Mastering Cryptography Basics: Your Hands-On Guide to Symmetric Encryption on TryHackMe + Video

Listen to this Post

Featured Image

Introduction:

In an era where data breaches and cyber espionage dominate headlines, understanding the fundamental principles of cryptography is no longer optional for IT professionals—it is a critical pillar of defense. Cryptography serves as the first line of defense, transforming readable data into unintelligible secrets to protect integrity and confidentiality. This article breaks down the core concepts of symmetric encryption, providing a structured pathway for learners based on the practical “Cryptography Basics” room on TryHackMe, equipping you with the commands and knowledge to implement these safeguards yourself.

Learning Objectives:

  • Understand the core difference between symmetric and asymmetric encryption and identify real-world use cases for each.
  • Execute hands-on Linux commands to generate keys, encrypt, and decrypt files using symmetric algorithms like OpenSSL.
  • Analyze the role of cryptographic hashes and encoding in data integrity verification.

You Should Know:

1. Understanding Symmetric Encryption: The Foundation

Symmetric encryption, also known as secret-key encryption, uses the same key to encrypt and decrypt data. It is the oldest and most straightforward form of encryption, prized for its speed and efficiency when handling large volumes of data. The primary challenge lies in the secure distribution of the key itself—if an attacker intercepts the key during transmission, the security is compromised.

Step‑by‑step guide: Understanding the mechanics

To visualize this, imagine you have a file named secret_notes.txt. Using symmetric encryption, you apply a password (the key) to scramble the file into ciphertext. To get the original file back, the recipient must have the exact same password.
– Algorithm Example: AES (Advanced Encryption Standard), currently the gold standard.
– Use Case: Encrypting hard drives (LUKS), securing Wi-Fi (WPA2/WPA3), and protecting large databases.

2. Hands-On with OpenSSL: Encrypting a File (Linux)

OpenSSL is a robust, full-featured open-source toolkit implementing the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a general-purpose cryptography library. It is pre-installed on most Linux distributions and is essential for any security engineer.

Step‑by‑step guide: Encrypting a file using AES-256

We will use the `aes-256-cbc` algorithm to encrypt a file. CBC (Cipher Block Chaining) mode adds a layer of security by XORing each block of plaintext with the previous ciphertext block.

1. Create a test file:

echo "This is a secret message. Meeting at 3 PM." > meeting.txt

2. Encrypt the file:

The following command will prompt you for a password.

openssl enc -aes-256-cbc -salt -in meeting.txt -out meeting.enc

`enc`: Indicates encoding/cipher command.

-salt: Adds a random salt to the key to prevent dictionary attacks (highly recommended).

`-in`: Specifies the input file.

`-out`: Specifies the encrypted output file.

3. Decrypt the file:

To verify, decrypt the file back to its original form.

openssl enc -aes-256-cbc -d -salt -in meeting.enc -out decrypted_meeting.txt

`-d`: Decryption mode.

Compare the original and decrypted files using `cat decrypted_meeting.txt` or diff meeting.txt decrypted_meeting.txt. If the passwords match, the files will be identical.

3. Base64 Encoding vs. Encryption

A common point of confusion for beginners is the difference between encoding and encryption. Encoding (like Base64) is not a security mechanism; it is a data representation method designed to ensure data remains intact without modification during transport.

Step‑by‑step guide: Encoding and decoding

Attackers often use Base64 to obfuscate payloads. As a defender, you must recognize it.

1. Encode a message:

echo "HelloWorld" | base64

Output: `SGVsbG9Xb3JsZAo=`

2. Decode the message:

echo "SGVsbG9Xb3JsZAo=" | base64 --decode

Output: `HelloWorld`

Note: Base64 is easily reversible. Never use it to protect secrets.

4. Verifying Integrity with Hashing (Linux & Windows)

Hashing is a one-way cryptographic function that produces a fixed-size string (hash) from input data. It is used to verify integrity, not to hide data. If the data changes even slightly, the hash changes dramatically (the “avalanche effect”).

Step‑by‑step guide: Generating file hashes

On Linux:

 Generate an MD5 hash of a file
md5sum meeting.txt

Generate a SHA-256 hash (more secure, recommended)
sha256sum meeting.txt

On Windows (PowerShell):

 Generate a SHA-256 hash
Get-FileHash .\meeting.txt -Algorithm SHA256

Generate an MD5 hash
Get-FileHash .\meeting.txt -Algorithm MD5

Security professionals use this to verify that a downloaded file (like an ISO or software patch) has not been tampered with by comparing the generated hash against the official hash provided by the developer.

