Shellfish Systems and Security

Share this post

Shellfish Systems and Security
Shellfish Systems and Security
Cryptography+
Copy link
Facebook
Email
Notes
More

Cryptography+

I'm an International Superspy.... SUPERSPYYYYYY

BowTiedCrawfish
Feb 01, 2022
1

Share this post

Shellfish Systems and Security
Shellfish Systems and Security
Cryptography+
Copy link
Facebook
Email
Notes
More
Share

Hello all!

Today’s free post will discuss cryptography. Digital cryptography is something every tech wiz should know.

For example, keeping data secure is crucially important in software development. You don’t want to be liable for someone’s data being stolen because it was improperly secured.

And yes, this will discuss the cryptography curriculum found on the Security+ exam.

In Ancient Greece, strategoi needed to be in communication with each other to coordinate movements. They did so with ink and parchment. However, should the messenger carrying the parchment be captured or killed by the enemy, the details of the message could be exposed, and the enemy would have the upper hand. To circumvent this issue, the Greeks, especially Spartans, used what is called a scytale to encrypt their messages.

A scytale is a small baton in which a slender piece of parchment was wrapped around and down the rod (like one of those cinnamon churros). After wrapping the parchment, the message was written across the stick. Upon removing the parchment, it would be quite difficult to read. Therefore, the only way to decrypt the message would be to have a scytale with the same diameter so that the message’s letters would line up correctly.

This is the first documented form of encryption. Encryption is defined as the encoding of information. In Greece, the military was message was encoded onto a piece of parchment, and then decoded through the use of a scytale. This decoding is known as decryption.

Moving ahead 3000 years to the modern era, encryption is used everywhere. For instance, if you’re reading this on substack.com, do you see the padlock on the top of your screen?

Your internet traffic to and from this site is secure AKA encrypted while in transit.

Encryption is used to secure data, which exists in 3 different forms.

  • Data at Rest

    • Inactive data that is archived in places such as a hard drive.

  • Data in Transit

    • Data crossing the network or residing in computer memory/RAM.

  • Data in Use

    • Data that is undergoing constant change.

Encryption can be used with each of the 3 forms.

Back to encryption. Let’s take a look at a popular form of encryption known as a Caesar Cipher. Caesar ciphers use a number as their key i.e. the entry which encodes/decodes the message. This key dictates how many letters to “shift” in a message. The letter “c” with a key of 5 will be shifted 5 positions to the right, encoding it as the letter “h”. A cipher, also known as an encryption algorithm, is the method in which the message is encoded/decoded.

Let’s look at an encrypted message with a Caesar key of 12.

naifuqpoknqd qmfe mee

To decrypt this message, we would take every letter and shift it to the left 12 positions, wrapping back around to z if necessary. This message will be decrypted as:

bowtiedcyber eats ass

This is an extremely simple example of encryption that is applicable in today’s terms. You will have a difficult time decrypting the hidden message without knowing the key. However, you could easily brute force this as there are only 26 possible keys to encode with.

A Caesar Cipher doesn’t have a practical use-case in today’s modern infrastructure. However, I showed you the example because the methodology is the same. Digital encryption is a reinterpretation of bits based off of a key. Encryption strength is based off of the key, not the algorithm.

Encryption methods are classified into 2 types: symmetric and asymmetric.

  • Symmetric

    • The key that is used with the algorithm is used to both encrypt and decrypt data. Also called private key encryption.

    • The Caesar Cipher is symmetric.

    • Other examples include the Vigenère Cipher, AES, and Blowfish.

  • Asymmetric

    • One key is used to encrypt data and another key is used to decrypt data. Also called public key encryption.

    • Imagine having a key that can only lock something, and having another key that can only unlock what your first key locks. If you were transporting a locked package to someone, you would be assured that no other individual could possibly unlock your package unless they have your target’s key.

    • Common examples are RSA and ECC.

Symmetric algorithms are much easier to use and are much faster than their asymmetric counterparts. However, asymmetric algorithms prevent a key-distribution issue due to its whitelisting nature. It is not uncommon to see a hybrid approach that utilizes asymmetric encryption to securely transfer a private key that can be used with symmetric encryption.

Ciphers can also be classified beyond symmetric and asymmetric. They can also be regarded as a stream cipher or a block cipher. This is dictated by the mathematical algorithm that is used to encrypt and decrypt information.

  • Stream

    • Utilizes a keystream generator to encrypt data bit by bit using a mathematical XOR function to create the ciphertext.

    • Used for real-time communication data encryption such as streaming audio/video.

    • Often symmetric.

  • Block

    • Breaks the input into fixed-length blocks and performs the encryption on each block.

    • Easier to implement through a software solution.

    • DES and AES are block ciphers.

Security+ wants you to know a bunch of symmetric encryption algorithms for the exam. So I will touch on them briefly.

