What is cryptography? Simply put, Cryptography provides a method for secure communication. It stops unauthorized parties, commonly referred to as adversaries or hackers, from gaining access to the secret messages communicated between authorized parties. The method that cryptography provides is called encryption.
You’ve probably visited a site and attempted to sign-up only to be met with errors such as:
Elliptic Curve Cryptography (ECC) is a modern public-key encryption technique famous for being smaller, faster, and more efficient than incumbents. Bitcoin, for example, uses ECC as its asymmetric cryptosystem because it is so lightweight. The mathematical entity that makes all of this possible is the elliptic curve, so read on to learn how these curves enable some of the most advanced cryptography in the world.
With quantum computers getting more powerful each year, many worry about the safety of modern encryption standards. As quantum computers improve in performance and the number of qubits used for calculations increases, current cryptosystems are under threat. AES-256 is one of the most powerful symmetric ciphers, but will it remain secure in a post-quantum world?
Bcrypt is a key derivation function, which can be thought of as a special kind of hash function. Its purpose is to slowly convert a piece of input data to a fixed-size, deterministic, and unpredictable output. A common use case is to convert a password into an n-bit cryptographic key, which can then be used for safe authentication.
Adi Shamir’s Secret Sharing is a cryptographic algorithm that allows distinct parties to jointly share ownership of a single secret by holding shares. The original secret can only be reconstructed by using a minimum number of shares, which allows different parties to cooperate without the need to fully trust one another.
If you’ve seen The Imitation Game or studied computer science in school, you have likely heard of Enigma, Alan Turing, or some of the other advances in cryptography that took place during the Second World War. During this time and until the 1970s, governments from around the world had near-total control of all cryptographic systems. It was nearly impossible to learn about encryption without going through a government agency.
PGP, or its open-source alternative, GPG, is a program used to encrypt data such that only an authorized party can decrypt it. In this introduction, we will cover its use-cases and a high-level overview of the algorithms involved.
Scrypt is a slow-by-design key derivation function designed to create strong cryptographic keys. Simply put, the purpose of the Scrypt hash is to create a fingerprint of its input data but to do it very slowly. A common use-case is to create a strong private key from a password, where the new private key is longer and more secure. Here at boot.dev, we use a similar KDF for securing user passwords.
Data integrity refers to the accuracy, legitimacy, and consistency of information in a system. When a message is sent, particularly using an untrusted medium, data integrity provides us with confidence that the message wasn’t tampered with. For example, the SSL signature of Boot.dev provides confidence that the webpage and data coming from our servers are coming from us and not the NSA.
White-box cryptography combines methods of encryption and obfuscation to embed secret keys within application code. The goal is to combine code and keys in such a way that the two are indistinguishable to an attacker, and the new “white-box” program can be safely run in an insecure environment.
To “Brute Force” something (when talking about computers) means to systematically try every possible combination until you find the right answer.
The purpose of cryptography is to keep information private, and the purpose of open-source is to make code public… So we shouldn’t open-source our cryptography algorithms right?
AES, or “Advanced Encryption Standard”, is an encryption specification that uses the Rijndael cipher as its symmetric key ciphering algorithm. AES encrypts a message with a private key, and no one but the key holder can decrypt the message. A great example of a good use-case for AES-256 is encrypting all the data on the hard drive of a computer when it’s not in use.
A Key Derivation Function, or KDF, is a cryptographic algorithm that derives one or more secret keys from a secret value. If you’ve ever needed to store a password in a database or create a private key from a password, you may have used a KDF. Some examples of popular KDFs are Argon2, Scrypt, and PBKDF2.
If you’re new to Bitcoin and cryptocurrency, you may have heard the common phrase not your keys not your coins. While self-custody isn’t for everyone, it’s the only way to truly have exclusive control over your funds. If that’s what you’re into, read on.
Choosing the right dependencies is a difficult task. Assuming the developer of an application is the best programmer in the world, the “best” thing to do would be to write the entire codebase alone. This would eliminate the bugs, vulnerabilities, and malicious intrusions of inferior developers.
We all have hundreds of online accounts. Ideally, as many of those accounts as possible have unique passwords. Unique passwords however present a difficult problem.
Bitcoin improvement proposal 32 is, in my opinion, one of the most important BIPs we have. (Thanks Peter Wuille!) BIP 32 gave us Hierarchical Deterministic Wallets, which grant the ability to create a tree of keys from a single seed.
In the wake of the hearings about Facebook’s new Libra blockchain, it is more important than ever that we all understand the difference between trustworthy and trustless apps.