Originally published on lavkesh.com
I still find it fascinating that the Spartans used cryptography 2,500 years ago with the scytale, a stick you'd wrap a strip of leather around to read a message. These days it's a lot more mathematical and a lot less tactile, but the core idea hasn't changed: keep people from reading what you don't want them to read.
Cryptography was mostly used by diplomats and armies for centuries, but that changed dramatically in World War II with the Enigma machine. It was an electro-mechanical beast that applied substitution and transposition so comprehensively that cracking a single day's worth of messages required serious computational power.
There are three core types of cryptography you need to know: symmetric-key, asymmetric-key, and hash functions. Symmetric-key cryptography uses one key for both locking and unlocking, like AES or DES. Asymmetric-key cryptography uses a pair of keys, with the public key going out into the world and the private key staying locked in your vault.
For instance, when using AES, a common key size is 128 bits, which provides a huge keyspace of 2^128 possible keys, making it virtually unbreakable with current computing power. However, as computers get faster, we may need to move to larger key sizes like 256 bits to stay ahead of potential threats.
Asymmetric-key cryptography is mathematically trickier and slower, but it lets strangers encrypt messages to you without ever having met in a dark alley to exchange secrets. Hash functions are one-way streets, where you feed data in and get a fixed-length fingerprint out, like SHA-256 or MD5.
Hash functions have their own set of trade-offs, with SHA-256 being more secure but slower than MD5, which is faster but more vulnerable to collisions. In practice, the choice of hash function depends on the specific use case, such as data integrity or password storage, where the security requirements may vary.
In practice, modern systems combine substitution, transposition, block ciphers, and stream ciphers in ways that would've made a 1940s cryptanalyst's head spin. Substitution means replacing plaintext with something else using a pattern or key, while transposition means rearranging it.
Tools like OpenSSL and NaCl provide implementations of various cryptographic primitives, making it easier to integrate encryption into applications. However, using these tools correctly requires a deep understanding of the underlying cryptography and the specific use case, as mistakes can lead to security vulnerabilities.
Cryptography matters for online transactions, digital signatures, email, chat, voice calls, and cryptocurrencies like Bitcoin. National security also relies on it for classified communications, intelligence work, and military ops.
When organizations move to the cloud, they realize they have new security problems. Cloud security means thinking beyond just encryption, with concerns like data breaches, malware, ransomware, insider threats, and DoS and DDoS attacks.
To reduce risk, you need multi-factor authentication, encryption, monitoring, logging, regular security audits, and training people about security awareness. Cloud Access Security Brokers, cloud-native security tools, machine learning, and Cloud Security Posture Management tools can all help.
Using cloud security tools like AWS IAM, Google Cloud IAM, or Azure Active Directory can help manage access and identity in the cloud, but requires careful configuration and monitoring to ensure that security policies are enforced correctly.
The key takeaway is that security is a shared responsibility between you and your cloud provider. You're accountable for understanding which part is yours and taking it seriously. Organizations that do this are the ones that sleep better at night.
Top comments (0)