At pCloud we talk a lot about encryption and we do our best to “translate” rather complex concepts into plain English. This is why today we prepared for you a little glossary of 10 encryption terms that will help you keep your cryptography lingo sharp.
This glossary will help you shine in any conversation about cybersecurity but the good news is that you don’t need to be a cryptography expert to protect your data – all you need is a service like pCloud Crypto: super simple to use and impossible to break.
While in real life a backdoor is usually the door leading to your backyard, in cryptography the term refers to a method of bypassing the security or authentication of a system (be it a product, computer system, algorithm, etc.).
Backdoors can be explicit or implicit. An explicit backdoor is one that everyone knows exists, and an implicit one can remain undetected.
The Clipper chip was created and promoted by the US National Security Agency (NSA) in 1993. The chips was essentially an encryption device intended for voice transmission. The NSA was hoping the Clipper chip would be widely adopted by telecoms because the device had an explicit built-in backdoor.
Fortunately, the chip faced a serious backlash from the general public because of the possibility of illegal surveillance by the NSA, and it never really picked up becoming absolutely obsolete by 1996. Sadly, that didn’t stop the Agency’s attempts on stomping upon people’s privacy (point in case – the Snowden fiasco).
Are you thinking of cheese and crackers? Well, you couldn’t be farther away from what this term means for cryptographers. A cracker is a hacker whose goal is to penetrate a computer system for a criminal gain. The difference is that hackers may be breaking into systems to find/pinpoint vulnerabilities or just to attract attention, while crackers are generally the bad guys looking to make a profit of hack attacks.
#4: Dictionary attack
The ones who are not familiar with the science of encryption will probably picture one individual attacking another with a dictionary as a chosen weapon (this makes sense, dictionaries are usually thick and can cause damage!).
However, cryptanalysis has a different understanding of the phrase: this is a hacking technique that tries to bypass internet security by determining passwords or encryption keys. That determining itself happens by trying a very large number of likely possibilities such as words in a dictionary, hence the name.
Dictionary attacks are often successful because people tend to choose short, common words as passwords – but this also makes such hacks easily avoidable, as long as you choose a strong passphrase.
A hash is a value returned by a cryptographic hash function. A cryptographic hash function, on the other side, is a mathematical algorithm that maps data of arbitrary size to a bit string of a fixed size.
Cryptographic hash functions are widely spread in cybersecurity as they have application in message authentication codes as well as other authentication, and in digital signatures.
Sounds complicated, doesn’t it? Let’s put this in layman’s terms: a hash is basically the fingerprint of a piece of data. The hash is a string or random-looking characters that have the purpose of identifying a piece of data pretty much the same way your fingerprint is used to identify you (so be careful where you leave those fingerprints, digital or otherwise).
Keep in mind that unlike encryption, hashing is a one-way process. It’s not meant to be a secure way to store or move data but is purely used as an easy way to compare two blobs of data.
A cryptographic key is a piece of information that determines the output of a cryptographic algorithm. Put simply, the key is the element that “locks” plain text into ciphertext and vice-versa – much like the actual key to your house.
It seems that a key is very similar to a passphrase, however, they are not quite the same. The main difference between the two is is that a passphrase, or a password, is intended to be created and used by a human, which means that it’s usually shorter and easier to guess than a key. A cryptographic key, in contrast, is meant to be used by software – so it’s generally longer and much more complex than a password.
A keyring stores known encryption keys and sometimes passwords. That’s pretty much it – finally a straightforward term that non-cryptographers can understand, phew!
For the cryptography science, a salt is a random piece of data used as an enhancement of a one-way function that hashes a passphrase. The purpose of using salts is to increase defense against a dictionary attack or safeguard passwords.
Salts are generated randomly for every password. Unlike the actual password, the salt doesn’t have to be memorized by a human so it can be significantly longer and more complex than a passphrase.
You’re still thinking of food, aren’t you! If you are, you will be disappointed – we’re not talking about yummy seasoning.
A pepper is something added to another value (e.g. to a password) before the value is hashed. Just like in real life, in cryptography a pepper can be added to a password together with a salt, and in fact, has a similar function to salts.
The difference between salt and pepper is that a pepper is held separately from the data that is to be hashed and is never stored.
#10: Rainbow table attack
We’ll end this tiny journey in cryptography with a term that sounds cheerful and careless – this is what rainbows stand for, right? Wrong! A rainbow table attack will not bring you any joy and cheer, on the contrary.
A rainbow table is a precomputed table used for reversing cryptographic hashes, i.e. for cracking password hashes. A rainbow attack is usually offline-only and can save the cracker a significant amount of time.
Being this efficient, a rainbow table attack can be prevented by hashing data two or more times with the same or different keys.
Try pCloud Crypto for free:
Get pCloud Crypto