🚀 Early Adopter Price: $39/mo for lifeClaim Your Price →
Cryptography Fundamentals
Coming Soon
Expected availability announced soon

This course is in active development. Preview the scope below and create a free account to be notified the moment it goes live.

Notify me
SecurityFoundationalFreeComing Soon

Cryptography Fundamentals

The Cryptography Fundamentals course teaches the building blocks of modern cryptography — symmetric and asymmetric encryption, hash functions, digital signatures, key exchange, PKI, TLS, and key management — giving learners practical knowledge of how cryptographic primitives protect data confidentiality, integrity, and authenticity.

Who Should Take This

Entry-level developers, junior security engineers, IT staff, and technically curious learners who want to understand how cryptography works in real systems. Assumes basic familiarity with computing concepts but no prior crypto background. Learners finish able to choose appropriate primitives, recognize misuses, and reason about secure protocol design at a foundational level.

What's Included in AccelaStudy® AI

Adaptive Knowledge Graph
Practice Questions
Lesson Modules
Console Simulator Labs
Exam Tips & Strategy
13 Activity Formats

Course Outline

1Foundations and Goals
3 topics

Confidentiality, Integrity, Authenticity

  • Define confidentiality, integrity, and authenticity and identify which cryptographic primitive provides each guarantee.
  • Explain the difference between encoding, encryption, and hashing, and identify when each is appropriate.
  • Describe Kerckhoffs's principle and explain why algorithm secrecy is not a substitute for key secrecy.

Randomness and Entropy

  • Explain the difference between true randomness, cryptographically secure pseudo-randomness (CSPRNG), and ordinary PRNGs, and describe why CSPRNGs matter for keys.
  • Identify common CSPRNG sources on Linux, Windows, and in language runtimes, and recognize anti-patterns like Math.random for keys.
  • Analyze a scenario where a non-CSPRNG was used for IVs or keys and explain the resulting attack surface.

Threat Models in Cryptography

  • Define the standard cryptographic adversary models: ciphertext-only, known-plaintext, chosen-plaintext (CPA), and chosen-ciphertext (CCA).
  • Compare CPA-secure and CCA-secure schemes and explain why authenticated encryption is required for most real systems.
2Symmetric Cryptography
3 topics

Block Ciphers and AES

  • Identify AES as the dominant modern block cipher and describe its key sizes (128/192/256) and block size (128 bits).
  • Explain the high-level structure of a substitution-permutation network and how it provides confusion and diffusion.
  • Apply AES-128 vs AES-256 selection guidance based on threat model and performance constraints.

Modes of Operation

  • Identify common block cipher modes (ECB, CBC, CTR, GCM, XTS) and the primary use case of each.
  • Explain why ECB mode leaks structural information and demonstrate the visual artifact on a bitmap or repeated plaintext.
  • Compare CBC and GCM and analyze why GCM is preferred for new designs (authenticated encryption, parallelism, no padding).
  • Analyze the consequences of nonce/IV reuse in CTR and GCM modes and explain why IV reuse in GCM is catastrophic.

Stream Ciphers and ChaCha20-Poly1305

  • Describe ChaCha20-Poly1305 as a modern AEAD construction and identify scenarios where it is preferred over AES-GCM (no AES-NI, mobile).
  • Compare AES-GCM and ChaCha20-Poly1305 in terms of performance characteristics, side-channel resistance, and ecosystem support.
3Asymmetric Cryptography
3 topics

Public-Key Concepts

  • Explain public-key cryptography and describe how a public/private keypair solves the symmetric key distribution problem.
  • Identify RSA, Diffie-Hellman, and elliptic-curve schemes as the three families of asymmetric cryptography in common use.
  • Compare RSA-2048 and ECC P-256 in terms of equivalent security strength, key/signature size, and performance.

RSA

  • Describe RSA at a conceptual level: modular exponentiation with a public exponent and a private exponent derived from a factoring trapdoor.
  • Identify safe RSA primitive use: RSA-OAEP for encryption and RSA-PSS for signatures, and recognize textbook RSA as insecure.
  • Analyze RSA key size guidance over time (2048-bit minimum, 3072-bit forward-looking) and explain the relationship to NFS factoring complexity.

Elliptic Curve Cryptography

  • Identify common curves (P-256, P-384, Curve25519, Curve448) and describe their typical use cases.
  • Apply ECDSA vs Ed25519 selection guidance: prefer Ed25519 for new designs due to deterministic signatures and constant-time implementation.
  • Explain why ECDSA requires a per-signature random nonce and analyze the catastrophic failure mode of nonce reuse (key recovery).
4Hashes, MACs, and KDFs
3 topics

Cryptographic Hash Functions

  • Define the three properties of a cryptographic hash: pre-image resistance, second pre-image resistance, and collision resistance.
  • Identify SHA-256, SHA-3, and BLAKE2/3 as currently recommended hash functions, and identify MD5 and SHA-1 as broken or deprecated.
  • Apply hash function selection guidance for fingerprinting, content addressing, and as a building block in HMAC and signatures.

Message Authentication Codes

  • Define a MAC and describe how HMAC constructs a secure MAC from a hash function.
  • Compare HMAC and AES-GMAC and explain when each is preferred.
  • Analyze why MAC verification must use constant-time comparison and describe the timing attack on naive byte-by-byte comparison.

