N THE FIELD OF INFORMATION SECURITY, there are a handful of topics that
serve as the foundation to understanding other technologies. One of these
foundations is cryptography, which is a body of knowledge that deals with
the protection and preservation of information. Cryptography is one of the
techniques woven into the very fabric of other technologies including IP Security
(IPSec), certiﬁ cates, digital signatures, and many others. Common examples of
cryptography in use include Wired Equivalent Privacy (WEP), Wi-Fi Protected
Access (WPA), and 802.11i (WPA2), not to mention Secure Sockets Layer (SSL),
just to name a few. With a ﬁ rm grasp of cryptography in hand, you can fully
understand other technologies and techniques—and their proper applications.
Cryptography provides information protection in the areas of conﬁ dentiality
and integrity as well as providing the additional advantages of nonrepudiation.
If applied properly, cryptography can provide robust protection that would not
otherwise be possible. Conﬁ dentiality is the ability to protect information from
unauthorized disclosure; information cannot be viewed by those not authorized
access. Integrity is provided through the cryptographic mechanism known as
hashing. Nonrepudiation provides the ability to prevent a party from denying
the origin of the information in question. You can use cryptographic techniques
to provide these same solutions to information both in transit and in storage.
From another perspective, it is important to understand cryptography in order
to properly evaluate systems. Understanding the different types of cryptographic
algorithms can make evaluating software and services easier by providing
insight into how something is supposed to work. Furthermore, understanding
cryptography allows the ethical hacker to understand how to properly evaluate
systems to look for weaknesses and better understand threats. Password
cracking, authentication systems testing, trafﬁ c snifﬁ ng, and secure wireless
networks are all mechanisms that use encryption and are common mechanisms
that are tested by ethical hackers on behalf of clients.