From Confusion to Clarity, My First Deep Dive into Cryptography

What I learned from a session by my senior Pragati Raj

It Started With a Simple Question
“Do you know how HTTP works? And why HTTPS is secure?”

That was the first thing my senior asked when the session began.

At that moment, I thought I had a basic idea. But when I actually tried to answer it in my head, I realized something uncomfortable. I use the internet every day, but I do not really understand how my data stays secure.

Before going further, let me introduce myself. I am Yugesh, a second year Computer Science and Engineering student specializing in Cybersecurity at DSCE. In this blog, I am sharing what I learned from my senior Pragati Raj during a pointblank session.

The Invisible Layer of the Internet

Every day, we log into accounts, send messages, and even make payments online. All of this feels normal. We do not stop and think about what is happening behind the scenes.

But the truth is, without cryptography, none of this would be safe.

Cryptography is what protects our data when it travels across networks. It makes sure that even if someone intercepts the data, they cannot understand it.

Two Sides of Security

One thing that stood out to me was that cryptology is not just about building systems. It also includes breaking them.

Cryptography focuses on creating secure methods like encryption, hashing, and digital signatures. Cryptanalysis focuses on finding weaknesses in those methods.

The important takeaway here is simple. No system is perfectly secure. The goal is to make attacks as difficult as possible.

A Small but Important Confusion

Before this session, I used to think encoding and encryption were somewhat similar. They are not.

Encoding is just a way of changing how data is represented. For example, Base64 encoding can be reversed easily. It is not meant for security.

Encryption, on the other hand, is designed to protect data. It converts readable information into an unreadable form, and only someone with the correct key can bring it back.

This difference may sound small, but it is very important.

From Simple Tricks to Strong Security

In earlier times, people used simple techniques like shifting letters or rearranging them. These methods worked when systems were basic, but today they are easy to break.

Modern cryptography is much more advanced and mainly relies on two approaches.

One Key vs Two Keys

This method is fast and efficient, which makes it suitable for handling large amounts of data. Algorithms like AES are widely used today.

But there is one problem. How do you safely share the key with someone else?

This is where asymmetric encryption comes in.

Instead of one key, we now have two. A public key that can be shared with anyone, and a private key that must be kept secret.

If I encrypt a message using someone’s public key, only they can decrypt it using their private key. This solves the key sharing problem, but it is slower.

Why HTTPS Uses Both

This was one of the most interesting parts of the session.

Instead of choosing one method, HTTPS uses both.

It uses asymmetric encryption at the beginning to securely exchange a key. After that, it switches to symmetric encryption for faster communication.

This combination gives both security and performance.

Proving That You Are Really You

Another concept that I found interesting was digital signatures.

Here, instead of hiding data, we are proving authenticity.

The sender creates a hash of the data and encrypts it using their private key. The receiver can then verify it using the sender’s public key.

If everything matches, it proves that the data is genuine and has not been altered. It also ensures that the sender cannot deny sending it.

Why Hashing Is Everywhere?

Hashing is a one-way process that converts data into a fixed-size output.

Even a small change in the input creates a completely different output. This property is called the avalanche effect.

This is why passwords are not stored directly. Instead, their hashes are stored. When you log in, your input is hashed and compared.

To make this more secure, something called salt is added. This ensures that even if two users have the same password, their hashes will still be different.

Sharing Secrets Without Sharing Them

Another concept that caught my attention was the Diffie-Hellman key exchange.

It allows two people to create a shared secret over an open network. Even if someone is listening, they cannot figure out the final key.

This idea feels almost counterintuitive, but it is one of the foundations of secure communication.

What Really Happens When You See HTTPS ?

All these concepts come together in HTTPS.

When you open a website, your browser first verifies the server using a certificate. Then it performs a secure key exchange. After that, all communication is encrypted.

That small lock icon in the browser represents a lot of complex processes working together.

More Than Just Theory

Towards the end of the session, we also discussed core security principles like confidentiality, integrity, and availability. These form the base of any secure system.

A simple real-world example is verifying a file using a checksum. When you download something like Ubuntu, you can compare its SHA-256 hash to ensure it has not been modified.

What I Took Away From This Session ?

The session ended with a practical suggestion from Pragati Raj. He told us to start using Linux and get comfortable with the terminal.

That made sense. Cybersecurity is not something you can learn only by reading. You need to explore, test, and understand systems deeply.

Final Thoughts

Before this session, HTTPS was just a small lock icon to me.

Now I see it differently. Behind that icon, there are multiple layers of security working together, including encryption, hashing, key exchange, and certificates.

This session made me realize that cryptography is not just an advanced topic. It is something every engineer should understand.

For me, this is just the beginning.

Thanks for reading.