When you were little, did you and

your siblings ever communicate in a secret language around your parents?

It didn't really matter what you were talking about,

as long as your parents didn't know what it was.

That was the fun part, right?

It may have seemed like a fun game when you were younger.

But for as long as humans have been around,

we've created ways to keep messages secret from others.

In this lesson, we'll cover how this plays out through symmetric encryption,

asymmetric encryption, and hashing.

We'll also go over how to describe the most common algorithms in cryptography.

And learn how to choose the most appropriate cryptographic method

in any given scenario.

But before we dive into the nitty-gritty details of cryptography, the various types

that exist in our applications, let's go over some terminology and

general principles that will help you understand the details later.

The topic of cryptography,

or hiding messages from potential enemies, has been around for thousands of years.

It's evolved tremendously with the advent of modern technology, computers and

telecommunications.

Encryption is the act of taking a message, called plaintext, and

applying an operation to it, called a cipher.

So that you receive a garbled, unreadable message as the output, called ciphertext.

The reverse process, taking the garbled output and

transforming it back into the readable plain text is called decryption.

For example, let's look at a simple cipher, where we substitute e for

o and o for y.

We'll take the plaintext Hello World and feed it into our basic cipher.

What do you think the resulting ciphertext will be?

Hopefully, you've got Holly Wyrld.

It's pretty easy to decipher the ciphertext since this is a very

basic example.

There are much more complex and secure ciphers or

algorithms that we'll cover later in the section.

A cipher is actually made up of two components,

the encryption algorithm and the key.

The encryption algorithm is the underlying logic or

process that's used to convert the plaintext into ciphertext.

These algorithms are usually very complex mathematical operations.

But there are also some very basic algorithms that we can take

a closer look at that don't necessarily require a PhD in math to understand.

The other crucial component of a cipher is the key,

which introduces something unique into your cipher.

Without the key, anyone using the same algorithm

would be able to decode your message, and you wouldn't actually have any secrecy.

So to recap, first you pick an encryption algorithm

you'd like to use to encode your message, then choose a key.

Now you have a cipher, which you can run your plaintext message through and

get an encrypted ciphertext out ready to be sent out into the world, safe and

secure from prying eyes.

Doesn't this make you feel like an international person of mystery?

Just wait, given that the underlying purpose of cryptography is to protect your

secrets from being read by unauthorized parties, it would make sense that at least

some of the components of a cipher would need to be kept secret too, right?

You can keep the argument that by keeping the algorithm secret, your messages

are secured from a snooping third party, and technically you wouldn't be wrong.

This general concept is referred to as, security through obscurity,

which basically means, if no one knows what algorithm were using or

general security practice, then we're safe from attackers.

Think of hiding your house key under you doormat, as long as

the burglar doesn't know that you hide the spare key under the mat, you're safe.

But once that information is discovered,

all security goes out the window along with your valuables.

So clearly, security through obscurity isn't something that you should rely on

for securing communication or systems, or for your house for that matter.

This overall concept of cryptography is referred to as Kerckhoff's principle.

This principle states that a cryptosystem, or a collection of algorithms for

key generation and encryption and

decryption operations that comprise a cryptographic service should

remain secure, even if everything about the system is known except for the key.

What this means is that even if your enemy knows the exact encryption algorithm you

use to secure your data,

they're still unable to recover the plaintext from an intercepted ciphertext.

You may also hear this principle referred to as Shannon's maxim or

the enemy knows the system.

The implications are the same.