The word "cryptography" comes from the Latin words for "secret writing." It relates to the science of concealing the meaning of something. In a modern-day sense, the word cryptography often relates to information security — the means by which digital files or transmissions are secured so that they are only visible to authorized users.
The Origins of Modern Cryptography
Egyptians were known to use codes as early as 1900 BCE, although these were thought to be recreational, rather than designed for serious security purposes. The ancient Greeks and the Romans had methods of codes and ciphers, while the Arabs were the first to use cryptography in a way that we would recognize today, around 1,000 years ago.
Early attempts at cryptography were often inspired by war. Messages would be encoded as a way to communicate without interception by the enemy. In the modern world, millions upon millions of secure, encoded transmissions happen online each day -- and cryptographic standards are used to protect everything from banking data to health information, and even simple instant messaging.
Classical Encryption Techniques
- Classical Encryption Techniques Explained at Purdue University (PDF): these lecture notes describe historical encryption methods, and explains how many of them are still used today.
- Analysis and Elements of Various Classical Encryption Techniques (PDF): this presentation provides detailed historical information on various forms of encryption.
- Introduction to Classical Cryptography by Noted Textbook Author: this overview explains how classical cryptography techniques relate to the modern day.
- Integration of Classical and Modern Encryption Techniques (PDF): this research report seeks to discover and discuss effective ways to integrate classical and new encryption.
Why Cryptography is Critical Now
Without cryptography, ecommerce as we know it would be impossible. Most of the other information exchanges online would be fraught with risk; the simple act of using social media could be a treacherous proposition. The methods we now use to encrypt even the simplest kind of information are incredibly sophisticated, in an attempt to outpace malicious users.
Developers have three potential ways to encrypt data: a secret key system, a public key system, or a hash function. All of these have their own pros and cons. Additionally, many of the methods we use today involve uncrackable ciphers — or systems that are equivalent to being uncrackable. For example, the AES256 algorithm is one of the most commonly used encryption algorithms on the planet; it would take billions of years for a supercomputer to crack the code.
Hackers are constantly looking for ways to bypass security, meaning no system should ever be considered impenetrable. Constant evolution is essential. In many cases, it's easier to simply trick a user into revealing their password or key, rather than trying to solve a cryptographic puzzle, or use brute force hacking to gain access to a system.
A finite field (or Galois field) is a mathematical construct with a finite number of elements. This concept forms the basis of most encryption techniques.
- Finite Fields (PDF): learn how a finite field is constructed.
- Basic Introduction to Cryptographic Finite Fields: this detailed paper discusses both finite fields and alternative ways of implementing the same forms of cryptography.
- Storing Cryptographic Data in the Galois Field (PDF): this report discusses the concept of cryptographic finite fields, particularly in the context of algorithms like AES256.
- Comparing Finite Fields to Elliptic Curve Encryption (PDF): this essay focuses on how elliptic curve encryption could be used to build on and enhance finite fields.
Advanced Encryption Standard
The AES standard led to algorithms such as AES256. These have been widely adopted across the internet, mainly because many governments use them as their chosen standard for encryption.
- Overview and Presentation on the History of AES (PDF): this series of presentation slides serves as an introduction to the AES encryption standard.
- Detailed Technical Review of the Advanced Encryption Standard: this page provides a historical background of AES and summary of how the different components work.
- Research Report Reviewing AES and Different Implementations (PDF): this illustrated guide demonstrates one conventional method of implementing AES in programming.
Confidentiality Using Symmetric Encryption
Symmetric encryption uses the same key for both encryption and decryption. These are sometimes referred to as secret key algorithms.
- Description of Symmetric and Asymmetric Encryption: this Microsoft primer describes the important differences.
- Symmetric Versus Asymmetric Encryption Discussed (PDF): this set of lecture notes discusses the pros and cons of "secret key" versus "public key" encryption.
- Detailed Discussion of Symmetric Encryption and RSA Algorithms (PDF): this technical review of symmetric encryption implementation discusses algorithms in detail.
Number Theory and Hash Algorithms
In the context of the internet, hashing is often used to obfuscate passwords and other pieces of data. There are many different hashing functions and methods, including MD5 and SHA-1.
- Hash Functions in Cryptography (PDF): these detailed, illustrated notes were originally written for college students. The document introduces hash algorithms, and their function in data security.
- Number Theory and Cryptography at Cornell: this set of notes and problems introduces advanced number theory concepts and tests comprehension. It also offers an interesting explanation of the RSA algorithm.
