Cryptography is the practice and study of techniques for secure communication and processing in the presence of third parties. There are general three properties that we associate with secure communication:
- confidentiality: some information must be stored or transfered without permitting unauthorized entities to read it;
- integrity: some information must be stored or transfered without allowing any alteration by an unauthorized entity to go unnoticed;
- authenticity: some information must be stored or transfered in such a way that the originator of the information can be verified, in a way which unauthorized entities cannot falsify.
“Entities” are persons, roles or systems which are supposed to be distinct from each other according to some definition. Cryptography operates in the logical world of computers, from which the physical world is out of reach; anybody can buy a PC, so what distinguishes one user on a network from another (as seen through a network or any other communication protocol) is what that user knows. Cryptography calls such knowledge as a secret or key: this is a piece of secret data, which is used as parameter to a cryptographic algorithm that implements a cryptographic property with regards to the key.
For instance, symmetric encryption is about transforming some data (possibly a huge file), using a (normally short) key, into an encrypted form which shows no readable structure anymore, but such that the transformation can be reversed (recovering the original data from the encrypted form) if the encryption key is known. In a way, symmetric encryption concentrates confidentiality into the key, which can be short enough to be manageable (e.g. the key might be memorized by a human being, in which case it is called a password).
The cryptographic algorithms themselves are public, if only because nobody can really tell “how much” a given algorithm is secret, since algorithms are often implemented as software or hardware systems which are duplicated into many instances, and the cost of reverse engineering is hard to estimate. A cryptosystem (combination of an algorithm and its key) is then split into the algorithm, which is embodied as an implementation, and a key, for which security can be quantified (e.g. by counting the number of possible keys of a given length).
Cryptography covers the science of designing cryptographic algorithms (cryptology) and of trying to break them (cryptanalysis); it also encompasses the techniques used to apply the algorithms in various situations, in particular implementation as software, and the related subjects (such as performance issues). Some algorithms consist in the assembly of several sub-algorithms in order to obtain higher level properties (e.g. “a bidirectional tunnel for confidential data with verified integrity and mutual authentication”); they are then called protocols.
Commonly used cryptographic algorithms and protocols include, among others:
- Symmetric encryption: 3DES, AES, RC4, Blowfish
- Hash functions: MD5, SHA-1, SHA-2 (includes SHA-256 and SHA-512)
- Asymmetric encryption: RSA
- Digital signatures: RSA (similar, but not identical to, the RSA for encryption), DSA (as part of the “DSS” standard), ECDSA
- Data tunneling: TLS (formerly known as “SSL”; when used to convey HTTP requests, the result is known as “HTTPS”), SSH, IPsec
- Encrypted and/or signed emails: OpenPGP (standard protocol derived from the original PGP software), S/MIME
- Certificates: X.509, OpenPGP (certificates are about binding identities to public keys, which are themselves used in asymmetric encryption and digital signatures)
On-topic themes also include password management (storage, verification, entropy, breaking techniques such as rainbow tables…), advanced multi-party protocols (electronic voting schemes, digital cash, anonymous browsing…), usage of existing implementations (libraries, hardware accelerators, smartcards…), and so on.
Questions not directly related to software development (e.g. the more theoretic ones) are better asked in the Cryptography Stack Exchange site (still in beta).
NOTE: The content of this tag was originally posted at StackOverflow.com