Applied Cryptography Intermediate

Hashing is one-way (SHA-256, bcrypt) — used for integrity and password storage. Encryption is reversible with a key — used for confidentiality. Never "encrypt" a password when you should hash it.

Symmetric crypto (AES) uses one shared secret — fast, but key distribution is hard. Asymmetric crypto (RSA, ECC) uses a public/private key pair — solves key exchange and enables signatures. In practice systems combine both: asymmetric to exchange a symmetric session key.

TLS secures data in transit using a handshake that authenticates the server (via certificates) and negotiates session keys. Digital signatures prove authenticity and integrity: the sender signs a hash with their private key; anyone can verify with the public key.

• Never invent your own algorithm — use vetted libraries.
• Use authenticated encryption (AES-GCM) so tampering is detected.
• Generate keys and IVs from a CSPRNG.
• Rotate keys and protect them (KMS/HSM).
• Prefer modern algorithms; retire MD5/SHA-1/DES.