Chase Sizemore
What is Cryptography?
🤐

What is Cryptography?

Tags
Cryptography
Computer Science
JavaScript
Published
September 15, 2023
Author
Chase Sizemore

What is Cryptography?

Cryptography is the intersection of mathematics, computer science, and information security focused on securing communication and information. Essentially, it's the method of making it difficult for unauthorized individuals to understand information. The objective is to allow two or more parties to communicate securely in a way that prevents third parties from deciphering the message. While the roots of cryptography can be traced back to ancient civilizations, it has evolved significantly in the digital age. Today, it is integral to secure online transactions, digital identities, and cybersecurity.
I first encountered cryptography as an undergraduate student at Columbia University, where I took a class in it. Cryptography can seem daunting as the theory behind it can be math-heavy, but by no means do you need a background in math to understand it!
 

An Early Example

To illustrate the purpose of cryptography, we will look at an early example. The Caesar Cypher is one of the simplest and oldest encryption techniques. Named after Julius Caesar, it was initially used to communicate between generals. The cipher works by shifting each letter in the original message with a letter found a fixed number of positions away in the alphabet. For example, with a shift of 3, the letter ‘A’ would be replaced by ‘D,’ ‘B’ would be replaced by ‘E,’ and so on.
notion image
 
While the Caesar Cipher serves as an excellent introduction to the encryption concept, it has flaws. The cipher is vulnerable to frequency analysis, a technique that involves analyzing the frequency of each letter in the encrypted message. Because the English language has a particular pattern in the frequency of letter use, it's often easy to crack the Caesar Cipher. Modern cryptographic methods have come a long way to address these vulnerabilities by employing more complex algorithms and multiple layers of encryption.
 

Modern Cryptographic Methods

While the Caesar Cipher and similar early cryptographic methods provided rudimentary security, advancements in technology and mathematics have led to far more robust cryptographic algorithms. Today's cryptography can broadly be divided into Symmetric Encryption and Asymmetric Encryption.
  1. Symmetric Encryption: In this method, the same key is used for encryption and decryption. This means that the sender and receiver must both have access to the same secret key. While symmetric encryption is generally faster and more straightforward, the challenge lies in securely sharing the secret key between parties. Algorithms like AES (Advanced Encryption Standard) are commonly used for symmetric encryption and are considered secure for most applications.
  1. Asymmetric Encryption: This method uses a pair of keys— a public key and a private key. The public key is used for encryption, while the private key is used for decryption. This eliminates the need to share a secret key, as only the recipient's private key can decrypt a message encrypted with their public key. RSA (Rivest–Shamir–Adleman) is one of the most well-known algorithms that use asymmetric encryption.
The choice between symmetric and asymmetric encryption depends on various factors including speed requirements, the number of parties involved, and the specific security needs of a system. Modern cryptographic techniques often employ a combination of both types to maximize security.
 

Real World Applications

While cryptography serves a wide range of purposes in our daily lives— from secure messaging and online transactions to the foundational technology behind cryptocurrencies— one of its most critical applications lies in authentication. Below, we'll explore how cryptographic methods, particularly hashing and salting, play an indispensable role in securely authenticating users.
In a digital world teeming with personal and professional services that require secure access, authentication is critical. But how can we ensure that the person attempting to log in is who they claim to be? This is where hashing and salting come into play.
Hashing transforms a user's password into a fixed-length string of characters, which appears random. The hash function ensures it's computationally challenging to reverse the process and retrieve the original password from the hash. If an unauthorized user gains access to a database containing hashed passwords, the hashes are useless without the ability to reverse them.
notion image
 
To further bolster the security of hashed passwords, a "salt," or a random data set, is added before the hashing process. The salt ensures that identical passwords will produce different hashes, making it far more difficult for attackers to use precomputed tables, known as rainbow tables, to reverse engineer the hash.
 
const crypto = require('crypto');

function hashPasswordWithSalt(password) {
  // Generate a random salt
  const salt = crypto.randomBytes(16).toString('hex');

  // Create a hash using SHA-256 and combine it with the salt
  const hash = crypto.createHash('sha256');
  hash.update(password + salt);

  // Convert the hash to a hexadecimal string
  const hashedPassword = hash.digest('hex');

  // Store both the salt and the hash for later use
  return { salt, hashedPassword };
}

const { salt, hashedPassword } = hashPasswordWithSalt('supersecretpassword');
//EX:
//Salt: 4f9d42c56e5ef4e0f01e26e2e279e433
//Hashed password: a3f8d7e1eeb5c4c08d20445b365e4e6fc7db3f0cd46f8d0a5c3d8d93d1a8ea72
In this JavaScript example, we first generate a random salt using the crypto.randomBytes() method. Then, we create a new SHA-256 hash using crypto.createHash(), and update it with the combination of the password and the salt. Finally, the hash is converted to a hexadecimal string using hash.digest().
The function returns both the salt and the hashed password, which you should store securely for later use. To authenticate a returning user, you would apply the same salt and hash function to the entered password and securely compare it to the stored hash.
 

Final Thoughts

From its historical origins in shifting alphabets to modern-day applications that secure our most sensitive data, cryptography has remained a cornerstone of secure communication and information storage. While the field is vast and touches upon various aspects of our lives, its role in user authentication is particularly critical. Through techniques like hashing and salting, cryptography helps in safeguarding digital identities, ensuring that our personal information remains confidential and secure. Understanding and implementing these cryptographic methods aren't just for experts; they're a fundamental part of how we interact with digital platforms today. By demystifying these concepts, we empower ourselves to navigate our digital world safely and confidently.