Cryptography

End-to-end encryption

As of 2023, the Cryptographic Failures category sits at the number two position on the OWASP Top Ten, shifting up one position from 2017. This category was previously known as Sensitive Data Exposure but was renamed because the old name represents a broad symptom rather than a root cause.

Cryptography is defined as the practice and study of secure communication in the presence of malicious behavior. The crypto prefix is especially popular these days because cryptographic techniques enable cryptocurrency technologies. A huge area of cryptography has to do with encryption and hashing. Encryption and hashing are ways of converting information into secret code that hides the original meaning so that only authorized senders and receivers can understand the underlying data. The primary difference between encryption and hashing is that encryption is a reversible action—we can get the original input back from the encrypted output, while we can’t do that with hashing.

Symmetric encryption and hashing

When using encryption, we first need to decide how to encode or scramble our data. Let's say we have a message, "hello world", that we want to hide from potential eavesdroppers and attackers. While it should never be used in production, we can use the Caesar cipher (famously used by Julius Caesar) to demonstrate symmetric encryption, which uses a single key to encrypt and decrypt data. The Caesar cipher works by replacing each letter with another letter that is a fixed number of positions down the alphabet from the starting letter.