Hello, and welcome to the cryptography conversation. Let's take a look of what we're going to be talking about. We're going to talk about the fundamental cryptography concepts. The things that help us to understand how cryptography works. In cryptography our main focus is going to be on confidentiality and integrity. And when we talk about that, sometimes people get a little confused because they say, well, cryptography, isn't that really all about keeping things secret, not showing them to anybody? Absolutely, that's the whole concept of confidentiality. But we bring integrity in because we want to make sure that the things that we are able to show people, when they have the rights to see them, are going to be the things that they actually not only should be able to see, but expect to see. And so integrity helps us to understand that things have not been modified. And if they have been modified, that we know about them, and we also know who modified them. So we'll be talking about it from those perspectives. And that will be some of the fundamental concepts conversation. Describing the difference between symmetric and asymmetric cryptography. Talking about symmetric or single key private key cryptography. And asymmetric, dual key, public private key cryptography. We'll compare and contrast. Make sure we understand all the things we need to be aware of. How it works, what to do, what not to do in some cases, and how to make sure we're making the right choices about how to safeguard our information. Defining the basic requirements of cryptography. What are the things we need to know to do it and do it right? Identify processes to support secure protocols. How do we implement confidentiality? How do we encrypt our data? What are the choices we can make there? What are the things we need to be aware of? Describe the processes for implementing cryptographic systems. How do we set all this up? Great to talk about it. Great to learn a lot about the vocabulary, the moving parts, the choices we can make. That's really where we're going to be able to have an impact. Because, ultimately, as we setup and use these systems, if we make incorrect choices, we may wind up exposing the data, in effect breaking the confidentiality, when we're really focused on trying to safeguard the data. So want to make sure we do the right things, and we'll talk about how to do that. Defining key management concepts. We'll talk about the key management life cycle. What is a key? We'll have defined that early on in the conversations. And making sure we understand the importance of key management for the SSCP will be part of the focus of our conversation. Defining Public Key Infrastructure, what we commonly refer to as PKI. We'll be talking about digital certificates. Why they're important, how we issue them, why we need them, what we do with them, and ultimately the life cycle around them as well. Identifying the processes for key administration and validation. And describing the implementation of secure protocols. These will be the objectives we're going to be going through here. A lot of materially, clearly. A lot of stuff to focus on. So let's go ahead and jump right in and get started. Let's start by understanding and applying the fundamental concepts of cryptography. And let's first talk, and we are going to first talk about vocabulary. I'm going to spend some time here defining some terms. The reason we need to do that as we get started with our conversations here in the cryptography conversation area, kind of get used to the language a little bit, is in order to really understand cryptography, we've gotta learn how to speak a separate language. Not a language that's hard, because I know somebody says to me, hey, Adam, you want to learn a language? I'm thinking, not really, I've got better things to do. I'm pretty happy with the languages I already know. because languages can be sometimes daunting, they can be challenging. But the thing about language is it gives us context. It helps us to understand how to communicate effectively and how to share our ideas and the knowledge we have with other peoples in a way that in effect allows us to understand each other better. And when we talk about cryptography, we're talking about a language of security. And we have to understand how to speak that language in order to be able to not just effectively do our job, not just effectively safeguard information, provide the oversight we need in order to ensure confidentiality and integrity are going to be operational. But we have to be able to see, understand, communicate and interact with terms and technology that may not come natural to us. We may not know what a cryptovariable is. Sitting there now, you maybe wondering what a cryptovariable is, and we're going to talk about that in just a couple of minutes. You may not understand or know what a key is. You may not understand or know what an algorithm is. And these are things that we need to be able to talk about freely, openly. And with a shared common vocabulary and a shared common context, we can do that. So we're going to jump in and start talking about those things. Encryption concepts will be where we'll begin. Methods of cryptography, specific hashing. What is salting? Symmetric and/or asymmetric cryptography. Non-repudiation, which you've heard me speak about in some other conversations as a conceptual idea. And methods of cryptanalytical attacks. How do we attack the crypto system and how do we potentially break the cryptography? It's a fun conversation to have. We always want to talk about things we do to defend. But in every one of the areas we've been discussing, at some point, we come up against this concept of, okay, now that we know all about it, told you what it is, told you how to deal with it, make sure you do it the right way. We're going to talk about how to make sure you do it the right way by talking about how we break things. And then showing you how things break will potentially make you better at defending against those things. So we're going to take a look at attacks as well.
