Cryptology isn't just theory—it's the invisible shield protecting your every digital move. This second installment of our cryptology deep dive moves beyond the fundamentals to reveal how these powerful tools operate in real-world systems that safeguard our digital lives.
Digital signatures stand as one of cryptology's most practical applications, providing the three pillars of digital trust: integrity verification, sender authentication, and non-repudiation. We break down the elegant process of creating and verifying these signatures, before tackling the critical question of public key trust. The Public Key Infrastructure (PKI) discussion reveals how certificate authorities, registration systems, and trust chains function together to authenticate online identities—the system that verifies whether you're really connecting to your bank or an impostor.
Key management emerges as the unsung hero of cryptographic security. We explore the entire lifecycle of cryptographic keys from generation through destruction, examining specialized hardware solutions like TPMs, HSMs, and secure enclaves that form the backbone of enterprise security. You'll discover how organizations implement controls requiring multiple executives to access critical keys, preventing single-point compromise of sensitive systems.
The episode offers practical guidance on protecting data in all three states: at rest, in transit, and in use. From full disk encryption and database protection to TLS/SSL protocols and emerging homomorphic encryption, we examine how cryptology secures information wherever it lives. Advanced techniques like password salting, key stretching, blockchain technology, and steganography round out your understanding of modern cryptographic applications.
Whether you're a cybersecurity professional or simply curious about what happens behind the scenes when you make an online purchase, this episode provides clear insights into the cryptographic mechanisms working tirelessly to secure our connected world. Subscribe now and join us next time as we tackle incident response and digital forensics—the investigative side of cybersecurity.
If you want to help me with my research please e-mail me.
Professorjrod@gmail.com
If you want to join my question/answer zoom class e-mail me at
Professorjrod@gmail.com
Art By Sarah/Desmond
Music by Joakim Karud
Little chacha Productions
Juan Rodriguez can be reached at
TikTok @ProfessorJrod
ProfessorJRod@gmail.com
@Prof_JRod
Instagram ProfessorJRod
Episode Transcript
Welcome back to Technology Tap.
I'm Professor J-Rod, and todaywe're continuing our deep dive
into cryptology.
In the last episode, weexplored the building blocks
symmetric encryption, asymmetricencryption and hashing.
If you haven't listened yet,definitely check it out first,
because today we're puttingthose tools into action.
We'll look at digitalcertificates, pki certificates,
(00:52):
key management, data protectionstrategies and even blockchain.
By the end of the episode, younot only understand how
cryptology works, but also howit's implemented in the real
world, from your laptops toglobal payment systems.
Let's start with digitalsignatures, one of the most
powerful applications ofcryptology.
A digital signature is like avirtual fingerprint that
(01:14):
provides three things about amessage.
One integrity hasn't beenchanged.
Two authentication it reallycame from who you think it came
from.
And three non-repudiation thesender cannot deny that they
sent it.
Here's how it works.
Step one the sender takes amessage and creates a hash of it
(01:35):
, a unique fingerprint.
Two the hash is encrypted withthe sender's private key.
This becomes the digitalsignature.
Three the message and thesignature are sent together
become the digital signature.
Three the message and thesignature are sent together.
Four the recipient's decryptedsignature with the sender's
public key and compares theresulting hash with one they
generated from the message Five.
If they match, the message isauthenticated and unauthored.
(01:58):
This system is the backbone ofcode signing, email signing and
even SSL TLS.
But this raises a question howdo you know a public key really
belongs to the person it claimsto be?
This is where PKI public keyinfrastructure comes in.
Pki is the trusted system thatties public keys to identities.
(02:19):
It involves a certificateauthority or CA trusted
organizations that verifyidentities and issues
certificates.
Registration authorities, orRAs, help validate identity
before issuing a cert.
Digital certificates containthe public key, identity info,
expiration date and the CA'ssignature, cro and OCSP aid
(02:45):
submet method to check if acertificate is revoked.
So when you visit your bank'swebsite, your browser checks the
certificate's validity, issuerand verification status before
encrypting anything.
If something's wrong, you getthat scary.
Your connection is not privatewarning.
This trust chain is critical.
(03:06):
If a CA certificate authorityis compromised, attackers could
impersonate major websites,intercept traffic and perform
man-in-the-middle attacks oron-the-path attacks.
As is known now, pki also usesa chain of trust Root CA
certificate authority,intermediate CA and entity
certificate.
(03:27):
This hierarchical allows rootkeys to stay offline for
security reasons, whileintermediates issues everyday
certs.
Strong cryptology is useless ifyour keys aren't properly
managed Key management is aboutcontrolling the entire life
cycle of keys Generation, usingsecure random of generations.
(03:48):
Using random number generatorsto create strong keys.
Distribution, securing sharingkeys, especially symmetric ones.
Storage keeping keys safe inmemory, encrypted files or on
dedicated hardware.
Rotation, replacing keysperiodically to limit exposure.
Next revocation and expiration.
(04:11):
Making sure compromised or oldkeys can't be used.
Destruction securely wipingretired keys.
Hardware-based solutions TPM orTrusted Platform Module built
into Motherboard stores keyssecurely.
Supports Securebook.
