Cryptography Basics

Symmetric vs Asymmetric Encryption

TypeKey ModelSpeedUse CaseAlgorithms
SymmetricSame key to encrypt/decryptFastBulk data encryptionAES-256, ChaCha20
AsymmetricPublic key encrypts, private key decryptsSlowKey exchange, digital signaturesRSA-2048+, ECDSA, Ed25519
HybridAsymmetric to exchange symmetric keyFast+SecureTLS, PGP, Signal protocolRSA/ECDH + AES

Hash Functions Reference

AlgorithmOutput SizeStatusUse For
MD5128 bitBrokenChecksums only (not security)
SHA-1160 bitDeprecatedLegacy systems only
SHA-256256 bitSecureData integrity, JWT, certificates
SHA-512512 bitSecureHigh-security integrity checks
SHA-3/256256 bitSecurePost-quantum resistant option
bcrypt60 charsSecure (slow)Password hashing
Argon2idVariableBest for passwordsPassword hashing (OWASP recommended)
BLAKE3256 bitSecureFast general-purpose hashing

AES Encryption in Go

import ( "crypto/aes" "crypto/cipher" "crypto/rand" "io" ) // AES-256-GCM (authenticated encryption) func encrypt(plaintext, key []byte) ([]byte, error) { block, err := aes.NewCipher(key) // key must be 32 bytes for AES-256 if err != nil { return nil, err } gcm, err := cipher.NewGCM(block) if err != nil { return nil, err } nonce := make([]byte, gcm.NonceSize()) if _, err = io.ReadFull(rand.Reader, nonce); err != nil { return nil, err } return gcm.Seal(nonce, nonce, plaintext, nil), nil } func decrypt(ciphertext, key []byte) ([]byte, error) { block, _ := aes.NewCipher(key) gcm, _ := cipher.NewGCM(block) nonceSize := gcm.NonceSize() nonce, ciphertext := ciphertext[:nonceSize], ciphertext[nonceSize:] return gcm.Open(nil, nonce, ciphertext, nil) }

TLS Handshake Overview

StepDescription
1. ClientHelloClient sends supported TLS versions, cipher suites, random bytes
2. ServerHelloServer chooses TLS version, cipher suite, sends certificate
3. Certificate verificationClient verifies server certificate against trusted CA
4. Key exchangeECDHE generates shared secret without transmitting it
5. FinishedBoth sides derive session keys; encrypted communication begins

Outils associés

🔒 SSL Certificate Checker Check SSL certificate status & expiry 🧮 Password Entropy Calculator Calculate password entropy & strength 🛡 XSS Reference XSS payloads and defense reference 🗃 SQL Injection Reference SQL injection testing & defense guide 🛡 CSP Policy Generator Generate Content Security Policy 🔑 OAuth 2.0 Builder Build OAuth 2.0 auth request params 🔍 Sensitive Info Detector Detect secrets & passwords in text 🔒 Hash Algorithm Reference Hash algorithm security reference 🔐 SSL/TLS Reference SSL/TLS versions & cipher suites ref 🎫 JWT Best Practices JWT security guide & common errors 🌐 CORS Security Guide CORS cross-origin security practices Rate Limiting Patterns Token bucket, sliding window algos