From the course: Ethical Hacking: Cryptography
Why cryptography?
From the course: Ethical Hacking: Cryptography
Why cryptography?
- What comes to mind when you think about cryptography? Often, you hear the word "crypto," and your mind starts to think about mysteries of crypto or digital currency, like Bitcoin, or maybe even the blockchain. In fact, the root word "crypto" means to hide or keep secret, and it's certainly true about aspects of those things. We are going to be focusing on cryptography, which is the process of making information or data readable to only those who are authorized to read it. In other words, the data is mathematically scrambled unless you have a special key. Now let's see how this scrambling process works. First, we have two people who wish to send secure communications over the internet. We take the legible data or plaintext message we're trying to send, and we put it through what is called an algorithm, which is guided by a key, which tells it specifics on how to scramble it. That results in the final output, which is an unreadable message, also called ciphertext. Logically, whatever I scramble, I'll need the ability to unscramble, right? Otherwise, there would be no value in this process if I could not retrieve the plaintext message back to my intended audience. So let's play that back. So now I take the unreadable message and I put it back through the process to translate it back to the readable plaintext message. Don't worry, I'll explain in more detail, but for now, you're familiar with the overall concept. So, why is cryptography so important? Cryptography is one of the most important controls available to information security professionals because it's the cornerstone for sending secure communications and protecting data. In this course, we'll cover the four main services provided by cryptography: confidentiality to ensure only those authorized can read it, integrity to ensure no one unauthorized can change it, authentication to ensure we verify the identity of those requesting access to it, and nonrepudiation, which sounds fancy, but is a simple legal concept to prove the originator's identity, so you know who it actually came from. Once we identify which combination of these services we really need, and fully understand what we're trying to prevent or provide, then we can connect the dots on how to implement strong cryptography. I'll also help you understand the adverse risk for not doing anything to protect your data at all. We must assume the mindset of the bad actors and, most dangerous of them all, careless actors who unintentionally cause accidents by leaving their laptop in an unlocked car or simply leaving passwords in plain view. They become easy targets for crimes of opportunity. You'll soon become an expert in recognizing which cryptography service are needed and from whom we're protecting a system from.
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.