is believed the tablets were encrypted to protect the potter’s formula from being stolen for commercial reasons.

Hebrew scholars are also known to have made use of a simple alphabetical substitution cipher around 500 to 600 BC . An alphabetical substitution cipher is a simple code where a letter in the alphabet is replaced by a different letter. For example: A = Y, B = W, C = G, etc. More about this later.

Wartime Use of Cryptography

Cryptography came into its own in times of war. During the American Revolutionary War, which took place in the late 1700s, British forces used various forms of cryptography to communicate between generals .

Using ciphers, the British army could encode messages to be delivered to generals on the battlefield with no fear that the plans might fall into enemy hands or that a messenger might read it and leak the information to the other side.

The cipher used to encode the messages was shared with only the most trusted members of the British military, keeping the information safe from being stolen by the opposing army.

While the British successfully used a particular cipher for an extended period of time, American forces were eventually able to crack the cipher being used, allowing them to learn of British attack plans.

By the time of the Second World War, mechanical and electromechanical cipher machines were being used widely by all of the major participants in the conflict.

Perhaps the best-known cipher machine used during World War II was one used by the Germans in various versions: an electro-mechanical rotor cipher machine known as the Enigma machine .

The country used the device to encode their battle plans and other sensitive communications for much of the war.

Cryptography - screenshot 3

English mathematician/cryptanalyst Alan Turing worked during the Second World War to create techniques to break several of the German ciphers. Turing played a crucial role in cracking the coded messages that allowed the Allies to defeat the Nazis in many critical battles.

Many believe Turing’s work shortened the war in Europe by over two years, saving more than 14 million lives.

Modern Uses of Cryptography

Stepping forward to more modern times, cryptography is used by banks, credit unions, and other financial institutions to encrypt data sent between banks, credit card companies, their customers, and other businesses.

Cryptography protects the data both during transmission and when it is saved in large databases.

When you swipe your credit card at a grocery store to pay for your food purchase, the information stored on the card’s magnetic strip or embedded chip is encrypted.

The encrypted information is transferred to the payment processor, who checks to make sure your credit card limit hasn’t been reached (with another encrypted transmission) and then replies with an encrypted approval code.

Cryptography - screenshot 4

A similar activity takes place when you use other forms of payment, such as a debit card, or NFC-based forms of “touchless” payment systems, like Apple Pay or Google Pay.

Without the use of encryption, data breaches would be so common that they would likely happen on a daily or even hourly basis, instead of the monthly occurrences they seem to be in recent times.

The data breaches that do hit the news on a regular basis can usually be attributed to a lack of proper encryption or to the use of a particularly weak form of cryptography to protect the data.

How Does Cryptography Work?

In this section, I’ll be taking a look at how cryptography works. I’ll demonstrate how a plaintext message is encrypted and stored as ciphertext data. I’ll then explain how ciphertext is decrypted back into plaintext when that step is required.

Before we begin, let me go over key vocabulary, so that we’re all on the same page.

Encryption is the process of making a plaintext (readable) message into a ciphertext (unreadable) message, which is a message that is unintelligible to outsiders who don’t possess the secret “key” to “unscramble” the message.

Decryption is the process of using a secret key to “unscramble” ciphertext and turn the information into readable plaintext once more.

A cipher is an algorithm used to encrypt and decrypt a message.

Cryptography - screenshot 5

To demonstrate how everything works, I’ll use a simple encoding method many of us may have used in our younger days to send and receive “secret” messages from our friends.

The encryption method I’ll demonstrate is a simple letter shift cipher, where each letter of the alphabet is replaced by another letter.

A letter shift cipher is known as “ Caesar’s cipher ,” named for Julius Caesar, who was the first recorded person to use it.

My example will remind older readers of the code card they received when they joined the “ Supermen of America ” club from the back of Superman and Action Comics magazines.

Cryptography - screenshot 6

A Caesar’s cipher is a substitution cipher that replaces each letter in the original message with a letter corresponding to a certain number of letters up or down in the alphabet. In this case, I’ll keep things simple, and only shift up one letter from the original letter.

By applying the cipher, we could turn a plaintext message like “The Bat flies at midnight” into an “encrypted” message of “Uif Cbu gmjft bu njeojhiu.” Did you just get a chill down your spine? I know I did.

True, this is a very simple cipher and could be decoded by your average 8-year-old in just a few minutes. However, it is an excellent example of how cryptography works.