5. Cryptography in Web Security: TLS Handshake

When you visit an HTTPS website, symmetric and asymmetric cryptography work together. The server uses asymmetric encryption (Public Key Infrastructure) to securely exchange a temporary session key. Once the client and server both have this session key, they switch to symmetric encryption (AES) for the rest of the session because it is much faster.

Step‑by‑step guide: Analyzing a website’s certificate

You can manually inspect a site’s cryptographic setup using `openssl` from your terminal.

 Connect to a website and retrieve its certificate chain
openssl s_client -connect undercode.com:443 -showcerts

This command dumps the entire SSL/TLS handshake, showing you the cipher suite negotiated (e.g., TLS_AES_256_GCM_SHA384), the certificate details, and the validity dates. This is a quick way to audit if a site is using weak or outdated protocols.

  1. Protecting Data at Rest: Windows Encrypting File System (EFS)
    Windows provides built-in encryption for files and folders via EFS (Encrypting File System), which uses symmetric encryption in conjunction with the user’s public key. This protects data from other users who might gain physical or network access to the drive.

Step‑by‑step guide: Encrypting a folder in Windows

  1. Right-click the folder you want to encrypt (e.g., C:\Users\YourName\Documents\Secrets).

2. Select Properties.

3. Click the Advanced button.

  1. Check the box “Encrypt contents to secure data”.

5. Click OK, then Apply.

  1. A dialog will appear prompting you to back up your encryption key. Always do this. If you lose your profile or password, the data will be irrecoverable without this key.
  2. The folder name will turn green, indicating it is encrypted. Any new file moved into this folder is automatically encrypted.

  3. Cracking Weak Passwords: The Importance of Key Strength
    Understanding how attackers exploit weak cryptography is vital. If a system uses a weak passphrase for its symmetric key, it is susceptible to dictionary attacks or brute-force attacks.

Step‑by‑step guide: Simulating a dictionary attack (Ethical Use Only)
Note: Only perform this on files you own or have explicit permission to test.
Assuming you have an encrypted file `backup.enc` that you suspect uses a weak password, you can use `john` (John the Ripper) or `hashcat` to test its resilience.
1. First, convert the encrypted file into a format that `john` understands.

 Using ssh2john for SSH keys, or specific tools for zip/pdf.
 For a generic openssl encrypted file, you'd need to extract the hash.
 This command extracts the hash from a keepass database, for example:
keepass2john Database.kdbx > keepass.hash

2. Run a dictionary attack:

john --wordlist=/usr/share/wordlists/rockyou.txt keepass.hash

This command attempts every password in the `rockyou.txt` wordlist against the hash. If the password is common (e.g., “password123”, “admin”), it will be cracked within seconds, highlighting the critical need for complex, high-entropy keys.

What Undercode Say:

  • Key Takeaway 1: Cryptography is a dual-use tool. While you use symmetric encryption like AES to protect data, attackers use the same principles to lock your files in ransomware attacks. Understanding the mechanics allows you to build better defenses and potentially find flaws in an attacker’s implementation.
  • Key Takeaway 2: Implementation is more dangerous than the math. The cryptographic algorithms themselves (like AES-256) are mathematically robust. The vulnerabilities almost always lie in the implementation—poor key management, hardcoded passwords, or failure to use salts.
  • Analysis: The TryHackMe “Cryptography Basics” room serves as an excellent on-ramp for demystifying these concepts. In a practical sense, a security analyst must be able to distinguish between a Base64 encoded string (easily decoded, no security) and a true cryptographic hash (one-way, secure). The hands-on use of OpenSSL bridges the gap between theory and the command-line reality of system administration. As organizations move to the cloud, these fundamentals extend to managing secrets in Kubernetes or encrypting S3 buckets on AWS, proving that mastery of basics like symmetric encryption is a career-long asset.

Prediction:

As quantum computing advances, the lifespan of current asymmetric algorithms (RSA, ECC) is finite. The cybersecurity industry is currently standardizing Post-Quantum Cryptography (PQC) . In the next 5-10 years, we will witness a massive migration of infrastructure to quantum-resistant algorithms. However, symmetric algorithms like AES are considered relatively safe against quantum attacks, provided key sizes are increased. The immediate future will focus on “crypto-agility”—the ability for systems to rapidly swap out cryptographic suites without overhauling the entire architecture.

▶️ Related Video (86% Match):

🎯Let’s Practice For Free:

IT/Security Reporter URL:

Reported By: Adham El – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow UndercodeTesting & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky