Codecademy Logo

Cryptography, Authentication, & Authorization

Cryptography

Cryptography is the process of encrypting and decrypting data in order to keep that data safe when storing or transmitting it.

Encryption is a way of hiding data by converting it to an encoded format.

Decryption is a way of revealing encrypted data by decoding it from its encoded format.

Symmetric and Asymmetric Encryption

Symmetric encryption uses the same key to encrypt and decrypt data.

Asymmetric encryption uses a public key to encrypt data and a different private key to decrypt data.

Hashing

Hashing is a one-way process that takes data of any size and represents it as a unique hash value of a fixed size. No matter how large or complex your file is, hashing provides a fast, reliable way to compare files and verify their authenticity.

Hashing can be used to store sensitive data in a secure way.

Rainbow Tables

A rainbow table is a massive table of common passwords and password-hash combinations used by attackers to break into accounts. One common technique we can take to protect ourselves from rainbow table attacks is the use of salts.

An image showing that adding the salt "abc" to the end of the password "p@ssw0rd" changes the hash stored in the database. This means that an attacker who has stolen the hash won't find a match in their rainbow table and discover the user's password is "p@ssw0rd".

Salts

A salt is a secret random string that is combined with a password prior to hashing specifically to defend against the use of rainbow tables.

Rainbow tables are large lookup databases that consist of pre-computed password-hash combinations which correlate plaintext passwords with their hashes.

An image showing that adding the salt "abc" to the end of the password "p@ssw0rd" changes the hash stored in the database. This means that an attacker who has stolen the hash won't find a match in their rainbow table and discover the user's password is "p@ssw0rd".

Authentication & Authorization

Authentication is who you are. Logging in with a username and password is an example of authentication.

Authorization is what you can do. Only being allowed into non-VIP sections of the site is an example of authorization.

An image showing that Authentication is when you log in and Authorization is what you are allowed to do.

Multi-Factor Authentication (MFA)

Multi-factor authentication (MFA) is more secure than single-factor authentication.

Using more forms of authentication makes an asset more secure.

One example of MFA would be:

  • First, logging into a website with a username and password
  • Then, receiving a One-Time Passcode (OTP) that needs to input into the same website
An image showing that the user needs a password, a code sent to their phone, and that same code inputted into the website before they can gain access.

OAuth

OAuth is a secure framework that makes use of a trusted third-party for authentication.

When a service asked if you want to “Sign in with ____”, this an example of OAuth.