Polymorphism

If you wanted to throw that nosy 8-year-old off your scent, you could apply another layer of encryption to the message, which is called “ polymorphism .”

While the subject goes much deeper than I’ll dig in this section, it’s important to understand in order to understand modern cryptographic methods. Simply put, polymorphism is a cipher that changes itself every time it is used .

So, if we took our coded message and ran it through our encryption algorithm again, shifting by one letter once again, then the word “bat” in our plaintext message, which was encoded to “cbu” in our encrypted message, would be changed to “dcv” the second time around.

Only a user with the knowledge that the message had a polymorphic cipher applied to it would be able to decrypt the message back to its original form. Now we’re talking about at least the brainpower of a 9-year-old to be able to successfully decrypt the message.

Okay, I was a bit simplistic in that explanation, but I wanted to explain how cryptography worked in the simplest way possible.

In the next sections of this article, we’ll see that the actual encryption ciphers used to protect your data in today’s hacker-heavy world are much more complicated and tougher to decode.

Why Is Cryptography Important?

Cryptography is arguably the best method available today for protecting security-sensitive data.

The unique “code/key/calculations” combination required to encrypt and decrypt data makes the technique an efficient method for keeping information protected from prying eyes.

The heavy usage of the internet for business and personal communications makes encryption a must for any sensitive data.

Without cryptography, any message you send on the internet could be intercepted and read . Everything from a private message to your spouse to the information about your bank account would be open to public examination.

What Types of Cryptography Are Used Today?

There are 4 types of cryptography in use to protect data in today’s always-online world.

All 4 cryptography methods have advantages and disadvantages. In this area, I’ll take a look at all 4 methods, explain how they work, and disclose their pros and cons.

Hashing

Hashing is a function designed to take a message string of any length and produce a fixed-length hash value. The reason to use hashing is not to hide the information included in the string but to instead verify the string’s contents.

Hashing is most commonly used to protect the transmission of and verify software downloads. A vendor will calculate a hash for a downloadable file and publish the hashed checksum string.

When a user downloads the file, they can run it through the same hashing algorithm. If the hashed checksum strings match, then the download is complete and the file is authentic .

If there is a variation between the two checksums, it indicates that either the download did not complete properly, or it was intentionally modified by an outside party .

Hashing is a particularly good way to verify downloads of operating system software, as well as the Windows .ISO files, or Mac .DMG files used to install apps.

A demonstration of how it works is shown in the screenshot below. If a user wanted to verify that the movie quote below was the exact one sent by their movie-loving friend, they would run the quote through the SHA-256 Hash Calculator to verify it.

Cryptography - screenshot 7

If the message has been modified during transmission – even by only one character! – it will show a vastly different hash, as seen below, indicating that the message has been changed.

Cryptography - screenshot 8

In the past, the most common hashing algorithms in use were MD5 and SHA-1 . However, both algorithms have been discovered to have multiple security flaws, so many users are now using SHA-256 in their place.

Advantages

Hashing is a great way to ensure the integrity of a message or a downloaded file. If the hashed value for a file matches on both ends of a transmission, the user can feel secure that the file has been completely downloaded and has not been tampered with.

Disadvantages

Hashing doesn’t actually encrypt a file. This is better left to the types of cryptography I’ll be discussing in the following sections.

Symmetric Cryptography

Symmetric cryptography is one of the simplest types of encryption, as it involves the use of only one secret key to both encrypt and decrypt data. This is one of the oldest and best-known methods of encryption available today.

Symmetric cryptography uses a secret key, which can be a number, word, or string of random letters. The key must be known to both the sender and the recipient in order to complete the process.

Cryptography - screenshot 9

The example I used earlier, relating to how cryptography was used during the Revolutionary War for sending messages to generals on the battlefield, is an example of symmetric cryptography.

This method of cryptography is easy to use due to the simplicity of all parties using a single key.

There is also a slight advantage in speed, as a single key is used for encryption/decryption, reducing the mathematical complexity of the process.

Symmetric cryptography isn’t generally used for sending messages over the internet, as the key needs to be sent separately. If a third party were to somehow obtain the key, they would be able to view the encrypted data.

It’s a Catch-22: If you want to send encrypted messages in order to keep the contents hidden from prying eyes, you have to first send an unencrypted message that is completely visible to those same prying eyes. That makes this method extremely insecure.

