Practice real cryptography concepts before moving to reading resources.

Week Introduction

Learning Outcomes (Week 10 Focus)

By the end of this week, you should be able to:

• LO2 - Technical Foundations: Explain how symmetric vs asymmetric encryption work and when to use each
• LO6 - Software Security: Identify common cryptographic mistakes (weak algorithms, ECB mode, hardcoded keys)
• LO8 - Integration: Map cryptographic controls to security properties (encryption → confidentiality, hashing → integrity, signatures → authentication)

Lesson 10.1 · What Is Cryptography? (Mathematical Foundation for Security)

Definition: Cryptography uses mathematical algorithms to transform data in ways that provide security properties (confidentiality, integrity, authentication) even when attackers can observe, intercept, or manipulate communications.

Four core security properties enabled by cryptography:

• Confidentiality: Only authorized parties can read data
  Mechanism: Encryption (plaintext → ciphertext)
  Example: HTTPS encrypts web traffic so ISPs can't read passwords
• Integrity: Unauthorized changes are detectable
  Mechanism: Cryptographic hashing, MACs (Message Authentication Codes)
  Example: Download checksums (SHA-256 hash) verify file wasn't tampered with
• Authentication: Parties can verify each other's identity
  Mechanism: Digital signatures, certificates
  Example: TLS certificates prove you're really talking to github.com, not an attacker
• Non-repudiation: Actions cannot be denied after the fact
  Mechanism: Digital signatures (only private key holder could have signed)
  Example: DocuSign — signer can't later claim "I didn't sign that"

Why cryptography is essential in untrusted networks:

The internet is fundamentally insecure — traffic passes through routers/ISPs you don't control, attackers can intercept/modify packets. Cryptography enables secure communication despite adversarial infrastructure.

Lesson 10.2 · Encryption: Symmetric vs Asymmetric

Core concept: Encryption transforms plaintext (readable) into ciphertext (unreadable without the key). The two major approaches differ in how keys are used and distributed.

Symmetric Encryption (Same key encrypts and decrypts):

• How it works: Both sender and receiver share the same secret key
  Analogy: Physical lock where both parties have identical keys
• Algorithms: AES-256 (industry standard), ChaCha20 (modern, fast)
• Strengths: Very fast (can encrypt gigabytes/second), simple concept
• Weakness: Key distribution problem — how do parties securely share the key initially?
• Use cases: Encrypting data at rest (disk encryption, database encryption), bulk data transfer after key exchange
  Example: Your laptop's disk encryption (FileVault, BitLocker) uses AES

Asymmetric Encryption (Public key encrypts, private key decrypts):

• How it works: Key pair — public key (shareable) encrypts, private key (secret) decrypts
  Analogy: Mailbox with slot (anyone can drop letters) and key (only you can open)
• Algorithms: RSA-2048/4096 (widely deployed), ECC (Elliptic Curve - newer, smaller keys)
• Strengths: Solves key distribution — publish public key, keep private key secret
• Weakness: 100-1000x slower than symmetric, limited message size
• Use cases: Initial key exchange, digital signatures, encrypting small secrets
  Example: HTTPS uses RSA/ECC to securely exchange AES keys at connection start

Hybrid approach (Best of both worlds):

Real systems combine symmetric and asymmetric:

1. Use asymmetric (RSA/ECC) to securely exchange a symmetric key (AES)
2. Use symmetric (AES) to encrypt bulk data (fast)
3. Example: TLS/HTTPS handshake — RSA exchanges AES session key, then AES encrypts website traffic

Why not just use asymmetric for everything? Too slow for large data. Encrypting a 1GB file with RSA would take hours; with AES takes milliseconds.

Lesson 10.3 · Hashing and Integrity (One-Way Functions)

Definition: A cryptographic hash function transforms arbitrary-length input into fixed-length output (digest/hash). Hash functions are one-way — easy to compute, impossible to reverse.

Three critical properties of cryptographic hashes:

• 1. Deterministic: Same input always produces same hash
  Why it matters: Enables verification — recompute hash, compare with original
  Example: SHA-256("hello") = 2cf24dba... (always the same)
• 2. One-way (Preimage resistance): Cannot reverse hash to recover original input
  Why it matters: Safe to store hashes of secrets (passwords) — even if database leaks, can't recover passwords
  Example: Password databases store hash(password), not plaintext password
• 3. Collision-resistant: Computationally infeasible to find two different inputs with same hash
  Why it matters: Ensures integrity — attacker can't substitute malicious file with same hash
  Example: Download verification — if file hash doesn't match published hash, file was tampered with

Common hash algorithms:

• MD5: ❌ Broken (collisions found), do not use for security
• SHA-1: ❌ Deprecated (collision attacks exist), avoid
• SHA-256/SHA-512: ✅ Strong, widely used (part of SHA-2 family)
• SHA-3: ✅ Modern alternative to SHA-2, different design
• BLAKE2/BLAKE3: ✅ Fast, secure, growing adoption

Practical use cases for hashing:

• File integrity verification:
  Download software → compute SHA-256 hash → compare with published hash
  If hashes match, file wasn't corrupted or tampered with
• Password storage:
  Store hash(password + salt), not plaintext password
  Login: hash(entered password + salt), compare with stored hash
  Note: Use password hashing algorithms (bcrypt, Argon2), not raw SHA-256 (too fast, vulnerable to brute force)
• Digital signatures:
  Sign hash of document (not entire document) — faster, fixed size
• Blockchain/Git commits:
  Each block/commit identified by hash of its contents — tampering changes hash

Lesson 10.4 · Key Management: The Hardest Part of Cryptography

Core reality: "Cryptography is easy to get wrong, and when you get it wrong, you get it very wrong." Most cryptographic failures aren't algorithm breaks — they're key management failures.

