Cryptography does not need to be hieroglyphic
With all the news about data being stolen whether it is credit card data, personal information or user passwords; hiding information stored at rest becomes of ultimate importance.
Cryptography is the art and science of hiding information in the presence of third party. This third-party is an adversary who is trying to get hold of your data. Using the proper technique to hide the data is very important.
There are three major types of hiding information:
1. Encoding: This is confused a lot with encryption. Encoding is not encryption and it should not be used to hide information, it just changes its form. Imagine, some text written in English was translated to Spanish. It could no longer be read in English, but it could be read and understood by someone who understands Spanish or somebody who has access to a translator. Same thing with Encoding; nothing else is needed to convert an encoded piece of text from its encoded format to human readable format other than a decoder or someone who understands the decoded text, plenty of these exist online. So Encoding does not hide information at all, it just changes its format.
2. Encryption: Encryption does hide the information using a key. With encryption, you can't revert the information back to its original format without having the key. There are two main types of encryption:
a. Symmetric Encryption: the encryption and decryption processes are performed using the same encryption key. This is a faster form of encryption because it uses the same key for encryption and decryption. Examples of famous algorithms that uses symmetric encryption is: AES and Triple-DES. The problem with symmetric encryption is sharing the key. In order for anyone to decrypt your messages, they need the key, now how do you deliver the key (which is supposed to be secret) to everyone you want to send a message to.
b. Asymmetric Encryption: this kind of encryption solves the problem of key distribution, because it uses two keys; one key for encryption (private key) and one key for decryption. You publish your public key and people use it to encrypt messages. Your private key, which is kept secret, is used to decrypt messages. Now, anybody can encrypt messages to you, but you are the only one who can decrypt them.
3. Hashing: this is basically the transformation of a string of characters into a usually shorter fixed-length value or key that represents the original string. This is used a lot in storing passwords. Why hashing? sometimes we need to store a unique representation of the original text without storing it. An important factor in hashing is that from the hash, you can't go back to the original form of the text. This technique is used to store user's passwords, or in this case their hashed representation. As they are users' secrets that nobody else supposed to know them even the devs and sysadmins. But we still need a way to find out whether the provided password is the same as the one originally chosen by the user. So hashing provides the perfect mechanism to do that.
Now that you got a brief understanding of the main types of crypto. This is a quick guide to audit your cryptography usage and whether you are securing the data that needs to be secured, whether you are using the correct cryptography guide and finally whether you are using secure algorithms for each type.
