Skip to main content

IT Theory: Symmetric and Asymmetric Encryption, Encoding & Hashing

523 words·
IT Theory
Table of Contents

Symmetric and Asymmetric Encryption
#

Symmetric Encryption Overview
#

  • Symmetric encryption uses the same key for both encrypting and decrypting data.

Example: Disk Encryption
#

  • A password is defined and used by the disk encryption software to create a symmetric key through a process called key derivation

  • This key will be used for both encrypting and decrypting the data on the disk

  • The encryption software (like BitLocker, VeraCrypt, or LUKS) uses the symmetric key to encrypt the data on the disk

  • To access the data, the symmetric key / or the method to retrieve it, like entering the password must be provided

  • The encryption software uses the key to decrypt the data


Asymmetric Encryption Overview
#

  • Asymmetric encryption uses a pair of keys, a public key (which can be shared with anyone) and a private key (which is kept secret).

  • Data can be encrypted with the public key, but only the private key can decrypt it


Example: SSH Key Pair
#

  • A SSH key pair is created

  • The public key is placed on the server to you want to connect to

  • The SSH client sends a request to the server to connect

  • The server generates a random challenge and encrypts it using the public key and sends the encrypted challenge back to the SSH client

  • The SSH client uses the private key to decrypt the challenge, only this pricate key can decrypt the challenge successfully

  • The SSH client sends the decrypted result back to the server

  • The server verifies the response and the the client is authenticated

  • Once authenticated, the SSH connection is established



Encoding
#

Encoding Overview
#

  • Encoding is the process of transforming data from one format into another for various purposes, such as data integrity, readability, or compatibility

Example: Kubernetes Secret Base64 Encoding
#

  • Kubernetes secrets are stored in base64-encoded format

  • While this is not encryption, it ensures that the secrets are not immediately readable in plain text when viewed in the Kubernetes API or through CLI tools

  • Base64 is easily reversible and does not provide strong security.

  • Base64 encoded data is larger than the original binary data. The output size increases by approximately 33%



Hashing
#

Hashing Overview
#

  • Hashing is the process of converting input data of any size into a fixed-size string of characters, which typically appears random

  • Hash functions like SHA-256 are designed to produce a fixed-length output, regardless of the input size. SHA-256, for example, always produces a 256-bit (32-byte) hash

  • This works by breaking the input data into fixed-sized blocks and processing them through a compression function

  • The same input will always produce the same hash

  • Hash functions are designed to change drastically even with a tiny change in the input and result in a completely different hash

  • Hash functions are designed to compute the hash quickly, even for large inputs

  • It is practically impossible to reverse-engineer the original input from its hash


Hashing Example
#

# Example hashing of a string
echo -n "Hello, it's Juergen" | sha256sum

# Shell output:
cc43908b4cb7c066631891e5151c613d586fb2be622b6d64573abfdf2bb91ff5  -


# Example hashing of a string
echo -n "Hello, it's Juergen. Hi there" | sha256sum

# Shell output:
36b867c9c0455b5951afb58243af4933a9195acfbdc4efd8e6f1cc2bdc11ef5c  -