Key lifecycle management (cradle to grave):

• 1. Generation: Keys must be truly random (cryptographically secure random number generator)
  Failure example: Debian OpenSSL bug (2008) — weak RNG made keys predictable, millions of certificates compromised
• 2. Storage: Keys must be protected at rest
  Bad: Hardcoded in source code, stored in plaintext config files
  Better: Environment variables, encrypted configuration
  Best: Hardware Security Modules (HSMs), cloud key management services (AWS KMS, Azure Key Vault)
• 3. Distribution: Keys must be shared securely (if shared at all)
  Symmetric problem: How do parties securely exchange keys initially? (Use asymmetric crypto)
  Asymmetric solution: Public keys can be distributed openly (verified via certificates)
• 4. Rotation: Keys should be changed periodically
  Why: Limits damage if key is compromised (old data stays encrypted with old key)
  Practice: Rotate every 90 days (compliance requirement), more frequently for high-risk keys
• 5. Destruction: Keys must be securely deleted when no longer needed
  Why: Old keys on backup tapes become future attack vector
  Practice: Cryptographic shredding (overwrite with random data), hardware destruction for HSMs

Common key management failures (real-world disasters):

• Hardcoded keys in source code:
  Uber breach (2016) — AWS keys hardcoded in GitHub repo, 57M records stolen
• Keys stored unencrypted:
  Target breach (2013) — Network credentials stored in plaintext, led to 40M credit card theft
• Weak key generation:
  PlayStation Network (2011) — Weak random number generation in ECDSA signatures, private keys recovered
• No key rotation:
  Same encryption key used for years, single compromise exposes all historical data

Best practices for key management:

• Never hardcode keys (use environment variables, secrets managers)
• Use HSMs or cloud KMS for production systems
• Implement principle of least privilege (separate keys for different purposes)
• Automate key rotation (manual rotation = gets skipped)
• Log all key access (detect unauthorized use)
• Plan for key compromise (revocation procedures, re-encryption strategy)

Lesson 10.5 · Malware Persistence (Defensive Overview)

Persistence means "staying after reboot." You don't need to learn how to build malware — you need to understand what defenders look for: unexpected startup entries, scheduled tasks, new services, unusual child processes.

Scope boundary: This platform teaches defensive understanding. We focus on recognizing persistence concepts and hardening choices — not step-by-step offensive instructions.

Lab 10 · Cryptographic Controls Design

Time estimate: 40-50 minutes

Objective: Design cryptographic controls for a system that handles sensitive data. You will select appropriate cryptographic primitives (encryption, hashing, signatures), justify algorithm choices, and address the key management lifecycle.

Task Overview

Choose one scenario:

• Messaging app: End-to-end encrypted chat, media sharing
• Cloud storage: Encrypted file storage, secure sharing
• Payment processor: Credit card data handling, transaction integrity
• Password manager: Encrypted credential vault, master password

For your chosen scenario, design:

1. Where encryption is needed (data at rest, data in transit, specific fields)
2. Which algorithms to use (AES-256, RSA-2048, SHA-256, etc.) and why
3. Key management strategy (generation, storage, rotation, destruction)
4. Threat model — what attacks does crypto defend against? What doesn't it prevent?
5. Failure scenarios — what happens if keys are lost or compromised?

Success criteria:

• ✅ Correctly matched crypto primitives to security goals (encryption for confidentiality, hashing for integrity, etc.)
• ✅ Chose industry-standard algorithms (not deprecated MD5/SHA-1)
• ✅ Addressed key lifecycle comprehensively (not just "store keys securely")
• ✅ Acknowledged trade-offs (e.g., end-to-end encryption prevents server-side features)

🎯 Hands-On Labs (Free & Essential)

Practice real cryptography concepts before moving to reading resources.

💡 Lab Tip: Always ask which security property you need first (confidentiality, integrity, authentication). Crypto choice follows that.

Resources (Free + Authoritative)

Work through these in order. Focus on understanding when to use each cryptographic primitive.

Tip: Completion and XP persist via localStorage. If progress doesn't update immediately, refresh once.

Weekly Reflection Prompt

Aligned to LO2 (Technical Foundations) and LO6 (Software Security)

Write 200-300 words answering this prompt:

Explain how cryptography enables security in untrusted networks. Use your Lab 10 cryptographic design as an example.

In your answer, include:

• The difference between symmetric and asymmetric encryption, and when to use each
• How hashing provides integrity (detecting tampering) even though it's one-way
• Why key management is often the weakest link in cryptographic systems
• One real-world cryptographic failure (weak algorithms, hardcoded keys, poor implementation)
• How you addressed confidentiality, integrity, and authentication in your lab design

What good looks like: You demonstrate understanding that cryptography is a tool, not a silver bullet. You explain when to use encryption (confidentiality), hashing (integrity), and signatures (authentication). You acknowledge that implementation matters — strong algorithms with weak key management fail. You connect cryptographic primitives to real-world use cases (HTTPS, password storage, digital signatures).