In cryptography, a cipher (or cypher) is an algorithm for performing encryption or decryption. There are variations of ciphers from classical simple cyphers (e.g., ceasar) to very complex modern cyphers (ie, Private Key, Public Key). In a CTF, individuals need to identify the cipher type then use tools and techniques to attempt to decode the messages.   This page will focus on a summary cryptography concepts and examples of classical ciphers. See the additional links below for more information Steganography and Modern Ciphers.

Key Concepts Summary:

  1. Cryptography – techniques for secure communication
  2. Classical Cipher – simple algorithms that can be computed by hand (pre-modern automation; low security)
  3. Modern Cipher – heavily math based, complex key management, and computer intense (high security)
  4. Other Concepts:
    • XOR – Exclusive OR
    • Hash –  one-way encryption algorithm used on a message of any length to produce a fixed length hash number (aka checksum) which is used to verify the data integrity of message.  
    • Salt – random data added to hashed data, passwords or passphrases to safeguard passwords in plain text storage.

Cipher Categories (High Level):

Substitution Cipher Examples:

substitution cipher is a method of encrypting in which units of plaintext are replaced with the ciphertext, in a defined manner, with the help of a key.

Transposition Cipher Example

Positions held by units of plaintext (which are commonly characters or groups of characters) are shifted according to a regular system, so that the ciphertext constitutes a permutation of the plaintext.

Private Key Ciphers (block and stream)

  • Block ciphers – symmetric key cipher that encrypts data in predetermined block sizes (e.g., 128, 192, or 256 bits). Cipher examples include DES, IDEA, RC5, AES, and Blowfish. Less susceptible to manipulation without detection.
  • Stream ciphers – symmetric key cipher that encrypt bits one by one. Used for their speed, simplicity of implementation in hardware, and where plaintext comes in quantities of unknowable length (e.g., secure WiFi, etc). 

Symmetric vs Public Key (Asymmetric)

  • Symmetric-key algorithms – use the same cryptographic keys for both the encryption of plaintext and the decryption of ciphertext (shared key exposure).
  • Public Key (aka asymmetric) encryption – uses pairs of keys: shared public keys and private keys (known only be the owner) that are generated by one-way mathematical formulas. Encrypt messages being sent with public key ; decrypt messages received with private key.

More info on: Modern Cryptography

Public / Private key: (see link)


Concealing a message, image, or file within another message, image, or file (see link)


  1. Youtube:    Capture the Flag Cryptography (6:33) – covers railfence, vignere, RSA
  2. PicoCTF Learning Guide: Cryptography: How to Protect Your Data (17 pages)
  3. Cryptography Lesson #1 – Block Ciphers (Youtube 4:16 mins)
  4. Cryptography Lesson #2 – Adversaries and Games (Youtube 08:00 mins)
  5. Asymmetric encryption – Simply explained ( Youtube 4:40)
  6. Decode.Fr  – Multiple Crypto Decoder