Chapter 1 โ Why Cryptography Matters
Cryptography is the mathematical foundation of all security. Every HTTPS connection, every password database, every signed code package depends on it. Security professionals who do not understand crypto miss entire attack classes: weak keys, padding oracles, hash collisions, and certificate spoofing.
Chapter 2 โ Symmetric Encryption
Same key encrypts and decrypts. Fast, suitable for bulk data. Modern standard: AES-256-GCM. The hard problem is key exchange.
| Algorithm | Key Size | Status |
|---|---|---|
| AES-256-GCM | 256 bit | Recommended |
| ChaCha20-Poly1305 | 256 bit | Recommended |
| AES-128-CBC | 128 bit | Padding oracle risk without MAC |
| 3DES | 112 bit | Deprecated (SWEET32 attack) |
| RC4 | variable | Broken โ never use |
Chapter 3 โ Asymmetric Encryption
Two keys: public (encrypt or verify) and private (decrypt or sign). Solves the key exchange problem. Algorithms: RSA, ECDSA, Ed25519. Used in TLS handshakes, SSH, code signing, and PGP.
# Generate RSA key pair
openssl genrsa -out private.pem 4096
openssl rsa -in private.pem -pubout -out public.pem
# Encrypt with public key
openssl rsautl -encrypt -pubin -inkey public.pem -in plaintext.txt -out encrypted.bin
Chapter 4 โ Hashing & Integrity
One-way functions: same input always produces same output, infeasible to reverse. Used for password storage, file integrity, and digital signatures.
| Hash | Output | Security |
|---|---|---|
| SHA-256 | 256 bit | Secure |
| SHA-3 | 256-512 bit | Secure |
| bcrypt | 60 chars | Password storage โ use this |
| SHA-1 | 160 bit | Collision found โ avoid |
| MD5 | 128 bit | Collision trivial โ broken |
Chapter 5 โ PKI & Digital Certificates
PKI (Public Key Infrastructure) is the trust system behind HTTPS. X.509 certificates bind a public key to an identity, signed by a Certificate Authority (CA). Certificate transparency logs (crt.sh) are an OSINT goldmine โ they list every certificate ever issued for a domain, including subdomains you did not know existed.
# View certificate details
openssl s_client -connect target.com:443 | openssl x509 -noout -text
# Find subdomains via certificate transparency
curl "https://crt.sh/?q=%.target.com&output=json" | python3 -c "import sys,json; [print(r['name_value']) for r in json.load(sys.stdin)]"
Chapter 6 โ TLS/SSL Deep Dive
# Test TLS configuration
testssl.sh https://target.com
sslscan target.com
# Check for weak protocols and cipher suites
nmap --script ssl-enum-ciphers -p 443 target.com
Chapter 7 โ Common Crypto Weaknesses
| Weakness | Attack |
|---|---|
| CBC mode without MAC | Padding Oracle (POODLE, BEAST) |
| ECB mode | Pattern leakage โ identical blocks produce identical ciphertext |
| Weak random number generator | Predictable nonces leading to key recovery |
| Short keys under 128 bit | Brute force feasible |
| MD5/SHA1 for signatures | Collision attacks |
| Reused nonces in stream ciphers | XOR ciphertexts together to recover plaintext |
Chapter 8 โ Crypto in Practice
Never roll your own cryptography. Use well-tested libraries: libsodium, cryptography.io (Python), BouncyCastle (Java). For passwords: bcrypt, scrypt, or Argon2 โ never plain SHA-256. For symmetric encryption: AES-256-GCM or ChaCha20-Poly1305. For TLS: minimum TLS 1.2, prefer TLS 1.3, enforce HSTS.