

You pay by credit card in an unknown shop. How do you make sure your card is notย copied?
you type your password into google.com and press send how do you know no one else other than google servers can read your password?
you are reading something in public wifi. How do you make sure no one knows about what are youย reading?
sending some private message to your friend on WhatsApp. How do you make sure no one else can read thatย message?
All of the above things are possible through the magic of cryptography.
Software engineering is about designing systems and building applications. Very often we think cryptography is a lot of math so it must be really hard and itโs partly true but the good news is that you donโt have to know any math or cryptography algorithm details in order to use them. In fact, you can be relatively good in building a secure system without even knowing most of the details of any of the cryptographic algorithms. Just remembering properties of these algorithms isย enough.
Alright so letโs learn some of the conceptsย first
And that's it. Almost everything in crypto is built on top of these concepts. Once you internalize these concepts, you can use these to reason about the secure systems, anticipate how something might be working and use these concepts to solve something. Itโs truly magical and surprisingly very few software engineers understand these concepts and use them when required and you can become one of those few people. These concepts are like first principles when reasoning about any system that usage cryptography.
Okay, letโs try to find answers to the above questions now. Try to think of the solutions based on the above concepts before you see theย answers.
you are paying by credit card in an unknown shop. How do you make sure your card is notย copied?
All the smart cards including credit cards use some version of asymmetric encryption( RSA). Smart card login is a two-step authentication mechanism that uses a hardware device to store a userโs public key credentials, and a Personal Identification Number (PIN) as the secret key to authenticate the user to the smart card. The smart card includes a built-in microprocessor, operating system, and memory for storing personal information securely. A smart card offers tamper-resistant storage for the userโs private key, which can only be accessed by entering a secret Personal Identification Number (PIN), and cryptographic support for operations such as digital signatures and key exchange.
The PIN is only used to authenticate the user to the smart card and it is never sent over the network, as is the case of shared secret login information obtained from the userโs password is transmitted over the network. Once authenticated, the userโs public key is retrieved from the card by the Security Subsystem and verified to make sure it is valid and that a trusted party issuedย it.
you type your password into google.com and press send how do you know no one else other than google servers can read your password?
you are reading something in public wifi. How do you make sure no one knows about what are youย reading?
Both of these are possible by using https combined with some trusted third party. Usually, this is achieved by digital certificates and these certificates are trusted by your browser. digital certificates are nothing but a public key with some metadata.
sending some private message to your friend on WhatsApp. How do you make sure no one else can read thatย message?
WhatsApp is using a combination of all of the above concepts. You can find more details about the protocol here(signal protocol)
So many other systems are using the above concepts to solve different problems.
Google ChromeโโโSet or Change a Sync Passphrase
Hope you now know the basics and excited to explore more.ย Cheers!
Create your free account to unlock your custom reading experience.