DES/3DES

Known as the Digital Encryption Standard. It is an encryption algorithm which breaks the input into 64-bit blocks and uses transposition and substitution to create a ciphertext using an effective key strength of 56 bits. Nowadays, 56 bits of encryption can be broken relatively easily. 56 bits is only 7 characters in length. Imagine having a password that can’t be longer than 7 characters. That’s awful! Everyone knows that the longer your password, the better. At least I hope you would know that, anon…

DES used the be the standard for encryption. It was used from the 1970s all the way to the early 2000s.

DES was superseded by 3DES AKA “Triple-DES” which uses 3 separate symmetric keys to encrypt, decrypt, then re-encrypt the data in order to increase the strength of DES.

IDEA

Known as the International Data Encryption Algorithm. It is a symmetric block cipher which uses 64-bit blocks to encrypt. It uses a 128-bit key size, which is more than double that of DES. Once the weakness of DES was realized, there was a contest to discover a more secure algorithm. IDEA was an entry in this contest, however it lost to…

AES

Known as the Advanced Encryption Standard. AES is a symmetric block cipher that uses 128-bit, 196-bit, or 256-bit blocks and a matching encryption key size to encrypt. AES is the modern standard for encryption. It’s even used by the US government!

Blowfish

Blowfish is a symmetric block cipher that uses 64-bit blocks and a variable length encryption key to encrypt. It was made as a replacement for DES, but did not win the contest.

Twofish

Twofish is a symmetric block cipher that uses 128-bit blocks and a 128-bit, 192-bit, or 256-bit encryption key to encrypt. Both Blowfish and Twofish are FOSS.

RC4/RC5/RC6

Also known as the Rivest Cipher. RC4 is a symmetric stream cipher that uses variable-length key size from 40 bits to 2048 bits. It is used in Secure Socket Layers (SSL) and Wired Equivalent Privacy (WEP). RC5 is a block cipher that uses key sizes up to 2048 bits. RC6 is based on RC5 and was introduced as a replacement for DES but lost to AES.

Diffie-Hellman (DH)

DH is an asymmetric algorithm that is used to conduct key exchanges and secure key distribution over an unsecure network. Ever used a VPN before? Odds are, DH was used to set up the VPN tunnel.

RSA

Named after its inventors Rivest, Shamir, and Adleman, RSA is an asymmetric algorithm that relies on the mathematical difficulty of factoring large prime numbers. RSA supports the key sizes of 1024 bits to 4096 bits. If you use any authenticator 6-digit pin app, odds are it uses RSA.

ECC

Also known as Elliptic Curve Cryptography, ECC is an asymmetric algorithm that is based on the algebraic structure of, guess what, elliptic curves over finite fields to define its keys. ECC with a 256-bit key is just as secure as RSA with a 2048-bit key.

There are a few variations of ECC. There’s ECDH or Elliptic Curve Diffie-Hellman which is an ECC version of DH. Another is ECDHE or Elliptic Curve Diffie-Hellman Ephemeral which uses a different key for each portion of the key establishment process in the key change. Lastly, there is ECDSA or Elliptic Curve Digital Signature Algorithm which is used as a public key encryption algorithm used by the US government. Know that ECC is most commonly used in mobile or low-power computing devices.

For the exam, you should only need to know which algorithms are block ciphers and which are stream ciphers. You should also know which algorithms are symmetric and which are asymmetric.

A few more things on asymmetric encryption:

Asymmetric encryption utilizes what is called public key cryptography.

If I wanted to send something to you, encrypted, I would encrypt the message with your public key (the one that can only encrypt AKA the one you share with people). Once the message is encrypted, only you can decrypt the message with your private key (the one that can only decrypt AKA the one you don’t share with anyone).

Asymmetric encryption enforces confidentiality, integrity, authentication, and non-repudiation.

If you’re a turbo autist and use 2 laptops as your Bitcoin hardware wallet. You would know that you digitally sign your transactions before you offer them to the blockchain. This digital signature, which is the hash digest of a message encrypted with the sender’s private key, is a form of asymmetric encryption.

The last thing I want to touch on is one-time padding.

Even though it would take a very, very long time, encrypted data can be cracked. Given enough time, you can crack any encryption algorithm. Everyone is screaming about how quantum will destroy modern encryption standards. One way to circumvent this problem is by using what is called a one-time pad.

A one-time pad is a stream cipher that encrypts information with a secret random key that is the same length as the plaintext input. This secret random key is known as a key stream, and it is comprised of a series of random bits. The only way an attacker could crack this encryption is if they were able to go back in time and recreate this randomly created key stream. The only way to discover the encryption key is to know the data input.

The only problem with one-time pads is that computers are incapable of producing pure random numbers. They can only produce algorithmic numbers which are called pseudo-random numbers.

This concludes this week’s free post. I planned on doing both cryptography and hashing in the same post, but there’s a lot more cryptography in Sec+ than I thought that there’d be.

Thanks for reading!

1

Share this post

Shellfish Systems and Security
Shellfish Systems and Security
Cryptography+
Copy link
Facebook
Email
Notes
More
Share

Discussion about this post

No posts

Ready for more?

© 2025 BowTiedCrawfish
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great culture

Share

Copy link
Facebook
Email
Notes
More