What the heck is cryptography?
Hello there, In this article, we will be talking about what is hashing, encrypting and some very basic things about cryptography that you need to understand as a developer which might help you to write more secure applications in the future.
Cryptography is a huge subject, and today algorithms are very complex to cover in one article. But this series will be just an overview for a casual developer and this part 01 will only cover very basics.
What is Encrypting?
The Ceaser Cipher
So let’s begin with a little story.
Have you ever heard about encryption called Ceaser Cipher, Ceaser Cipher is named after the Rome king, Julius Caesar who used to encrypt his message using the following encryption in his secret letters.
buubdl uif btufsjy’t wjmmbhf boe qmfbtf epo’u mptf uijt ujnf
Can you read the letter, which says:
Attack the Asterix’s village and please don’t lose this time
So if you didn't get what was in the message, try shifting one letter to the left side by means in letter “B” becomes “A”, if “C” it is “B”, if “D” it is “C” and so on.
So each letter is shifted 1 position to the right side. But this number may differ. Maybe 2 shifts. So the “C” will become “A” and so on.
Cryptography Terms
Ceaser cipher is very easy and one of the popular encryption method. From that let’s get into a few frequently used terms in cryptography.
The message “Attack the Asterix’s village and please don’t lose this time” is called the plain text in cryptography.
The process converting from the original message to the secret message is called, encrypting.
After the encryption ‘buubdl uif btufsjy’t wjmmbhf boe qmfbtf epo’u mptf uijt ujnf’, the secret text is called the Ciphertext
So the soldiers have received the ciphertext and they convert the secret message to the original message, this process is called decryption.
When producing the secret text, we used 1 shift which may differ (maybe 2, 3 or anything less than 25). When we change the number of shifts the secret text becomes different. This shift is called an encryption key.
Let’s talk more about encrypting in the next article since we don't want to get overwhelmed. One at a time baby!! For now, let’s get into hashing.
A few moments later after receiving the letter...
What is Hashing?
As we have seen before in encryption you may decrypt the ciphertext (secret text) to the original message. But hashing is different. You cannot convert a hashed string to the original message.
Wait. What???
Then why we even want to hash something if it cannot be`dehashed` if it’s a word. Before solving that let’s get into how hashing works?
How to Hash?
This is a very simple way to represent what is hashing, have you ever calculated your lucky number. Well then let’s calculate that.
Consider my birthday is 1998/02/21, sum all the numbers from the your birth day 1+ 9+ 9+ 8+ 0 + 2 + 2 + 1 = 32 , then get sum of all characters of the result which is 3 + 2 = 5.
So my lucky number is 5.
No matter who calculates your lucky number the result will be 5. But is anyone able to convert back it to your birthday, that’s impossible?
Consider two girls who have a crush on a boy. Both of them are pretending to know his birthday but do not trust each other.
How to make sure, each one is not lying without reveling the original birthday. What if they calculate the lucky number of the birthday and transfer them. So they know that each one might know the correct date.
Yeah, that might work. But 2 different birthday might have the same lucky number. So theoretically there is 1 out of 10 chance (10%) that might happen.
But what if we stopped here at 32, 1+ 9+ 9+ 8+ 0 + 2 + 2 + 1 = 32, there is only 1% chance.
Let’s talk about how hashing makes sure that collision won’t happen in the next article. For now, let's focus on some use cases.
So why we need to hash things?
Even though we can’t revert a hash, there is few use cases that we might need to use them.
Consider you are downloading a torrent file. Torrent is a P2P file-sharing protocol. So you are downloading files from strangers. Files are parted into smaller parts and you may download one part from one user and another part from another user. So what if someone edited the torrent file and injected a virus.
To avoid that, one solution might be to download the same part from two users and compare them. But consider the file size is 40GB, so you want to download 80GB of contents. That’s not a good solution.
So what you can do is hash the file, So the large file will hash into a smaller string (we will talk more about that in the next article) as we did to the birthday and compare them. So without comparing the whole file we can compare hashes and make sure the file is genuine.
Another case is for storing passwords, what if someone hacked your database users table with all passwords. The hacker is able to login to any account in your system. But what if you stored it hashed. Even though the hacker has all the credentials, he is not able to login to a single account. Awesome! Who thought that hashing could be that useful.
Even though cryptography is interesting, it could get really boring really fast. So let's continue from here at a later time.
Till then have an awesome day. See you soon and thank you very much for reading this far.
