Definition
The practice and study of techniques for secure communication in the presence of adversarial behavior. – Wikipedia
Relevance in CRO
Cryptographic principles are what enable safe and secure transmission of information over the internet. The “S” in HTTPS stands for “Secure” and lets you know that the website you’re looking at is encrypting any information it sends out, preventing it from being stolen and interpreted during transit. That’s why modern browsers will throw a big “this site may be unsafe” error if you try to load a site with HTTP; it means the information the site sends is plainly readable. This is especially important on any site that deals with financial transactions like banking sites or e-commerce stores. Without cryptography, those transactions wouldn’t be remotely safe. More broadly, anything with a login should be subject to cryptographic encryption.
Specifically, web servers use an encryption method known as public-key encryption. A key is a string of numbers and/or letters used for encoding and decoding data; it’s the method by which information is translated back and forth from easily readable to encrypted and secure. If someone knows the key, they can decrypt any encoded message that used that key. Public-key encryption solves this problem by instead using two keys, a public key, and a private key. The keys are different but mathematically related. Public keys are only viable for encrypting information and can be freely shared, hence the name “public”. Private keys are used for decryption and so must be securely stored and not easily accessible, hence “private”.
Ever read a story about some idiot that was storing passwords in plaintext? That means the passwords were stored in a human-readable format. If a password was “CoolPass123” then that’s what it was stored as in the database; trivially easy to read and use. Cryptography is the backbone of internet security.
Additional Reading
- What is HTTPS? – Tutorials Teacher
- What is Public-key Cryptography? – GlobalSign
- Why Are Companies Still Storing Passwords in Plain Text? – How-to-Geek
- What Happens in a TLS Handshake? – Cloudflare