- Applied Number Theory in Cryptography (PDF): this introduction to number theory goes into great depth about its many applications in the cryptographic world.
- Hash Functions and Cryptography in Business: this article specifically discusses the importance and applications of hash functions in the business world.
Digital signatures are used to verify the identity of a sender or recipient. They are often used when transmitting financial details, or exchanging business contracts.
- Discussion of Digital Signature Implementation and Issues (PDF): these notes discuss the problems of digital signatures.
- Basics of Understanding Digital Signatures: this overview from the US federal government's US-CERT security team provides accessible information for consumers.
- Future Applications of Quantum Digital Signatures (PDF): this essay is an interpretation of how advanced digital signatures can be implemented with current technology.
Authentication applications make cryptography easier. Kerberos is one example of a protocol that is used in a range of applications.
- Authentication Applications: Kerberos and Public Key Infrastructure (PDF): this report discusses two of the most powerful authentication applications and how they can be implemented to enhance security.
- Information on Kerberos Protocol from MIT: this detailed overview of the Kerberos protocol provides information on its various releases and how to implement it.
- The Official Kerberos Consortium: this is the official watchdog organization that develops and publishes standards for the Kerberos authentication application.
- Public Key Infrastructure Defined and Described at PC Magazine: this is an overview of Public Key Infrastructure (PKI) and how it is used to secure information.
- Public Key Infrastructure Approaches to Security: this documentation from Oracle discusses the elements of PKI and how they can be used in different technical scenarios.
Electronic Mail Security
Email is inherently an insecure method of communication. The resources below detail various ways that email can be made more secure.
- The OpenPGP Alliance for Electronic Mail Encryption: this is the site of a nonprofit organization that maintains OpenPGP, a popular email encryption standard.
- Berkeley Lab Recommendations on Implementing Electronic Mail Security: these recommendations from the Lawrence Berkeley National Laboratory can be adapted for use by consumers and enterprises by using the cryptographic resources suggested.
- GnuPG Nonprofit Privacy Application for Linux-Based Systems: based on the PGP concept, GnuPG is a nonprofit method of implementing email encryption in Linux-based systems.
- Basic Primer on Email Security for Consumers from CNBC: this report from news network CNBC discusses the issues around email encryption and security as they relate to consumers in a world of ever-increasing electronic spying.
IP Security and Web Security
SSL stands for Secure Sockets Layer. It's fundamental in the provision of ecommerce stores, online banks, and digital services.
- IP Security and Encryption Overview from Cisco Systems: this detailed information on the IPSec protocol and related security matters comes from Cisco, one of the top brands in hardware and software for online security.
- HTTP vs HTTPS Comparison: this page is an introduction to "secure" HTTP connections (HTTPS) and how they differ from basic HTTP connections.
- What Is SSL and What Are Certificates: this page expands further on the concept of SSL and how security certificates work to authenticate the transfer of sensitive data.
- Summary Overview of SSL and How Related Protocols Work Together (PDF): this illustrated guide goes a step further by describing how SSL interacts with other protocols.
- What You Need to Know About Heartbleed: the Heartbleed bug is a critical security flaw in SSL, which discloses the secret key and other data. It lay undetected for two years, and was described as a catastrophic internet security failure.
A firewall is a software application or hardware device that controls access to a computer or network.
- What Is a Firewall and What Types of Firewalls Are There: this introduction serves to define and compare the different kinds of firewalls and how they operate.
- Basic Concepts for Managing a Firewall: aimed at network administrators, this guide digs deep into the fundamental concepts to master in order to make a firewall effective.
- How Firewalls Work and How to Use Them: this introduction summarizes the basics of firewalls, some specialized types, and how a firewall "rule" should be designed.
- Basic Firewall Information and Use for Consumers: this overview from the nonprofit "Get Safe Online" helps consumers understand fundamental firewall concepts and use.
Further Reading and Resources
We have more guides, tutorials, and infogragphics related to using the internet safely:
- Is the Password Dead?: this infographic looks at the future where we no longer need passwords.
- 8 Worst Security Breaches: even the pros get hacked. Find out about the eight biggest security breaches on the internet.
- How to Earn Bitcoin with Affiliate Programs: our guide to earning this popular cryptocurrency.
How to Create the Perfect Password
Confused about how to create a great passowrd? Check out our infographic, How to Create the Perfect Password.