That’s why symmetric cryptography is usually used to encrypt local databases, such as those found on a server’s hard drive or the data in your iPhone.

Asymmetric Cryptography

Asymmetric cryptography uses two separate keys: one for encryption and the other for decryption.

Asymmetric cryptography uses both a private and a public key.

The public key is used to encrypt the message or other data, while the private key is used to decrypt the information. A message encrypted using a public key can only be decrypted by using the private key.

Cryptography - screenshot 10

The public key can be made freely available to anyone who wants to send you a message, while the private key is a secret that only you know. While this is a bit more complicated, it provides an added level of security over symmetric encryption.

Just a few popular uses of asymmetric encryption include sending emails and attachments, connecting to remote servers, and accessing secure websites. (The URL for a secure website begins with “https://” – more about that later.)

Advantages

Asymmetric cryptography is more secure than symmetric cryptography due to its use of public and private keys for the cryptography process.

It eliminates the need to share a single key, making it more secure than symmetric cryptography.

Disadvantages

Asymmetric cryptography is a more mathematically complex form of cryptography than symmetric, with more overhead, meaning the encryption and decryption processes take longer, slowing data transmission by a bit.

This is why, when you use a VPN to protect your internet connection, the asymmetrically encrypted connection speed is slower than your normal, ISP-only speeds.

Also, if you were to lose your private key, it would be impossible to decrypt any ciphertext you might receive, leaving the information permanently unreadable.

Key Exchange Algorithms

Cryptography using key exchange algorithms isn’t used much by individuals outside of the cyber-security industry. However, I’m going to give you a brief overview of this method, so you’ll gain an understanding of this public-key cryptography.

Key exchange algorithms allow for the safe exchange of encryption keys with an unknown party. Users don’t share information during the key exchange. The end goal is to create a custom encryption key that can be used by both parties at a later date.

Perhaps the best-known key exchange algorithm is Diffie-Hellman .

Diffie-Hellman establishes a shared secret between two users that can then be used to exchange secret information over a public network.

The Diffie-Hellman wiki page, linked above, provides a simplified conceptual diagram, as well as a mathematical explanation, complete with technical jargon. For the sake of simplicity, I’ll be going over the simplified diagram, which uses colors instead of numbers.

To begin the process, two parties – let’s call them Alice and Bob – agree on a color that, while it doesn’t need to be kept secret, should be different every time. In the diagram below, that color is yellow.

Cryptography - screenshot 11

Now, each party selects a secret color that they keep to themselves. In the diagram, Alice has selected orange, and Bob has reached into his color palette and selected blue-green.

Alice and Bob now mix their secret color with the mutually selected color – yellow – which results in Alice having an orange-tan paint mixture, while Bob comes up with a light blue mixture. The two now publicly exchange the two mixed colors.

In the final step, each of the two mixes the color they received from the other party with their own, private color. The result is that both wind up with a rather putrid, yellow-brown mixture that is identical to their partner’s color.

If a third party attempted to eavesdrop on the color exchanges, it would be difficult to detect the secret color of each user, making it impossible to come up with the same final paint mixture.

In real life, the above process would use large numbers instead of colors, as computers could easily do the required computations in a short period of time.

Advantages

In real-life applications, key exchange algorithms would use large numbers raised to specific powers to create keys. This alone makes the process of breaking the code mathematically overwhelming.

Disadvantages

Communications using these algorithms are vulnerable to “Man-in-the-Middle” attacks. Ideally, this method should be used in conjunction with other authentication methods, such as a digital signature.

How Is Cryptography Used in Security? (AKA “Cryptographic Functions”)

Okay then, all of this cryptography stuff is pretty cool, but how is it used in today’s modern world?

I’m glad you asked.

There are 4 main ways that cryptography is used to ensure data security. These are called “cryptographic functions.”

Authentication

Authentication, simply put, is a process put in place to ensure that the parties on both ends of the connection are actually who they claim to be.

You encounter at least one type of authentication used on the web whenever you use a secure website, such as your company’s intranet site or even Amazon.

Secure websites use what is called an SSL certificate , which provides proof that the owner of the website owns a public cryptography key and shows that a user is connected to the correct server.

Depending on the browser they use, an online user will see a closed padlock or a green URL (or both) to indicate that the website they are connected to is the one it claims to be.

