Your Digital Life and Cryptography
Connect everyday tools (2FA, VPNs, password managers, HTTPS) to the cryptographic techniques behind them.
Two-Factor Authentication and TOTP
Time-based One-Time Passwords (TOTP), used in apps like Google Authenticator, are generated using HMAC-SHA1 applied to the current timestamp and a shared secret.
The server and your phone independently compute the same code because they share the secret and both know the current time. An attacker who intercepts one code cannot reuse it because it expires after 30 seconds.
Password Managers and AES-256
Password managers like 1Password and Bitwarden store your passwords in a vault encrypted with AES-256, the same cipher used by governments and militaries worldwide.
Your master password is never stored anywhere. Instead, it is used to derive the encryption key through a key derivation function like PBKDF2 or Argon2. Without the master password, the vault is computationally infeasible to brute force.
All lessons in this course
- Encryption in Messaging Apps
- How Banks Protect Your Transactions
- The Internet Without Cryptography
- Your Digital Life and Cryptography