// knowledge base

Learning Hub

Understand the security concepts powering this platform.

🔐 Password Strength & Entropy

The password strength checker analyses the security of a password by measuring its entropy — a measure of unpredictability expressed in bits. Higher entropy means an attacker needs to try exponentially more guesses.

The formula used is:

entropy = length × log₂(pool_size)

Where pool_size is the number of possible characters at each position (26 lowercase, 26 uppercase, 10 digits, 32 symbols).

  • Under 36 bits — easily brute-forced in seconds
  • 60–80 bits — reasonable for most online accounts
  • Over 80 bits — very strong; resistant to offline attacks

⚡ Cryptographic Password Generation

Passwords generated here use window.crypto.getRandomValues() — the browser's CSPRNG (cryptographically secure pseudo-random number generator). This is the same entropy source used in TLS key generation.

Key properties:

  • Unpredictable — cannot be guessed from prior outputs
  • Uniform distribution — all characters equally likely
  • No Math.random() which is NOT cryptographically secure

🛡️ AES-256-GCM Encryption

The encryption tool uses AES-GCM (Advanced Encryption Standard — Galois/Counter Mode), a modern symmetric cipher that provides both confidentiality and authenticity.

  • Symmetric — same key encrypts and decrypts
  • 256-bit key — 2²⁵⁶ possible keys
  • GCM mode — includes an authentication tag that detects tampering
  • IV/nonce — a fresh 96-bit random value per encryption prevents ciphertext reuse

This is the cipher used in HTTPS (TLS 1.3), Signal, and WhatsApp.

🌐 Client-Side vs Server-Side Encryption

All operations on this platform run entirely in your browser using the Web Crypto API. No data is sent to any server. This has important implications:

  • Privacy — plaintext never leaves your device
  • Trust — you can inspect the source code
  • Limitation — the demo key is embedded in the page (educational only)

In production, keys should be derived from user passwords (PBKDF2/Argon2) or managed by a server-side KMS — never hardcoded.

🌐 IP Subnetting & CIDR

Subnetting divides a large IP network into smaller sub-networks. Understanding subnetting is essential for network administration, security segmentation, and exam preparation (CCNA, CompTIA Network+).

The CIDR prefix (e.g. /24) tells you how many bits are used for the network portion. The remaining bits are for hosts:

  • /24 → 256 addresses, 254 usable hosts
  • /25 → 128 addresses, 126 usable hosts
  • /30 → 4 addresses, 2 usable hosts (point-to-point links)

Network address = IP AND mask. Broadcast = network OR inverse mask.

🔢 Number Systems & Base Conversion

Computers work natively in binary (base 2). Hexadecimal (base 16) is a compact way to represent binary values — each hex digit maps to exactly 4 bits.

  • Binary (base 2) — digits 0 and 1. Used in CPU instructions, memory, networking
  • Octal (base 8) — digits 0–7. Used in Unix file permissions
  • Decimal (base 10) — digits 0–9. Human-readable numbers
  • Hex (base 16) — digits 0–9 + A–F. MAC addresses, colour codes, memory dumps

In cybersecurity and digital forensics, fluency in hex is essential for reading memory dumps, shellcode, and packet captures.