DEV Community

Cover image for What I learned about cryptography in 3 weeks

What I learned about cryptography in 3 weeks

Nathanael Demacon on November 04, 2018

It's been 3 weeks that I started developing WarShield, a file encryption CLI. So I wanted to tell you everything important I know today about crypt...
Collapse
 
elabftw profile image
eLabFTW

Your last paragraph on Authenticity sounds wrong and misleading. You're putting everything in the same bag. It would have been better to explain what HMAC is instead of comparing it to md5 which is a hashing function and provides absolutely no authenticity, only integrity.

Collapse
 
quantumsheep profile image
Nathanael Demacon

Rework finished, hope that you will enjoy it!

Collapse
 
quantumsheep profile image
Nathanael Demacon

You're right, I somehow poorly formulated the paragraph, it need a rework :)

Collapse
 
siorai profile image
Paul Siorai Waldorf

Excellent write up!

So now I'm curious about something. Did you happen to come across the proposed RSA alternatives for asymmetrical key pairs that use things like EC25519 in order to move away from NSA created standards? If so, what was your take?

Collapse
 
quantumsheep profile image
Nathanael Demacon

ECC curves are far from what I know at this time.. If your question was about how to don't use NSA standards (like AES), I would use something like 3DES, former competitor of AES before AES was declared as the US government's standard.

Collapse
 
vishwasmahadev profile image
Vishwas Mahadev

Thanks for sharing! Informative😀

Collapse
 
willemodendaal profile image
Willem Odendaal

I've always wondered about the IV. Since it's random, you probably store it along with your encrypted data (but as an unencrypted value). Am I right? Is it the same thing as a "salt"?

Collapse
 
quantumsheep profile image
Nathanael Demacon

It's literally the same thing as a salt, it's mixed with the key like you mix some cheeses to make a fondue

Collapse
 
isavegas profile image
Leviathan Jeanis

Just a small point, but encryption and ciphers are two different things. A cipher consists of nothing more than a character (or byte) map from one alphabet to another.

Beyond that, nice work!

Collapse
 
quantumsheep profile image
Nathanael Demacon • Edited

I'll note that! I'm not an english native. In french, the word "crypting" doesn't really have the purpose of transforming a text to a ciphertext, there's a website dedicated to this word because of bad uses.

Thanks you for tell me that, I'll not make this error anymore!

(post fixed)

Collapse
 
ben profile image
Ben Halpern

Thanks for sharing your learnings, keep up the great work

Collapse
 
quantumsheep profile image
Nathanael Demacon

Thanks, the community helps me alot to improve myself! Hope that people like my posts as I like to make them!

Collapse
 
alimammiya profile image
Alimam Miya • Edited

I describe What is Cryptography in an easy way

Collapse
 
fleshwounded profile image
Fleshwound⚡ • Edited

I would like to to use case examples with scripts #showusthescripts!

Collapse
 
quantumsheep profile image
Nathanael Demacon • Edited

It's hard to show proper code of how cryptography works. You can't show code in an essay because your readers could not understand the programming language you use.

It's more like an explication than a demonstration.

Collapse
 
fleshwounded profile image
Fleshwound⚡

I understand Im just a snippet snob I guess lol

Collapse
 
zerquix18 profile image
I'm Luis! \^-^/

"This technique is basically a way to mix your key with another value, best being a random value."

Is this what you call a salt ??

Collapse
 
quantumsheep profile image
Nathanael Demacon

It's theoricaly the same thing as a salt, a salt is mostly used in hashing, where it will be append to the original value then hashed. An IV is XORed with a value (here a key)