- Cryptography is used to protect data when it's outside the operating system's control
- Converts data from one form to another in controlled ways
- Goal is to make data unintelligible to opponents who don't have the key
- Plaintext (P) is converted to ciphertext (C) using encryption algorithm E() and key K
- C = E(P, K)
- Decryption reverses this: P = D(C, K)
- Deterministic - same inputs always produce same outputs
- Hard to determine P from C without knowing K
- Relies entirely on secrecy of the key
- Symmetric: Same key used for encryption and decryption
- Asymmetric (public key): Different keys for encryption and decryption
- Public key can be widely shared
- Private key kept secret
- Uses single shared secret key
- Fast but key distribution is challenging
- Uses key pairs - public and private key
- Slower but solves key distribution problem
- Can be used for authentication and secure communication
- One-way function, cannot be reversed
- Used for integrity checking, password storage, etc.
- Encrypts data stored on disk/storage devices
- Protects against physical theft of storage media
- Full disk encryption vs selective encryption
- Protects data in transit between machines
- Unforgeable access tokens using encryption
- Proper key selection and secrecy is critical
- Use truly random sources to generate keys
- Minimize storage and exposure of keys
- Does not protect against compromised OS
- Vulnerable to software flaws in implementations
- Key management remains a major challenge