Cryptography and Encryption Cheat Sheet

Updated 2026-04-30

Next Topic: Cybersecurity Fundamentals Cheat Sheet

Cryptography is the science of securing information through mathematical transformations that render data unintelligible to unauthorized parties. It encompasses symmetric and asymmetric encryption, hashing, digital signatures, and key management—fundamental pillars of modern cybersecurity that protect data at rest, in transit, and during authentication. The distinction between encryption (reversible transformation) and hashing (one-way function) is critical: encryption provides confidentiality through decryption with the correct key, while hashing ensures integrity by producing fixed-size digests that cannot be reversed. Understanding cipher modes, key derivation, and attack vectors like timing leaks and nonce reuse is essential, as even strong algorithms become vulnerable when improperly implemented—cryptographic security depends as much on correct use as on algorithm strength.

What This Cheat Sheet Covers

This topic spans 18 focused tables and 103 indexed concepts. Below is a complete table-by-table outline of this topic, spanning foundational concepts through advanced details.

Table 1: Symmetric Encryption AlgorithmsTable 2: Asymmetric Encryption AlgorithmsTable 3: Cryptographic Hash FunctionsTable 4: Password Hashing FunctionsTable 5: Cipher Block ModesTable 6: Stream CiphersTable 7: Key Derivation FunctionsTable 8: Message Authentication CodesTable 9: Digital Signature AlgorithmsTable 10: Key Exchange ProtocolsTable 11: Authenticated EncryptionTable 12: Cryptographic AttacksTable 13: Side-Channel AttacksTable 14: PKI and CertificatesTable 15: Key ManagementTable 16: Post-Quantum CryptographyTable 17: Cryptographic PropertiesTable 18: Padding and Encoding

Table 1: Symmetric Encryption Algorithms

Symmetric ciphers use one shared key for both encryption and decryption, making them fast enough to protect bulk data—disk volumes, network streams, files. The landscape splits cleanly between what you should reach for today (AES and ChaCha20) and a long tail of legacy or also-ran algorithms kept here so you recognize them in the wild and know why DES, 3DES, and RC4 are now off-limits.

Algorithm	Example	Description
AES (Advanced Encryption Standard)	`openssl enc -aes-256-cbc -in plaintext.txt -out encrypted.bin`	• NIST-standardized block cipher with 128-bit blocks and key sizes of 128, 192, or 256 bits • 128-bit keys remain quantum-resistant per 2026 analysis
ChaCha20	`from cryptography.hazmat.primitives.ciphers import Cipher, algorithms` `cipher = Cipher(algorithms.ChaCha20(key, nonce), mode=None)`	• Modern stream cipher designed by Bernstein as Salsa20 successor • faster than AES-GCM on systems without hardware acceleration • widely used in TLS with Poly1305 MAC
3DES (Triple DES)	`openssl enc -des-ede3-cbc -in file.txt -out encrypted.bin`	• Applies DES three times with two or three keys (112 or 168-bit effective) • deprecated due to 64-bit block size vulnerability • replaced by AES in modern systems
DES (Data Encryption Standard)	`openssl enc -des-cbc -in plaintext.txt -out encrypted.bin`	• Legacy block cipher with 56-bit key and 64-bit blocks • broken by brute-force since 1998 • retained only for compatibility with old systems
Blowfish	`openssl enc -bf-cbc -in data.txt -out encrypted.bin`	• Variable key-length cipher (32–448 bits) designed by Schneier • fast but replaced by Twofish due to 64-bit block size making it vulnerable to birthday attacks

Table 1: Symmetric Encryption Algorithms

Algorithm	Example	Description
AES (Advanced Encryption Standard)	`openssl enc -aes-256-cbc -in plaintext.txt -out encrypted.bin`	• NIST-standardized block cipher with 128-bit blocks and key sizes of 128, 192, or 256 bits • 128-bit keys remain quantum-resistant per 2026 analysis
ChaCha20	`from cryptography.hazmat.primitives.ciphers import Cipher, algorithms` `cipher = Cipher(algorithms.ChaCha20(key, nonce), mode=None)`	• Modern stream cipher designed by Bernstein as Salsa20 successor • faster than AES-GCM on systems without hardware acceleration • widely used in TLS with Poly1305 MAC
3DES (Triple DES)	`openssl enc -des-ede3-cbc -in file.txt -out encrypted.bin`	• Applies DES three times with two or three keys (112 or 168-bit effective) • deprecated due to 64-bit block size vulnerability • replaced by AES in modern systems
DES (Data Encryption Standard)	`openssl enc -des-cbc -in plaintext.txt -out encrypted.bin`	• Legacy block cipher with 56-bit key and 64-bit blocks • broken by brute-force since 1998 • retained only for compatibility with old systems
Blowfish	`openssl enc -bf-cbc -in data.txt -out encrypted.bin`	• Variable key-length cipher (32–448 bits) designed by Schneier • fast but replaced by Twofish due to 64-bit block size making it vulnerable to birthday attacks