This chapter takes an in-depth look at cryptographic systems and processes. This is an important topic because everyone deals with encryption in one form or another. Go to any ATM and insert your debit card, pay at the pump for gas, or even enter the password on the computer you built in Chapter 1. Each of these activities involves some type of cryptographic process.

For anyone involved in security, it is important that you understand the basics of cryptographic systems. This includes symmetric encryption, asymmetric encryption, and public key infrastructure (PKI). Understanding how these systems works provides the building blocks for analyzing systems that security engineers work with, including identification and authentication systems. Authentication can be based on passwords, tokens, or biometrics. No matter how the activity or authentication is performed, most likely some cryptographic processes are involved. As an example, if it is an encrypted password, how is the password encrypted? Is it some form of symmetric encryption, asymmetric, or maybe a password hash? Knowing these details will help you assess how strong the system is and what potential weaknesses the system may have. In your lab you may want to assess passwords or other encrypted values. Understanding cryptography will help you understand how to perform tasks such as password cracking.