I started watching the second session of the Bootcamp with 0xMilica, and as she predicted, my mind got partially fried — not completely, but medium-rare — so I had to portion the recording into two parts to be able to follow along.
Let me attempt to take you on this journey of 0s and 1s, algorithms, problems, eavesdroppers, and brains frying and melting concurrently.
1. Bitwise Operations
We saw the truth tables for AND, OR, and XOR (which, for me, sounded like a wizard's name 🧙♂️).
A truth table is a simple chart that shows how a logical operation behaves for every possible input — listing all possible combinations.
Let me share them with you:
Truth Table for AND
True only if both bits are 1.
Truth Table for OR
True if at least one bit is 1.
Truth Table for XOR
True if the bits are different. It is reversible and used in simple encryption.
XOR is self-reversible: if you XOR a message with a key to encrypt it, and then XOR the result with the same key again, you get the original message back.
I understood the part about bitwise operations and truth tables, but after revising my notes, I was confused about their relation to cryptography — although it’s clear that they are some sort of “code,” and that you could encrypt something by turning bits on and off, similar to Morse code.
If we encrypt a message bit by bit, we can create a cipher. Let’s say we want to encrypt the message 1010 using XOR:
Encrypted message: 1100
Now, if we XOR the ciphertext again with the same key:
We get back 1010, the original message.
This is at the heart of symmetric encryption, and XOR is one primitive — a building block of encryption.
2. Hash Functions
After exploring bitwise logic, we then moved on to hash functions.
Hash functions take an input of any length and produce an output of a fixed length. This output is called a digest.
As a software developer, I find hash functions fascinating because I see their fingerprints everywhere:
- In Docker, each image has a hash that uniquely identifies its contents.
- In JWTs, a hash ensures integrity and trust.
- In Git, each commit hash represents a precise snapshot of the code.
- In CSS or build artifacts, hashes in filenames help with cache busting by reflecting the file’s exact content.
- And of course, passwords should always be stored as hashes.
Hashes are deterministic: the same input always produces the same output.
They are also irreversible: you shouldn’t be able to recover the input from the output.
Finally, they should be collision-resistant, meaning two different inputs should not generate the same output.
In hashing, we also see the Avalanche Effect — a tiny change in the input has a massive effect on the output.
That’s where the Birthday Attack comes in!
It’s about finding two inputs that produce the same hash. Because of the birthday paradox, collisions are easier to find than intuition suggests.
Example:
You only need 23 people in a room for a 50% chance that two share a birthday.
In hashing, this means you don’t need to test all combinations to find a collision. However, with stronger algorithms, as I understand, they are less probable.
This was the first part of the lecture — and one I really enjoyed! I’ll try to summarize the second part later this week.
Top comments (1)
Dayana, your breakdown of modern cryptographic tools is both insightful and engaging! The way you demystify complex concepts like bitwise operations and encryption techniques makes them accessible to all. Your approach truly makes cryptography feel less intimidating and more approachable.