Cryptography: encryption, algorithms, PKI and post-quantum

Cryptography is the technical foundation of IT security. This article explains symmetric and asymmetric encryption (AES, RSA, ECC), hash functions and password hashing (bcrypt, Argon2), digital signatures, PKI hierarchies, TLS 1.3 with specific Nginx configurations, post-quantum cryptography (ML-KEM, ML-DSA), BSI TR-02102 recommendations, and common implementation errors in practice.

Summary: Cryptography protects confidentiality, integrity, and authenticity: symmetric encryption (AES-256-GCM) for performance, asymmetric encryption (RSA-4096, ECC P-384) for key exchange and signatures, and hybrid methods that combine both. TLS 1.3 (mandatory, 1.0/1.1 deprecated), PKI and certificate chains, quantum threat from Shor’s algorithm → post-quantum cryptography (CRYSTALS-Kyber, CRYSTALS-Dilithium). BSI recommends: AES-256, RSA-3072+, SHA-256+.

Sources & References

[1] NIST Post-Quantum Cryptography Standardization - NIST
[2] BSI: Kryptographische Verfahren - Empfehlungen und Schlüssellängen TR-02102 - BSI
[3] RFC 8446 - TLS 1.3 - IETF
[4] OWASP Cryptographic Storage Cheat Sheet - OWASP

Questions about this topic?

Our experts advise you free of charge and without obligation.

Free Consultation

About the Author

Jan Hörnemann

Chief Operating Officer · Prokurist

E-Mail

PGP A3FD64BB96C888E2

M.Sc. Internet-Sicherheit (if(is), Westfälische Hochschule). COO und Prokurist mit Expertise in Informationssicherheitsberatung und Security Awareness. Nachwuchsprofessor für Cyber Security an der FOM Hochschule, CISO-Referent bei der isits AG und Promovend am Graduierteninstitut NRW.

11 Publikationen

Understanding Regional Filter Lists: Efficacy and Impact (2025)
Privacy from 5 PM to 6 AM: Tracking and Transparency Mechanisms in the HbbTV Ecosystem (2025)
A Platform for Physiological and Behavioral Security (2025)
Different Seas, Different Phishes - Large-Scale Analysis of Phishing Simulations Across Different Industries (2025)
Exploring the Effects of Cybersecurity Awareness and Decision-Making Under Risk (2024)
Sharing is Caring: Towards Analyzing Attack Surfaces on Shared Hosting Providers (2024)
On the Similarity of Web Measurements Under Different Experimental Setups (2023)
People, Processes, Technology - The Cybersecurity Triad (2023)
Social Media Scraper im Einsatz (2021)
Digital Risk Management (DRM) (2020)
New Work - Die Herausforderungen eines modernen ISMS (2024)

ISO 27001 Lead Auditor (PECB/TÜV) T.I.S.P. (TeleTrusT) ITIL 4 (PeopleCert) BSI IT-Grundschutz-Praktiker (DGI) Ext. ISB (TÜV) BSI CyberRisikoCheck CEH (EC-Council)

Vollständiges Profil ansehen