Skip to content

Cryptography Study Plan

This page is updated based on jassics/security-study-plan/cryptography-study-plan

This plan assumes you already have basic computer science skills (Linux basics, common Windows/macOS use, editing a file, searching the internet). Also check the Common Security Skills study plan if you haven't already.

What is cryptography? The practice and study of techniques for secure communication in the presence of adversarial behavior. Pair this plan with the site's own Cryptography guide for a practical, code-level summary.

This plan has three objectives:

  • Learn cryptography's theoretical concepts
  • Become familiar with useful cryptography tools
  • Apply that knowledge in the context of cybersecurity

ToC

  1. Theoretical Concepts - 2 weeks
  2. Applied Cryptography - 2 weeks
  3. Cryptography Tools - 2 weeks
  4. Cryptanalysis & Challenges - 2 weeks
  5. Resources

Theoretical Concepts

Duration: 2 weeks

Week 1-2: Core Concepts

  1. Symmetric vs Asymmetric Encryption - DES, AES, RSA, ECC
  2. Hashing Algorithms - MD5, SHA-1, SHA-256, SHA-3
  3. Public Key Infrastructure (PKI) - Certificates, CAs, Chain of Trust
  4. Digital Signatures - how they work and why they matter

Resources:

Applied Cryptography

Duration: 2 weeks

Week 3-4: Protocols & Implementation

  1. SSL/TLS - handshake process, versions, security
  2. SSH - secure remote access, key management
  3. Email Security - PGP, GPG, S/MIME
  4. Data at Rest vs Data in Transit

Resources:

Cryptography Tools

Duration: 2 weeks

Week 5-6: Hands-on Tools

  1. OpenSSL - generating keys, CSRs, testing connections
  2. GPG - encrypting and signing files
  3. John the Ripper / Hashcat - password cracking basics (to understand password strength, not for unauthorized use)
  4. CyberChef - the "Swiss Army Knife" for encoding/decoding/encryption

Resources:

Cryptanalysis & Challenges

Duration: 2 weeks

Week 7-8: Breaking Codes

  1. Classical Ciphers - Caesar, Vigenère (historical context)
  2. Modern Attacks - Padding Oracle, POODLE, Heartbleed (understand the underlying flaws)
  3. CTF Challenges - solve crypto challenges on dedicated platforms

Resources:

Resources

Platforms

Books

  • Serious Cryptography by Jean-Philippe Aumasson
  • Real-World Cryptography by David Wong

Interview Questions

Cryptography questions frequently show up inside broader Application Security interview questions - review that set alongside this plan.

Practice next: Application Security interview questions, and jassics/security-study-plan for the latest updates to this plan.