Every time you load a website, send a message, or log in to anything, cryptography is doing the heavy lifting behind the curtain. You don’t see it. You don’t think about it. But the moment it breaks, everything breaks. Cryptography isn’t a feature — it’s the foundation. The math underneath the trust. And if you’re going to be switched on about security, you need to understand what’s actually happening when your browser shows that little padlock.

The TLDR

Cryptography is how machines prove identity, protect secrets, and verify that nothing was tampered with in transit. It comes in three flavors: symmetric (one shared key, fast, used for bulk data), asymmetric (public/private key pairs, used for key exchange and signatures), and hashing (one-way functions that verify integrity). Every secure protocol you rely on — TLS, SSH, Signal, your password manager’s vault — is built on these primitives. When crypto fails, it’s rarely because the math was wrong. It’s because someone implemented it badly, used a deprecated algorithm, or lost control of their keys.

The Reality

You use cryptography hundreds of times a day without knowing it. Every HTTPS connection. Every time your password manager unlocks. Every iMessage, every Signal thread, every VPN tunnel. The padlock in your browser bar is the visible tip of an enormous mathematical iceberg.

And here’s the thing: cryptography is one of the few areas in security where the math actually works. The algorithms themselves are sound. AES-256 hasn’t been broken. Curve25519 hasn’t been broken. The failures are almost always human. Bad implementations. Weak key generation. Someone hardcoding a secret into source code and pushing it to a public repo.

The Heartbleed vulnerability (CVE-2014-0160) didn’t break TLS. It exploited a buffer over-read in OpenSSL that leaked private keys from server memory. The crypto was fine. The C code around it wasn’t. That’s the pattern. Every. Single. Time.

How It Works

Symmetric Encryption — One Key to Rule Them All

Symmetric encryption is the workhorse. One key encrypts the data. The same key decrypts it. Fast, efficient, and used for the bulk of data encryption you encounter daily.

AES-256 (Advanced Encryption Standard, 256-bit key) is the gold standard, recommended by NIST and used by everything from your password manager to classified government communications. ChaCha20-Poly1305 is the modern alternative — faster on devices without hardware AES acceleration, used by WireGuard and increasingly by TLS implementations.

The problem with symmetric crypto is the key exchange problem: how do two parties agree on a shared secret without someone in the middle grabbing it? You can’t just send the key over the wire. That’s where asymmetric crypto comes in.

Asymmetric Encryption — The Key Pair Dance

Asymmetric encryption uses two mathematically linked keys: a public key (share it with the world) and a private key (guard it with your life). What one encrypts, only the other can decrypt.

RSA was the original: factor two enormous primes. It works, but key sizes are large (2048-bit minimum, 4096-bit recommended). Elliptic Curve Cryptography (ECC) achieves equivalent security with dramatically smaller keys — a 256-bit ECC key provides roughly the same security as a 3072-bit RSA key. That’s why modern systems lean heavily on curves like P-256 and Curve25519.

Asymmetric encryption is slow compared to symmetric. So in practice, you almost never encrypt bulk data with it. Instead, it’s used to solve the key exchange problem and to create digital signatures. TLS uses asymmetric crypto to negotiate a shared symmetric key, then switches to AES or ChaCha20 for the actual data. Best of both worlds.

Hashing — One-Way Streets

A hash function takes arbitrary input and produces a fixed-size output. It’s a one-way function: you can’t reverse it to get the original data. Change one bit of input, and the output changes completely.

SHA-256 is the current standard for integrity verification — file checksums, blockchain, certificate fingerprints. But for password storage, you need something deliberately slow: bcrypt, scrypt, or Argon2. These are designed to be computationally expensive, so brute-forcing a hashed password takes years instead of seconds. OWASP’s Password Storage Cheat Sheet recommends Argon2id as the first choice.

If someone tells you they store passwords with MD5 or plain SHA-256, run. Those are fast hashes — perfect for checksums, catastrophic for passwords.

Digital Signatures — Proof of Identity and Integrity

A digital signature combines hashing and asymmetric encryption. You hash the message, then encrypt the hash with your private key. Anyone with your public key can decrypt the hash and verify it matches the message. This gives you three things:

Every TLS certificate, every software package you install, every code commit on GitHub — signed. Digital signatures are how the machine proves it hasn’t been tampered with.

Key Exchange — How Strangers Share Secrets

Diffie-Hellman key exchange lets two parties who’ve never met agree on a shared secret over an insecure channel. Neither party ever transmits the actual key. The modern version, ECDHE (Elliptic Curve Diffie-Hellman Ephemeral), generates a new key pair for every session — so even if a long-term key is compromised later, past sessions remain encrypted. That’s called perfect forward secrecy, and it’s why the “E” for ephemeral matters.

NIST SP 800-175B lays out the full guideline for cryptographic standards in federal systems, but the principles apply everywhere.

How It Gets Exploited

The math doesn’t break. People break.

Deprecated Algorithms Still in Production

MD5 was broken for collision resistance in 2004. SHA-1 was formally deprecated by NIST in 2011. DES uses a 56-bit key — crackable in hours. And yet all three still show up in production systems. Legacy software, embedded devices, and “it still works” inertia keep weak crypto alive long past its expiration date. MITRE ATT&CK T1600.001 documents the deliberate weakening of cryptography as an attack technique.

Poor Key Management

The algorithm is only as strong as the key protecting it. Hardcoded secrets in source code, keys stored alongside the encrypted data, keys that never rotate — these are the failures that actually compromise systems. The 2023 Microsoft signing key breach let threat actors forge authentication tokens for Outlook and other services. The key was fine. The management of that key was a disaster.

Implementation Bugs

Heartbleed. POODLE. ROBOT. DROWN. These weren’t attacks on cryptographic algorithms — they were attacks on the software implementing them. OpenSSL, the library that secures a huge percentage of the internet, has had enough CVEs to fill a book. The NIST NVD lists them all if you want to lose sleep.

The Quantum Threat

Shor’s algorithm, run on a sufficiently powerful quantum computer, could break RSA and ECC. We’re not there yet, but the timeline is measured in years, not decades. NIST’s post-quantum cryptography standards finalized ML-KEM (Kyber) and ML-DSA (Dilithium) in 2024. The harvest-now-decrypt-later threat is real: adversaries are collecting encrypted data today to decrypt once quantum capability arrives. If your data needs to stay secret for 10+ years, this is already your problem.

What You Can Do

Algorithm selection matters. Use AES-256 or ChaCha20-Poly1305 for symmetric encryption. Use ECC (Curve25519 or P-256) over RSA where possible. Use Argon2id for password hashing. If you’re configuring a system and it offers a choice, pick the modern option. Every time.

Key length is non-negotiable. RSA keys under 2048 bits are deprecated. ECC keys should be 256 bits minimum. For symmetric keys, 128-bit is the floor, 256-bit is preferred. NIST SP 800-57 has the full key management recommendations.

Rotate keys. TLS certificates expire for a reason. SSH keys should be rotated. API keys should be rotated. If a key has been in use for years unchanged, it’s a liability.

Enable forward secrecy. Make sure your TLS configurations use ECDHE cipher suites. If a server is still offering RSA key exchange (not ECDHE_RSA — straight RSA), that’s a red flag.

Start thinking about crypto agility. The post-quantum transition is coming. Systems designed today should be built with the assumption that algorithm swaps will be necessary. If changing your encryption algorithm requires rewriting your entire stack, you have an architecture problem.

Verify signatures. When you download software, check the GPG signature or checksum. When you see a certificate warning in your browser, don’t click through it. Those warnings exist because the cryptographic chain of trust failed — and that means something.

Sources & Further Reading