Cryptography - screenshot 12

This is particularly valuable when you’re shopping online, or you’re doing your banking or bill-paying online. This helps ensure that you’re not handing your banking or credit card info over to a hacker.

Another example of cryptography being used for authentication purposes is Pretty Good Privacy , which is a freeware software package that is used to provide encryption and authentication for messaging, digital signatures, and data compression, as well as emails and their attachments.

Non-repudiation

In the early days of online financial and e-commerce dealings, some users would approve an online transaction, then later claim they had never approved the transaction.

Cryptographic non-repudiation tools were created to ensure that a specific user had indeed made a transaction, which could not be disclaimed later on for the purposes of a refund.

This prevents online banking users from authorizing a funds transfer to an outside account, then coming back a few days later claiming they had not made the transaction and demanding the money be refunded to their account.

A bank can prevent the above attempt to steal funds by putting the correct non-repudiation measures in place, which can consist of hashed data, digital certificates, and more.

Confidentiality

Confidentiality, or keeping your private data private, is one of the most important security applications for any user.

Today’s constant data breaches, which are usually due to a lack of proper cryptography for the task at hand, make the appropriate use of cryptography a must for any secure process.

Integrity

Cryptography can ensure that no one can change or view data while it’s in transit or in storage.

Cryptography can ensure that a rival company, or any other party hoping to profit from data tampering, cannot screw around with a company’s sensitive data and internal correspondence.

How Can Cryptography Be Used by Average Users?

As I mentioned at the beginning of this article, you make use of cryptography every day. Buying groceries with a credit card or Apple Pay, streaming a movie on Netflix, or simply connecting to your home or office Wi-Fi requires the use of cryptography.

While it’s true that your daily life is already protected to some extent by cryptography, there are ways to use it to add another layer of security to your everyday activities.

Virtual Private Networks (VPNs)

A Virtual Private Network (VPN), such as NordVPN , encrypts your internet connection, preventing any outsiders from monitoring your online activities or stealing any of your valuable personal or business-related information.

A VPN encases your internet connection in a tunnel of encryption, which acts like a subway tunnel does for a subway train. What I mean is that, while you may know that there are subway trains in the tunnel, you don’t know where they are, how many cars are on the train, or where the train is headed.

A VPN provides similar protection, as your Internet Service Provider, government, law enforcement agencies and the shifty-looking guy at Starbucks can’t tell which websites you’re visiting or which files you’re downloading.

Cryptography - screenshot 13

Recently, VPNs have become a favorite tool for online users who want to protect their online antics from being observed by outsiders.

For more information about VPNs and the many ways they can protect and enhance your online activities, visit the VPN section of my website .

HTTPS Everywhere

Let’s try something “fun.” How about you log into your bank’s website, then go get the next-door neighbor you’ve never even talked to, and allow them to sit down at your computer and begin browsing through your checking account info.

That would be weird (and a bit reckless), right? However, you’re doing something similar if you’re conducting business on websites that aren’t protected via an encrypted HTTPS connection.

HTTPS (the “S” stands for “secure”) offers a layer of encryption, protecting any data you receive or send to the website from outside monitoring. This includes your login information, your account numbers, and any other type of info you wouldn’t normally share with your next-door neighbor.

When you’re connected to a secure website, you’ll see a little green padlock in the address field, and the URL will begin with “https://”, as shown below.

Cryptography - screenshot 14

While a modern, well-designed website should provide HTTPS protection on every page, many don’t, which can leave your private information up for grabs.

Luckily, Chrome, Firefox, and Opera users can use a free, open-source browser extension called “ HTTPS Everywhere ,” which enables a full-time HTTPS connection for websites that support HTTPS.

Cryptography - screenshot 15

Using the extension ensures that you’ll be protected by HTTPS during your entire journey through a website, even if the page isn’t normally secured.

Safari and Internet Explorer are left out when it comes to HTTPS Everywhere. Sorry, folks.

Encrypt Your Computer or Mobile Device

While your Windows or Mac computer might be protected with a login password, did you know that data can still be retrieved from its hard drive if you haven’t encrypted it?

Luckily, there are applications available on both platforms that use AES encryption to encrypt your drive, keeping them safe from anyone who doesn’t know the decryption password.

Be sure to use a password you can remember, or put the password in a safe place – such as a password manager app on your mobile device – because if you forget the password, you are royally screwed.