Hseb Hardware Security Moduleused by big organizations like
(04:33):
banks and CAs to securelygenerate and store keys.
Secure enclaves, isolated areasand processors like Microsoft
Secure Enclave or Intel SGX,where cryptographic operations
can be performed safely.
There's also the concept of keyescrow securing storing
encryption keys with a trustedthird party.
(04:55):
This allows recovery if anemployee leaves or a system
fails.
Many companies implementon-the-path or man-in-the-middle
control for high-value keys.
For example, three or fiveexecutives must agree to release
a key.
This prevents one rogueindividual from misusing a
critical key.
(05:15):
The example is BitLocker canstore its recovery keys in
Active Directory or 0AD, so ITcan recover encrypted laptops if
employees forget their password.
Bottom line, the keys are thecrown jewel, so guard them well.
Now let's talk about applyingcryptology to protect data
whenever it lives at rest, intransit or in use.
(05:37):
Data at rest Full diskencryption encrypts the entire
drive Great for laptops.
File level encryption protectsonly specific files or folders.
Windows EFS 7-zip with AES.
Database encryption.
Ted Transparent data encryptionencrypts entire database.
(05:58):
Column level encryptionprotects specific fields like
social security numbers.
Ped transparent data encryptionencrypts entire database.
Column level Encryptionprotects specific fields like
social security numbers orcredit card numbers.
Data in transit TLS.
Ssl encrypts web traffic.
Vpns create encrypted tunnelbetween sites or users.
Ssh secures remote logins.
Smime and PGP.
(06:18):
Encrypts email Data in use.
Secures remote logins.
Smime and PGP encrypts emailData in use.
Secure enclaves homomorphicencryption still emerging allow
processing data without exposingit.
We also have the perfectforward secrecy.
This ensures each session usesa unique key.
Even if the server's privatekey is compromised later, past
(06:38):
sessions remain secure.
So, for example, tls 1.3enforces forward sequency by
default using ECD HE keyexchange.
That means even if someonerecords your traffic today and
steals the server key a yearlater, they cannot decrypt it.
Finally, let's cover someadvanced but essential
(07:00):
techniques that secure modernsystems.
Salting Salting adds a randomstring to each password before
hashing.
This prevents rainbow tableattacks and ensures users with
the same password don't have thesame hash Key.
Stretching Runs the hashfunctions thousands of times.
Bcrypt, scrypt, argon2, areexamples.
(07:23):
To slow down brute forceattacks, blockchain.
Think of it as a distributed,immutable ledger.
Each blockchain contains a hashof the previous one, making
tampering nearly impossible.
Using cryptocurrency, supplychain tracking, secure identity
and even voting systems,officiation, hiding data in
plain sight, stenography,tokenization, data masking,
(07:47):
using development and testing toprotect real, personal
identifiable information or tohide messages.
Our example is in digitalforensics investigators may look
for stenography, secretmessages hidden in an image
pixel.
You can actually hide datainside a picture.
So if anybody has ever done it,we've done it in my classes.
(08:07):
I've taught the students how todo it.
It's pretty cool.
And there you have it a fullpicture of cryptology in actions
.
In these two episodes, you'vegone from fundamentals symmetric
, asymmetric encryption, hashingto the real-world applications
that power secure communications, protect sensitive data and
keep our digital lives safe.
(08:29):
A few takeaways before we wrapup.
Protect your keys.
Good crypto is only as strongas its key management.
Stay current.
Use modern algorithms like AES,sha-256.
Avoid outdated ones like DES orMD5.
Embrace best practice likeperfect forward secrecy and
(08:51):
certificate pinning for strongersecurity.
Cryptology isn't magic, butwhen used properly, it's one of
the most powerful shields wehave in cybersecurity.
Thanks for listening toTechnology Tap.
If you enjoyed this deep dive,share it with a colleague and
don't forget to subscribe.
Next we will tackle incidenceresponse and digital forensics.
(09:12):
Until then, stay secure, staycurious and keep tapping into
technology.
This has been production ofLittle Tata Productions.
(09:33):
Art by Sarah, music by Joe Kim.
If you want to reach me, youcan email me at ProfessorJRod
that's J-R-O-D at gmailcom.
You can also follow me onTikTok at Professor J-Rod.
Popular Podcasts
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
Crime Junkie
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you won’t hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, you’ve found your people. Follow to join a community of Crime Junkies! Crime Junkie is presented by audiochuck Media Company.
Cardiac Cowboys
The heart was always off-limits to surgeons. Cutting into it spelled instant death for the patient. That is, until a ragtag group of doctors scattered across the Midwest and Texas decided to throw out the rule book. Working in makeshift laboratories and home garages, using medical devices made from scavenged machine parts and beer tubes, these men and women invented the field of open heart surgery. Odds are, someone you know is alive because of them. So why has history left them behind? Presented by Chris Pine, CARDIAC COWBOYS tells the gripping true story behind the birth of heart surgery, and the young, Greatest Generation doctors who made it happen. For years, they competed and feuded, racing to be the first, the best, and the most prolific. Some appeared on the cover of Time Magazine, operated on kings and advised presidents. Others ended up disgraced, penniless, and convicted of felonies. Together, they ignited a revolution in medicine, and changed the world.