Welcome
I write about software ideas that shape how we build reliable systems. Object-oriented programming and design patterns matter for structure and maintainability—but I am primarily interested in encryption: how data is protected at rest, in transit, and between parties who may never meet in person.
Below is a short tour of encryption families and what each is good for.
Object-oriented programming (brief)
OOP groups data and behavior into objects with inheritance, encapsulation, and polymorphism. It helps model domain concepts (users, messages, keys) so security logic stays cohesive instead of scattered across procedural scripts.
Design patterns (brief)
Patterns such as Strategy (swap cipher implementations), Factory (create key material safely), and Observer (audit log on decrypt) are tools—not goals. They matter when encryption code must evolve without breaking callers.
Encryption — my main focus
Encryption transforms readable data (plaintext) into ciphertext so only someone with the right secret or key can recover the original. Modern systems combine several kinds; choosing the wrong one weakens the whole design.
Symmetric encryption
The same secret key encrypts and decrypts. Examples: AES, ChaCha20.
- Strengths: Fast, ideal for bulk data (files, database fields, TLS record layer).
- Challenge: Key distribution—every party must receive the key securely.
- Typical use: Encrypting a laptop disk, a message payload after keys are agreed, or session data inside a VPN.
Asymmetric (public-key) encryption
Uses a key pair: a public key anyone can use to encrypt, and a private key only the owner holds to decrypt (RSA, elliptic-curve schemes such as ECDH used with ECIES-style constructions).
- Strengths: Solves distribution—you publish the public key.
- Trade-off: Slower than symmetric; often used only to encrypt a small secret (e.g. a random AES key).
- Typical use: TLS handshakes, encrypting email to a recipient, SSH host/user key exchange.
Hashing (one-way, not encryption)
Functions like SHA-256 produce a fixed-size digest. You cannot reverse it to get the password back.
- Use: Integrity checks, password storage (with salt and slow algorithms like Argon2/bcrypt), certificate fingerprints.
- Note: Hashing is not confidentiality—anyone can hash the same input and compare.
Digital signatures
Sign with a private key; verify with the public key. Proves origin and tamper-evidence, not secrecy.
- Use: Software updates, JWT signing, blockchain transactions, code commit signing.
Hybrid encryption
Real protocols combine asymmetric + symmetric: e.g. use public-key math to agree on a fresh AES key, then encrypt megabytes with AES. TLS, PGP, and Signal all follow this pattern.
Transport security (TLS / HTTPS)
TLS negotiates algorithms, authenticates the server (and sometimes the client), then encrypts HTTP traffic. Browsers show the padlock when certificate validation succeeds.
- Lesson: Encryption without authentication (knowing who you are talking to) invites person-in-the-middle attacks.
At-rest vs in-transit
| Context | Goal | Common tools |
|---|---|---|
| In transit | Protect bytes on the wire | TLS, VPNs, QUIC |
| At rest | Protect stored copies | AES disk encryption, envelope encryption in cloud KMS |
What I explore next
Key rotation, forward secrecy, post-quantum algorithm choices, and how application design (where keys live, who can decrypt audit logs) matters as much as picking AES-256.