Enigma machine

Transforming the information in a way that only the intended party(-ies) can understand it is called cryptography. The resulted data can then be stored and transmitted in an untrusted environment.


Why we need cryptography



  • Authentication: to confirm the identity
  • Authorisation: to allow permission to use specific resources (after authentication)
  • Confidentiality: to protect the information. In this way we address the C in the CIA triad
  • Integrity: to validate the data is genuine
  • Nonrepudiation: to provide a way for the sender to commit to that statement (like a signature)

A system that can encrypt-decrypt the data is named cryptosystem

Cryptography is almost everywhere even if we don’t realise it. Whenever you use the PC you have to authenticate as a particular user of the system. Then the system authorises you to use resources according to your permission. If you engage in a payment process across the internet for example, the system encrypts your credit card details to protect the confidentiality of the information. The transmission channel also needs to protect the integrity of the transaction so that you pay no more (or less) that you should.

Protecting the information with cryptographic controls is not 100% secure. With sufficient resources almost any cryptographic algorithm can be broken.
That is why a pragmatic aim is to make the attacker not to be interested to even try. Using cryptographic control to secure information should one of multiple layers of security.

Caesar and Enigma cryptosystems

One of the first well known and very famous ciphers is known as the Caesar cipher. The principle is simple. Each letter of the alphabet is shifted 3 times. In this way A becomes D, B is E, C is F and so on. Because this kind of methods became easily to break over time more advanced methods were required. Enigma machine is a good example of using latest developments in technology to push forward cryptography.

Caesar cipher

There is an on-going debate among cryptographers on what kind of approach should we adopt towards making or not the algorithm available to the wide public. One of the views is to make it secret so if there are only few people that know how it works then the chances to break it are smaller. On the other hand, the other side believes if that everyone knows the algorithm than is possible to find faults and the developers can attempt to correct the system.

Stay safe!

About the author

Florin Florin Bejgu is a part-time blogger, full-time passionate about information security [more...].

2 thoughts on “Cryptography

  1. Alexis Alam

    I like your site! and his KISS principle.
    Being an ‘old’ wolf who worked in the IT field in a fortified Computer Centre in the 80’s for 17 years and now undergoing a master studies in Criminology/Security; I found some basic description of ‘Computing Security’ interesting and understandable for a large public. May I reference your web in my essay? My current essay is tackling the Cyber crime as one of the most problematic (crime) for the security manager to deal with in the working place.
    Hope that your site will grew up, and I noticed that he is already well referenced. Which is a mark of professionalism.

  2. Florin Post author

    Hi Alexis! Thanks for your kind words. Sure you can use my articles as references, but I feel I must warn you: for academic writings blogs or Wikipedia are not the most preferable references (in fact the opposite – this is what I was told while doing my dissertation). You’d better look for some academic published papers (a good starting point would be ).


Leave a Reply

Your email address will not be published. Required fields are marked *