Back to Cybersecurity

Module 3: Cryptography

Master encryption, hashing, digital signatures, and secure communication protocols.

What is Cryptography?

Cryptography is the art of secret writing - transforming readable data into unreadable format to protect confidentiality. It's the foundation of secure communication online.

Symmetric Encryption

Same key for encryption and decryption - like a house key that locks and unlocks.

AES Encryption Example (Node.js):

const crypto = require('crypto');

// Encrypt

const algorithm = 'aes-256-cbc';

const key = crypto.randomBytes(32);

const iv = crypto.randomBytes(16);

const cipher = crypto.createCipheriv(algorithm, key, iv);

let encrypted = cipher.update('Secret message', 'utf8', 'hex');

encrypted += cipher.final('hex');

// Decrypt

const decipher = crypto.createDecipheriv(algorithm, key, iv);

let decrypted = decipher.update(encrypted, 'hex', 'utf8');

decrypted += decipher.final('utf8');

✅ Pros:

  • • Fast performance
  • • Good for large data
  • • Less computational overhead

❌ Cons:

  • • Key distribution problem
  • • Need secure channel to share key
  • • One key per pair of users

Asymmetric Encryption

Public key encrypts, private key decrypts - like a mailbox (anyone can put mail in, only you can take it out).

RSA Example:

// Generate key pair

const { publicKey, privateKey } = crypto.generateKeyPairSync('rsa', {

modulusLength: 2048

});

// Encrypt with public key

const encrypted = crypto.publicEncrypt(publicKey, Buffer.from('Secret'));

// Decrypt with private key

const decrypted = crypto.privateDecrypt(privateKey, encrypted);

Common Algorithms:

  • RSA: Widely used, 2048-4096 bit keys
  • ECC (Elliptic Curve): Smaller keys, same security
  • Diffie-Hellman: Key exchange protocol

Hash Functions

One-way functions that create fixed-size fingerprints of data. Can't reverse to get original.

Password Hashing with bcrypt:

const bcrypt = require('bcrypt');

// Hash password

const saltRounds = 10;

const hash = await bcrypt.hash('myPassword123', saltRounds);

// Verify password

const match = await bcrypt.compare('myPassword123', hash);

if (match) { console.log('Password correct!'); }

SHA-256

General purpose, fast, widely used.

bcrypt

Password hashing, slow by design.

Argon2

Modern, memory-hard, best for passwords.

Digital Signatures

Prove authenticity and integrity - like a wax seal on a letter.

1. Hash the message

Create a digest of the data.

2. Encrypt hash with private key

This creates the signature.

3. Verify with public key

Recipient decrypts and compares hashes.

TLS/SSL Protocols

Secure communication over the internet - the padlock in your browser.

TLS Handshake Process:

  1. 1. Client Hello (supported ciphers)
  2. 2. Server Hello (chosen cipher, certificate)
  3. 3. Client verifies certificate
  4. 4. Key exchange (Diffie-Hellman)
  5. 5. Encrypted communication begins

Cryptography Best Practices

✅ Do:

  • • Use established libraries
  • • Keep keys secure
  • • Use strong key sizes
  • • Rotate keys regularly
  • • Use TLS 1.3

❌ Don't:

  • • Roll your own crypto
  • • Use MD5 or SHA-1
  • • Store keys in code
  • • Use weak passwords
  • • Ignore certificate errors

📚 Module Summary

You've mastered cryptography fundamentals:

  • ✓ Symmetric encryption (AES)
  • ✓ Asymmetric encryption (RSA, ECC)
  • ✓ Hash functions and password hashing
  • ✓ Digital signatures
  • ✓ TLS/SSL protocols
  • ✓ Best practices

Next: Learn web application security!