Mac users can make use of the built-in encryption package, included with macOS, called FileVault 2 . FileVault is available in Mac OS X Lion or later.

Cryptography - screenshot 16

Windows users can use BitLocker , which is Windows 10’s built-in drive encryption feature.

Most Android device users can turn encryption on for their device by making a few changes in the Settings menu. Encryption is not turned on by default, so make sure to follow the steps found here to protect your device.

iOS users are protected by in-device encryption by default ever since the release of iOS 8. If you lock your iOS device using a passcode or fingerprint, encryption is enabled.

Is Cryptography Foolproof? Can It Be Cracked?

Hopefully, by now, you have a good understanding of how cryptology works, and how it protects you and your precious data. However, I don’t want you to be lulled into a false sense of security.

Although cryptography increases your security level, nothing can provide a total level of security, as attacks on the Broward Health , Ashley Madison , and Target department stores should prove.

It should be noted that many of the “hacks” in cases like these were successful due to a lack of proper cryptography usage on the target’s end of things.

Don’t lay awake at night wondering if a hacker is working at that moment to steal the $187.46 you have in your savings account. But also don’t simply give up, not taking the proper precautions to protect your information. You should continue to use encryption whenever it is available.

Beginner’s Guide To Cryptography FAQs

What is the Best Way to Learn Cryptrography for Beginners?

There are numerous books, videos, and online tutorials that will teach beginners about cryptography. It wouldn’t surprise me if there is a “Cryptography for Dummies” book or ebook available from Amazon and other sources.

Where Can I Find an Encryption Guide?

Encryption guides are available as online videos, training, and other sources. You’ll find that there are numerous encryption guides available in both physical book and ebook form.

Conclusion

In this article, we’ve taken a look at the history of cryptography, how it works, what types of cryptography are available, and how they protect you in your daily life.

While there are a number of ways to enable cryptography to protect your information, perhaps the best way to ensure a secure layer of encryption to all of your online activities is to use a quality VPN provider, like NordVPN , or any of the other VPNs that I have reviewed on my website .

Stay safe out there, my friends!

  • The History of Cryptography
  • How Does Cryptography Work?
  • Why Is Cryptography Important?
  • What Types of Cryptography Are Used Today?
  • How Is Cryptography Used in Security? (AKA “Cryptographic Functions”)
  • How Can Cryptography Be Used by Average Users?
  • Is Cryptography Foolproof? Can It Be Cracked?
  • Beginner’s Guide To Cryptography FAQs
  • What is the Best Way to Learn Cryptrography for Beginners?
  • Where Can I Find an Encryption Guide?
  • Conclusion

A Beginner’s Guide to Cryptography & Some Useful Resources

Interested in learning more about cryptography? We take a look at what cryptography is, common types of cryptography and how you can further your knowledge in this field.

@davealbaugh2 UPDATED: September 28, 2022

Beginner

If you’re vaguely aware of cryptography, you may know that it has something to do with secret messages. While this is true, the field of cryptography has a wider focus, which can be summed up by the question:

  • How can we keep our information and communications secure from attackers?

A big part of cryptography involves finding out ways that we can keep our messages secret from adversaries that may be eavesdropping on us. This involves finding mechanisms that can grant us confidentiality. Much of this is accomplished through encryption, which involves encoding information with algorithms so that attackers are unable to read it.

But cryptography is about more than just encryption for keeping our data confidential. If we return to our initial question, we want to keep our information and communications secure from attackers. This can’t be accomplished by encryption alone. Consider the following scenario:

You have a top-secret message you need to send to your friend. You spend months reading up on encryption and all of the state-of-the-art practices so that you can build your own encrypted channel between you and your friend. You’ve checked and double-checked it, and everything is perfect, so you send your friend the top-secret message. Unfortunately, it’s not actually your friend on the other end. Instead, an attacker received your top-secret message, and all of your plans are ruined.

Would you consider the above situation secure? Of course not. Despite using all of the correct encryption protocols, your data ended up right in the hands of an adversary. Sure, your encryption did a good job of keeping other parties out of the channel, but it forgot something incredibly important—to authenticate that the party on the other side of the channel is really who they say they are.

Authentication plays a major role in keeping our communications secure. It doesn’t matter how good your encryption is at keeping third-parties from eavesdropping if you don’t authenticate your communications partner properly. Without authentication, you could be sending data straight to an enemy, just like in our example. In cryptography, authentication is accomplished through certificate systems and mechanisms like digital signatures and public-key encryption.

