Questions tagged [cryptography]

Cryptography is about ensuring, in a computerized context, the following properties:

• confidentiality: some information must be stored or transferred without permitting unauthorized entities to read it;
• integrity: some information must be stored or transferred without allowing any alteration by an unauthorized entity to go unnoticed;
• authenticity: some information must be stored or transferred in such a way that the originator of the information can be verified, in a way which unauthorized entities cannot falsify.

"Entities" are persons, roles or systems which are supposed to be distinct from each other according to some definition. Cryptography operates in the logical world of computers, from which the physical world is out of reach; in plain words, anybody can buy a PC, so what distinguishes a user from another (as seen through a network or any other communication protocol) is what that user knows. Cryptography calls such knowledge a key: this is a piece of secret data, which is used as parameter to a cryptographic algorithm which implements a cryptographic property with regards to the key.

For instance, symmetric encryption is about transforming some data (possibly a huge file), using a (normally short) key, into an encrypted form which shows no readable structure anymore, but such that the transformation can be reversed (recovering the original data from the encrypted form) if the encryption key is known. In a way, symmetric encryption concentrates confidentiality into the key, which can be short enough to be manageable (e.g. the key might be memorized by a human being, in which case it is called a password).

The cryptographic algorithms themselves are public, if only because nobody can really tell "how much" a given algorithm is secret, since algorithms are often implemented as software or hardware systems which are duplicated into many instances, and the cost of reverse engineering is hard to estimate. A cryptosystem (combination of an algorithm and its key) is then split into the algorithm, which is embodied as an implementation, and a key, for which security can be quantified (e.g. by counting the number of possible keys of a given length).

Cryptography covers the science of designing cryptographic algorithms (cryptology) and of trying to break them (cryptanalysis); it also encompasses the techniques used to apply the algorithms in various situations, in particular implementation as software, and the related subjects (such as performance issues). Some algorithms consist in the assembly of several sub-algorithms in order to obtain higher level properties (e.g. "a bidirectional tunnel for confidential data with verified integrity and mutual authentication"); they are then called protocols.

Commonly used cryptographic algorithms and protocols include, among others:

• Symmetric encryption: 3DES, AES, RC4, Blowfish
• Hash functions: SHA-2 (includes SHA-256 and SHA-512), SHA-1, MD5
• Hashes for passwords: bcrypt, PBKDF2, crypt (and NOT fast or unsalted raw hash functions)
• Asymmetric encryption: RSA, ElGamal, some Elliptic curve cryptography algorithms
• Digital signatures: RSA (similar, but not identical to, the RSA for encryption), DSA (as part of the "DSS" standard), ECDSA
• Data tunneling: TLS (formerly known as "SSL"; when used to convey HTTP requests, the result is known as "HTTPS"), SSH, IPsec
• Encrypted and/or signed emails: OpenPGP (standard protocol derived from the original PGP software), S/MIME
• Certificates: X.509, OpenPGP (certificates are about binding identities to public keys, which are themselves used in asymmetric encryption and digital signatures)

On-topic themes also include password management (storage, verification, entropy, breaking techniques such as rainbow tables...), advanced multi-party protocols (electronic voting schemes, digital cash, anonymous browsing...), usage of existing implementations (libraries, hardware accelerators, smartcards...), and so on.