Day 082 #FromZeroToHacker – Cryptography for Dummies

Without encryption, communications would be very insecure and would be easy for a hacker to see your data. Luckily, almost all the data you send and get is encrypted and can’t be seen in plain text.

Let’s decrypt all the information about cryptography in our daily #FromZeroToHacker challenge.

Table of contents
Introduction
What have I learnt today?
Stats
Resources

Introduction to Cryptography for Dummies

Without encryption, communications would be very insecure and would be easy for a hacker to see your data. Luckily, almost all the data you send and get is encrypted and can’t be seen in plain text.

Cryptography types

What have I learnt today?

Types of cryptography

There are two types of cryptography: Symmetric and asymmetric.

Symmetric cryptography

Alice wants to send a message to Bob, but she doesn’t want anyone to read the message but Bob.

She has a “recipe” to swift the letters in a way that no one can understand (encryption). Bob has the same recipe and uses it to re-order the letters, so the message is readable again (decryption). This “recipe” in cryptography is called a key, and in symmetric cryptography, both users have the same key, used to encrypt and decrypt a message.

Asymmetric cryptography

Now, we have the same scenario, but we have two keys: One to encrypt the text, and another one to decrypt the message. Each one is different and can only be used to do one thing, not encrypt AND decrypt.

The encryption key is called Public key (It is public, so anyone can encrypt the text in a way that only YOU can decrypt), and the decryption key is called Private key (and you shouldn’t send it to anyone).

Asymmetric cryptography is preferred because is safer. With symmetric cryptography, anyone who takes your key can encrypt and decrypt messages, while in asymmetric cryptography no one can decrypt messages you encrypted with the public key: Only the holder of the Private key can decrypt them, and you shouldn’t send this private key to anyone.

The only thing in favour of symmetric cryptography is that it is faster than asymmetric cryptography.

What is a hash?

Hashes are long strings of letters and numbers generated by hashing algorithms. We take a plaintext string and turn it into a hash with a hash function (MD5, SHA-512…).

For example, Hello in MD5 hash is 5d41402abc4b2a76b9719d911017c592

The important thing you have to remember is that hashes are not reversible. There is no way to decrypt a hash*

*Yes, there are ways, but not really. While you can’t decrypt a hash, there are loads of lists that have both the initial text and the hash. Look at the example above: We can’t hash back 5d41402abc4b2a76b9719d911017c592, but we already know that is Hello in plaintext. Now imagine a website with thousands or millions of plaintext-hash pairs. Those websites exist, like Crackstation.net where we can paste a hash and the website will perform a search to see if it has the plaintext version of that hash in its database.

What are hashes used for?

The most popular use of hashes is for file identification and storing sensitive data like passwords.

As hashing algorithms always produce the same output for the same input given, we can compare a hash of a source file hosted in a website, with the file downloaded. The website provides the hash of the file hosted, and once you have downloaded the file you can use a hashing algorithm (MD5 for example) to generate a hash from the file.

If both hashes are the same, the downloaded file is safe. If not, a hacker probably messed up with our download and the file is no longer safe.

Hashes are used too for data security. When we create an account on a website, the password isn’t stored in plaintext: It is hashed and the hash is stored instead. When we try to log into that website, we introduce the password, which is hashed and compared with the stored hash. If both are the same, the server will let you in.

Let’s compare Encryption/Decrypting and hashing:

Encryption, Decryption and Hashing

Decoding/Encoding

When encrypting, unless we have the key (private key in asymmetric, or the key in symmetric cryptography), we can’t decrypt the text, file, etc.

Encoded data can be decoded immediately, without keys. Encoding is not a form of encryption, just a way to represent data.

I will repeat it because this is very important: Encoding is not a form of encryption.

For example, if we Encode to Base64 format the text “This is a secret text”, we get the “dGhpcyBpcyBhIHNlY3JldCB0ZXh0” string.

We can easily Decode from Base64 format this string, and we’ll get “This is a secret text” back again.

Base64 decoding and encoding

Summary

Today we solved some questions regarding cryptography, such as:

  • Types of cryptography.
  • Hashing.
  • Decoding and encoding.

Stats

From 50.436th to 49.775th.

Here is also the Skill Matrix:

Skills Matrix

Resources

Random Room

TryHackMe: Cryptography for dummies

Other resources

Cryptography 101
Hashing 101
Crackstation.net
Encode to Base64 format
Decode from Base64 format