Encryption 101

--Originally published at TC2027 – Surviving CS

What is encryption?

Encryption enhances the security of messages or files because only those who have the right key can open the message and read it. This type of security dates back a long time from Julius Caesar to the Nazis, the need to hide or protect our information to stop people other than its intended recipient from reading it.

So to start encrypting a message you need a key to start an encryption and also you need a key to decrypt the message. If someone is listening and hijacks the message  he/she can’t read it because they don’t have the proper keys to unlock the message.

There are two methods to encrypt data:

  • Symmetrical encryption – In this type of encryption both the sender and the receiver need to have the same key in order to make an encryption or decryption.


  • Asymmetrical encryption – In this type of encryption has two keys one public and one private, they public key is available to anyone who wants to send you a message but the private key only the receiver has it, this way only the owner of that private key can decrypt the message.






Crypto… what?

--Originally published at Computer and Information Security

Hey reader! Welcome once again to my blog, is good to have you here. Today I will talk about cryptography. Cryptography is a method of storing and transmitting data in a particular form so that only those for whom it is intended can read and process it.

You might have an idea about cryptography, since you have watched the Davinci’s code or have seen the egypcians hieroglyphics. The word is derived from the Greek kryptos, meaning hidden. The origin of cryptography is usually dated from about 2000 BC, with the Egyptian practice of hieroglyphics. These consisted of complex pictograms, the full meaning of which was only known to an elite few. The first known use of a modern cipher was by Julius Caesar (100 BC to 44 BC), who did not trust his messengers when communicating with his governors and officers. For this reason, he created a system in which each character in his messages was replaced by a character three positions ahead of it in the Roman alphabet.

But let’s explain this in computing science terms. The meaning and functionality is the same, it consists of hidding or cover a message so that only the reader with a valid key can descypher the message and read it, the computing science stuff gets involved in the process of how the message is encrypted and how to generate a key to share it with someone.

Modern cryptography concerns itself with the following four objectives:

  1. Confidentiality: The information cannot be understood by anyone for whom it was unintended.
  2. Integrity: The information cannot be altered in storage or transit between sender and intended receiver without the alteration being detected.
  3. Non-repudiation The creator/sender of the information cannot deny at a later stage his or her intentions in the creation or transmission of the information.
  4. Authentication: The
    Continue reading "Crypto… what?"

Plausible Deniability in Cryptography

--Originally published at Tobi`s Blog

Let’s start with a little metaphor. Over the weekend we rented a big ass familyvan to drive into the mountains over the weekend. Stupid decisions brought us to a steep muddy path, where we messed around a lot and finally got stuck. Obviously…
Finally we rescue the van somehow, but it really looks like shit. So when we return the van to the unnamed car-rental. The guy gets biiig eyes when he looks at our van and wants to know what we did. He even orders a mechanic to check if we broke it. Big hassle.

What does that have to do with Encryption?
Well, when you’re for example crossing borders and have your encrypted harddrive with you the officer might get big eyes as well and things can get a bit complicated for you. You’ve encrypted your drive, so “obviously” you have something to hide, are lying and a terrorist. Be creative…
Some countries do have a really negative attitude towards encryption.

To come back to the van, if we’ve had cleaned it, no one would have gotten any suspicions.

So how do we achieve that with our encrypted drive?

One method is steganography. The art of hiding a file in another file. So if someone has a look over your data he will be like:

“Oh a video with 4GB”                ‘clicks on it’       the video runs                    Nothing suspicious here

There is no reason to dig deeper. But if you open it with Veracrypt you’re prompted with: “Please enter Password”.

One way to achieve this is described here:

Well implemented steganography is the master’s way of plausible deniability, because there is even to closer look, no hint of an encrypted container.

Another way is to use Veracrypts hidden container in a container. The second container is

Continue reading "Plausible Deniability in Cryptography"

When to use reverse-encryption algorithm or not

--Originally published at Renato Gutiérrez Blog

Most of the applications that are developed today are focused on being visible at a global level from any platform, choosing 100% the cybernetic environment of the internet.

Sometimes, we need to restrict access to certain information, or if necessary, we want to customize the user experience, showing you things that really matter to you, for that we usually manage accounts for each of them, and in ” some “side must store the credentials of the users for their access, the question is, how to save in a simple but safe way ?. If you decide on the simplest approach, which is to save the credentials in a database, but protecting them in a simple way, we chose to encrypt them, for which there are different algorithms, the question is which to use?

  • md5
  • Sha-2
  • Base64
  • Base36
  • Caesar cipher
  • etc

Algorithms are more secure but can be “so safe” that there is no way to get their original value to the use of each one will depend on a certain part if we want to give it “reverse” and get the original value.

For this very common example case, I personally believe that it would be convenient to apply a non-reverse algorithm since, for reasons of both ethics and “saving” of resources, the non-reverse ones are more convivial.

An example of this type of algorithms is md5, which once you encrypt your value and there is no way to get it in its original form, which in this case is not relevant since we can apply the following approach to check if a user successfully entered their credentials.

  1. Save your credentials with md5
  2. User tries to enter their credentials
    1. Convert credentials to md5
    2. Compare guess md5 with saved in database
    3. In case of success, let the user pass, otherwise deny
      Continue reading "When to use reverse-encryption algorithm or not"