Key Derivation and Password Hashing

  • Distinguish between general-purpose KDFs (HKDF) and password hashing functions (bcrypt, scrypt, Argon2, PBKDF2).
  • Apply password hashing guidance: use Argon2id with appropriate memory/time/parallelism parameters; never store plain SHA-256 of a password.
  • Analyze a leaked credential database scenario and evaluate cracking economics under bcrypt vs Argon2 vs unsalted SHA-256.
5PKI, Signatures, and TLS
3 topics

Digital Signatures

  • Define a digital signature and describe how it provides authenticity, integrity, and non-repudiation.
  • Identify RSA-PSS, ECDSA, and Ed25519 as the three commonly used signature algorithms and describe their typical use cases.
  • Apply signature verification correctly: verify before parsing untrusted content and avoid signature stripping vulnerabilities.

X.509 and PKI

  • Describe the structure of an X.509 certificate (subject, issuer, validity, public key, extensions) and explain certificate chains of trust.
  • Apply certificate-chain verification: verify each link's signature, validity period, key usage, and revocation status to a trusted root.
  • Analyze the trade-offs between CRLs, OCSP, and OCSP stapling for revocation, and explain why short-lived certificates often replace revocation in modern deployments.

TLS 1.3

  • Identify TLS 1.3 as the current version and describe how it differs from TLS 1.2 (fewer round trips, removed weak ciphers, encrypted handshake).
  • Describe the TLS 1.3 handshake flow at a conceptual level: ClientHello, ServerHello with key share, encrypted extensions, certificate, finished.
  • Apply TLS configuration best practices: disable TLS 1.0/1.1, prefer ECDHE for forward secrecy, and use strong cipher suites.
  • Analyze a TLS misconfiguration scenario (e.g., legacy RSA key exchange or downgrade-vulnerable config) and propose hardening steps.
6Key Management and Operational Security
5 topics

Key Lifecycle

  • Describe the cryptographic key lifecycle: generation, distribution, storage, use, rotation, archival, and destruction.
  • Apply key-rotation policies appropriate to key class: short-lived session keys, periodically rotated long-term keys, and root keys with stricter handling.

HSMs and KMS Services

  • Identify HSMs (e.g., AWS CloudHSM, YubiHSM, Thales) and cloud KMS services (AWS KMS, Azure Key Vault, GCP KMS) and describe what each provides.
  • Apply envelope encryption: use a KMS to wrap data encryption keys and store only ciphertext + wrapped DEK at rest.
  • Analyze the trade-offs between cloud KMS, dedicated HSMs, and customer-managed keys (BYOK/HYOK) for high-assurance workloads.

Common Cryptographic Failures

  • Identify common crypto antipatterns: ECB usage, IV reuse, hardcoded keys, custom 'crypto', and broken random number generation.
  • Identify side-channel categories at conceptual depth: timing, power, cache, and fault injection, and identify constant-time comparison and fixed-time arithmetic as common defenses.
  • Analyze a code review scenario containing one or more crypto antipatterns and propose specific corrections grounded in modern primitives.
  • Analyze a 'rolled our own crypto' scenario and articulate three concrete reasons (review burden, side channels, primitive misuse) why custom primitives are usually wrong.

Post-Quantum Awareness

  • Describe the threat that large-scale quantum computers pose to RSA and ECC, and identify ML-KEM and ML-DSA as recently standardized post-quantum primitives.
  • Explain hybrid key exchange (classical + PQ) as the transitional approach used by major TLS deployments today.
  • Apply 'harvest-now-decrypt-later' threat reasoning to identify which long-lived secrets warrant migration to PQ-resistant protection earliest.

Cryptographic Agility

  • Define cryptographic agility as the property of a system to swap primitives without rewriting consuming code.
  • Apply agility patterns: algorithm identifiers in ciphertexts, versioned protocol negotiation, and KMS-mediated indirection.
  • Analyze a system that hard-codes AES-128-CBC throughout its codebase and propose a refactor toward agility grounded in real interfaces.

Scope

Included Topics

  • Symmetric encryption (AES, ChaCha20), block cipher modes (CBC, CTR, GCM), and stream ciphers.
  • Asymmetric encryption (RSA, ECC, ECDH), trapdoor functions, and the math intuition behind them.
  • Cryptographic hash functions (SHA-2, SHA-3, BLAKE2), HMAC, and KDFs (PBKDF2, bcrypt, Argon2, HKDF).
  • Digital signatures (RSA-PSS, ECDSA, Ed25519), certificate chains, X.509, and PKI.
  • Key exchange (Diffie-Hellman, ECDH), authenticated key agreement, and forward secrecy.
  • TLS 1.3 protocol flow, cipher suites, and common cryptographic protocol primitives.
  • Key management: generation, storage, rotation, revocation, hardware security modules (HSMs), and KMS services.
  • Common cryptographic failures: weak primitives, ECB misuse, IV reuse, side channels, and downgrade attacks.
  • Awareness of post-quantum cryptography (lattice-based primitives, hybrid schemes, NIST PQC standards).

Not Covered

  • Mathematical proofs and formal security analysis beyond intuitive explanation.
  • Cryptanalysis techniques beyond a conceptual overview.
  • Quantum cryptography hardware and protocols (QKD).
  • Implementation-level concerns of constant-time programming and side-channel hardening.

Cryptography Fundamentals is coming soon

Adaptive learning that maps your knowledge and closes your gaps.

Create Free Account to Be Notified