Other critical aspects of security can include integrity and non-repudiation. Integrity processes allow recipients to verify whether information has been tampered with since it was sent, while non-repudiation removes the sender’s ability to deny that they were responsible for sending something.

The mathematical concepts, protocols and other mechanisms that can grant us confidentiality, authenticity, integrity and non-repudiation are all aspects of cryptography. Some of the most common elements of cryptography include:

Hashing

Hashing is changing a message into an unreadable string not for the purpose of hiding the message, but more for verifying the contents of the message. This is most commonly used in the transmission of software or large files where the publisher offers the program and its hash for download. A user downloads the software, runs the downloaded file through the same hashing algorithm and compares the resulting hash to the one provided by the publisher. If they match then the download is complete and uncorrupted.

In essence, it proves that the file received by the user is an exact copy of the file provided by the publisher. Even the smallest change to the downloaded file, by either corruption or intentional intervention, will change the resulting hash drastically. Two common hashing algorithms are MD5 and SHA.

Symmetric cryptography

Symmetric cryptography uses a single key to encrypt a message and also to then decrypt it after it has been delivered. The trick here is to find a secure way of delivering your crypto key to the recipient for decrypting your message to them. Of course, if you already have a secure way to deliver the key, why not use it for the message as well? Because encryption and decryption with a symmetric key is quicker than with asymmetric key pairs.

It is more commonly used to encrypt hard drives using a single key and a password created by the user. The same key and password combination are then used to decrypt data on the hard drive when needed.

Asymmetric cryptography

Asymmetric cryptography uses two separate keys. The public key is used to encrypt messages and a private key is used to then decrypt them. The magic part is that the public key cannot be used to decrypt an encrypted message. Only the private key can be used for that. Neat, huh?

This is most commonly used in transmitting information via email using SSL, TLS or PGP, remotely connecting to a server using RSA or SSH and even for digitally signing PDF file. Whenever you see an URL that starts with “https://”, you are looking at an example of asymmetric cryptography in action.

An extreme example of how all three can be used goes something like this: your company’s accounting officer needs to get budget approval from the CEO. She uses her symmetric private key to encrypt the message to the CEO. She then runs a hash on the encrypted message and includes the hash result in the second layer of the overall message along with the symmetric key. She then encrypts the second layer (made up of the encrypted message, the hash result and the symmetric key) using the CEO’s asymmetric public key. She then sends the message to the CEO. Upon receipt, the CEO’s asymmetric private key is used to decrypt the outer most layer of the message. He then runs the encrypted message through the same hashing process to get a hash result. That result is compared to the now decrypted hash result in the message. If they match, showing that the message has not been altered, then the symmetric key can be used to decrypt the original message.

Of course, that would all happen automatically, behind the scenes, by the email programs and the email server. Neither party would actually see any of this sort of thing happening on their computer screen.

Obviously, there is a lot of math involved in converting a message, like an email, into an encrypted signal that can be sent over the internet. To fully understand cryptography requires quite a bit of research. Below are some of the most often referenced websites, books and papers on the subject of cryptography. Some of these resources have been in active use for close to 20 years and they are still relevant.

Cryptography Courses

If you are new to cryptography, one of the best ways you can learn is by taking Dan Boneh’s free Cryptography I class on Coursera. Dan Boneh is a professor at the Computer Science Department of Stanford University. His research specializes in the applications of cryptography to computer security.

Cryptography I delves into cryptographic systems and how they can be used in the real world. It shows you how cryptography can solve various problems, such as how two parties can establish a secure communication channel, even if they are being monitored by attackers. The course covers numerous protocols, as well as more advanced concepts like zero-knowledge proofs. It’s a great introduction for those with limited prior knowledge.

Another good resource is David Wong’s videos, which often explain more technical concepts in detail. While his work can be a useful resource, it is not comprehensive or the best place to build up a foundation.

Newsgroups

Newsgroups are community-generated feeds hosted on Usenet. To view them, you’ll need a newsreader app. Read more about how to get set up with Usenet here and see our roundup of the best Usenet providers here.

