Resources for Security Engineers to understand crypto and apply modern practise to their infrastructure. Written 2016-02
Cryptography is essentially a means of protecting information with a cipher that can only be decrypted by the key. Its like having a key to your house, the key is distributed to the people you trust to have access.
I refer to this as Applied Cryptography. The main uses of applied cryptography is to protect computer data in a few key situations
In business, data should be encrypted both in transit and at rest on devices outside the organisation, eg laptops with work material in case they are lost or stolen, VPN provide cheap connectivity between remote workers and offices over the internet.
In the cloud, data should be encrypted both in transit and at rest. This protects your login identity and data from being stolen while on an untrusted server.
In banks, data is encrypted in transit to protect your money & investments from being stolen.
In social media like facebook, encryption is used to protect your login details from being snooped protect your reputation where someone could post deflaimation using your name. (just one example)
Encrypt: convert plaintext into ciphertext
Decrypt: convert ciphertext back to plaintext
Plaintext: un-encrypted data, your document
Ciphertext: encrypted data, random un-distinguishable data
Cipher: create the ciphertext data according to a set pattern
Key: the random data that works with the cipher to create the ciphertext
Passcode: is the key to lock and unlock everything
I'm not a cryptographer, Im only interested in the secure implementation of software & procedures. Dont take my word for it, double check it yourself. This is a guide to learning and blog of my journey.