Intern Blog Series: Maddie’s Zero One Journey Part 2 — Learning About Version Control and Cryptography

Zero One Group
Sep 23, 2020 · 6 min read

By Madeleine Pramoedya, Intern at Zero One Group (ZOG)

ZOG recently launched its Intern Blog Series, highlighting the experiences of summer interns in various divisions. In this series, interns discuss what they have learned and how ZOG is preparing them for the working world.

Welcome to Part 2 of my journey, where I will be blogging about my experiences using Git as a version control system, and experimenting with GPG and asymmetric cryptography to encrypt and decrypt messages. You can read Part 1 of my journey here.

As a biochemistry major, taking part in ZOG internship programme for the past few months has challenged me to develop the necessary IT skills and become a newly-minted engineer. Hopefully, you’ll enjoy the learning experience shared in this post as much as I had when I did it!

Version Control and Git in More Depth

Version control is a system which records changes to a file or group of files so that a user can access specific versions of the file later. One such system is Git, which I have been learning to use and understand this week. The MIT Missing Semester session on Version Control helped me a lot to become familiar with the basic commands in Git. These commands include:

With these commands, I am able to do the basics using Git but it was far more useful for me to also be able to visualise the data model. To do so I used a tutorial website called Learn Git Branching. You can see how the model evolves as you make changes to the repository. For example, below you can see what happens to the model when the command git commit is passed, a new commit (in this case represented as circles) is formed.

Command passed:

What happens if you commit twice?

Commands passed:

Every time a commit is made, Git assigns a hash to the new commit. A hash is the identity of the commit and contents of the file or files expressed in hexadecimal notation. The hash can be used to identify a specific commit you want to checkout for example.

What happens if you create a new branch and start committing?

Commands passed:

Here I had to checkout Master to switch back to the Master branch before committing on that branch. The movement is indicated by the * which represents the ‘Head’ which is the pointer that points to the last commit or checkout made. Branching is usually used during software development to make changes to a specific version of the file while allowing other people to make different changes on a separate branch. These changes are usually the addition of a new feature or a bug fix.

How to now merge the branch:

Commands passed:

Security and Cryptography

I also learned a lot about security and cryptography this week. One of the most interesting things that I learned was the concept of password entropy which is a measure of a password’s randomness in bits. This means that the larger the value of entropy the more random the password is and thus stronger it is. A password’s entropy can be measured using this formula:

E = log2(RL)

Where E = password entropy

R = pool of unique characters

L = number of characters in the password

Surprisingly, a password like correcthorsebatterystaple has more bits of entropy (117) than a password like rg8Ql34g (46). In terms of how many bits of entropy is considered enough, for online guessing a password with around 40 bits of entropy is considered to be okay. However, to also be resistant to offline guessing a higher entropy is needed, around 80 bits of entropy or more. This is due to the presence of the dictionary attack method, which is a method to crack passwords through the use of well known words or phrases. Thus even correcthorsebatterystaple could be cracked with this method.

GPG & Asymmetric Cryptography

In terms of cryptography, I spent some time learning about asymmetric cryptography in particular. I set up GPG which stands for GNU Private Guard which is a public key cryptography implementation. It allows for secure communication between two parties and it also allows for each party to verify whether the message received comes from the intended origin. The theory is that the encryption and decryption stages are split into separate processes. The public key is used for encryption, whereas the private or secret key is used for decryption. This thus makes sharing the public key to others safe so long as the private key is secure. In a scenario where two people are attempting to send encrypted documents to each other, each person would have both the other person’s public key as well as their own private key.

At this point, I actually decided to try this out with a friend of mine. This was our process:

  1. First we both installed GPG and then generated our pair of public and private keys using the command: gpg — gen key in the terminal
  2. We then also created a revocation certificate to have a way of deactivating our keys in case of a security breach. To do this we used this command: gpg — output ~/revocation.crt — gen-revoke my_email@address.com
  3. We restricted permissions to this file using: chmod 600 ~/revocation.crt and then saved a copy of the revocation certificate off our computers in a secure place
  4. To send each other our public keys, we first exported our public keys into a text file and sent this file to each other. We then imported this file using the command: gpg — import name_of_pub_key_file
  5. Once imported, we must verify each other’s identity by signing the key we received. This was done using: gpg — sign-key other_persons_email@example.com
  6. We sent the signed keys back to each other so if someone trusted my friend and saw that she signed my key then they are more likely to trust me as well. Done using: gpg — output ~/signed.key — export — armor other_persons_email@example.com and gpg — import ~/signed.key to import
  7. To encrypt a message we used: gpg — encrypt — sign — armor -r other_persons_email@email.com name_of_file and then we sent the encrypted file to each other
  8. To decrypt the message we used: gpg file_name.asc

Besides a bit of fun going through the previous process was quite enlightening to me as I was able to apply the theory behind asymmetric cryptography. I also found out that this method of cryptography along with symmetric cryptography is used in Whatsapp’s end to end encryption which was quite interesting to read about albeit also quite complicated.

Sneak Peak for Part 3 of my Journey

Next week I will be discussing my experience in setting up my text editor (neovim) to work effectively with Python. I will explain the process step by step and also explore the installation of different vim plugins which may be helpful.

Stay tuned!

Follow Zero One Group at Instagram, Twitter, Facebook, and LinkedIn. Visit our website at www.zero-one-group.com

The Startup

Get smarter at building your thing. Join The Startup’s +787K followers.

Sign up for Top 10 Stories

By The Startup

Get smarter at building your thing. Subscribe to receive The Startup's top 10 most read stories — delivered straight into your inbox, once a week. Take a look.

By signing up, you will create a Medium account if you don’t already have one. Review our Privacy Policy for more information about our privacy practices.

Check your inbox
Medium sent you an email at to complete your subscription.

Zero One Group

Written by

A leading integrated technology services company, providing personalised solutions to even the most challenging business problems. www.zero-one-group.com

The Startup

Get smarter at building your thing. Follow to join The Startup’s +8 million monthly readers & +787K followers.

Zero One Group

Written by

A leading integrated technology services company, providing personalised solutions to even the most challenging business problems. www.zero-one-group.com

The Startup

Get smarter at building your thing. Follow to join The Startup’s +8 million monthly readers & +787K followers.

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store