  • sci.crypt – Possibly the first newsgroup dedicated to cryptography. Please take with a grain of salt as anything that has been around as long as sci.crypt has been is bound to attract nuts, hoaxes and trolls.
  • sci.crypt.research – This newsgroup is moderated and not as prone to hoaxes as some others
  • sci.crypt.random-numbers – This newsgroup was created to discuss the generation of cryptographically secure random numbers
  • talk.politics.crypto – This newsgroup was created to get all the political discussions off of sci.crypt
  • alt.security.pgp – And this newsgroup was created to discuss PGP way back in 1992

And a bonus Google group:

  • Google Groups sci.crypt – A Google group trying to emulate the original sci.crypt newsgroup

Websites and organizations

  • A good explanation of how RSA works
  • PGP – A site dedicated to Pretty Good Privacy
  • Cryptography World has their “Cryptography made easier” site available
  • International Association of Cryptologic Research
  • The CrypTool Portal

People of Note

  • Bruce Schneier – schneierblog on Twitter
  • John Gilmore
  • Matt Blaze – @mattblaze on Twitter & flickr/mattblaze
  • David Chaum
  • Ronald L. Rivest
  • Arnold G. Reinhold
  • Marcus Ranum

FAQs about cryptography

How does cryptography work?

Cryptography is a method of secret communication that uses ciphers and decryption to encode and decode information. It is used to encrypt and decrypt data using mathematical equations. It’s employed in various applications, including email, file sharing, and secure communications.

What are the benefits of cryptography?

Cryptography has several advantages, including data security and authentication. Data security is one of the key advantages of cryptography. It secures information against unlawful access while also allowing only authorized users to access it. Authentication is another advantage of cryptography. For example, it may be used to verify a sender’s or receiver’s identity. A final benefit of using its algorithms is non-repudiation. This implies that a message’s transmitter cannot deny sending it, and its recipient cannot deny receiving it.

What are the challenges of cryptography?

Cryptography can be vulnerable to attacks, its algorithms can be broken, and keys can be stolen. Cryptography is also computationally intensive, making it difficult to use in some applications. Additionally, it can be subject to government regulations.

Newsletters

  • Crypto-Gram by Bruce Schneier
  • Cryptobytes – The full archive of RSA Labs newsletter on cryptography – last published in Winter 2007 – Vol 8 No. 1

Books

  • Applied Cryptography: Protocols,Algorithms and Source Code in C – Bruce Schneier, 20th Anniversary Edition
  • Handbook of Applied Cryptography is now available as a downloadable PDF file
  • Building in Big Brother: The Cryptographic Policy Debate is available through several university libraries
  • Cryptography Engineering: Desigh Principles and Practical Applications – Niels Ferguson, Bruce Scheier, Tadayoshi Kohno
  • Practical Cryptography – Niels Ferguson, Bruce Schneier
  • Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World – Bruce Schneier

Papers

  • Chaffing and Winnowing: Confidentiality without Encryption by Ron Rivest – CryptoBytes (RSA Laboratories), volume 4, number 1 (summer 1998), 12–17. (1998)
  • Computer Generated Random Numbers by David W. Deley
  • The Crypto Anarchist Manifesto by Tim C. May
  • Diceware for Passphrase Generation and Other Cryptographic Applications by Arnold G. Reinhold
  • The Dining Cryptographers Problem: Unconditional Sender and Recipient Untraceability by David Chaum, J. Cryptology (1988)
  • The Magic Words are Squeamish Ossifrage by D. Atkins, M. Graff, A. Lenstra, and P. Leyland
  • The Mathematical Guts of RSA Encryption by Francis Litterio
  • One-Time Pad FAQ by Marcus Ranum
  • P=?NP Doesn’t Affect Cryptography by Arnold G. Reinhold
  • Survey on PGP Passphrase Usage by Arnold G. Reinhold
  • TEMPEST in a Teapot by Grady Ward (1993)
  • Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms by David Chaum, Communications of the ACM
  • Why Are One-Time Pads Perfectly Secure? by Fran Litterio
  • Why Cryptography is Harder Than It Looks by Bruce Schneier

What’s in this article?

  • Hashing
  • Symmetric cryptography
  • Asymmetric cryptography
  • Cryptography Courses
  • Newsgroups
  • Websites and organizations
  • People of Note
  • FAQs about cryptography
  • How does cryptography work?
  • What are the benefits of cryptography?
  • What are the challenges of cryptography?
  • Newsletters
  • Books
  • Papers