Applied cryptography

[joonas-fi]

• Confidentiality (the ciphertext itself doesn't reveal anything about the plaintext)
• Non-malleability (ciphertext can't be tampered with)
• Anonymity (who sent this data, e.g. Tor)
• Modes of operation (ECB penguin)
• Dangers of reusing an IV/nonce
• Public key cryptography vs. symmetric cryptography
• Modern symmetric (chacha20poly1305) & asymmetric (curve25519) encryption algorithms
• Provably no data was removed (blockchain, certificate transparency logs)
• Prove that data existed on a certain timestamp (merkle trees)
• Steganography

Confidentiality is often not enough

.. you also probably want non-malleability.

If you've got the ciphertext and you know a record specifies admin permission flag in bit position 13, and you know it's set currently to false, you can just flip the bit whether it's currently set to 1 or 0:

   v-- here
0110001100101001
0100001100101001 <- flipped

Now you've got admin permission just by flipping a bit. The