πŸŽ‰
🏰

The Castle of Secrets

An Interactive Journey Through Cryptography and Security

A grand castle (your app) sends messengers through a glowing tunnel (the internet). Each messenger carries a sealed chest (the encrypted data). The castle's security inspector β€” the ethical hacker β€” walks the tunnel, checking locks, keys, and guards.

πŸ”“ How a Key Can Be Broken

Three ways an enemy might break into the sealed chests. Click each to explore:

βš”οΈ 1. Smash the Lock (Brute Force)

An enemy army tries every key from a huge pile until one opens the chest. If the lock is small or simple, they win.

πŸ›‘οΈ Defense: Make the lock huge (long keys), so trying every key would take forever.

πŸ“œ 2. Solve the Math Puzzle (Cryptanalysis)

A rival scholar finds a secret trick to break the lock's puzzle instead of trying keys one-by-one β€” like factoring the king's special number (RSA) or solving the curve riddle (ECC).

πŸ›‘οΈ Defense: Use hard math puzzles and modern curves (ECC) so the trick is impossible with today's knowledge.

πŸ•΅οΈ 3. Steal the Key (Implementation/Human Failures)

A spy sneaks into the castle, copies the key, finds it under the doormat, or listens to guards (side-channel). Or the royal scribe uses weak randomness and writes predictable keys.

πŸ›‘οΈ Defense: Hide keys in vaults, use a trusted random source, train servants, and never leave keys lying around (HSMs, secure storage).

πŸ”¨ Which Smiths Make the Keys

Meet the master craftsmen who forge the castle's locks and keys. Click to see them work:

πŸ”‘ Symmetric Smith (One Key)

AES β€” Fast, strong iron key used for the chest itself.

πŸ”‘

πŸ—οΈ Asymmetric Smiths (Key Pairs)

RSA β€” Big prime-based seal

ECC β€” Small but mighty curved-engraved key

πŸ—οΈ
πŸ”

🀝 Key-Exchange Ritual

Diffie–Hellman / ECDHE β€” Two messengers perform a handshake ritual to create a fresh travel key for this trip.

πŸ›€οΈ The Glowing Tunnel ✨

Watch the messengers travel through the tunnel, carrying their sealed chests...

πŸ“¦
πŸ’Ό
🎁

πŸ›‘οΈ The Inspector's Visual Checklist

Ten guard stations protect the tunnel. Click each checkpoint to inspect it:

0/10 Inspected
1 Old Tunnels (TLS/SSL versions)

Burn the crumbling bridge (no SSL). Only use new bridges (TLS 1.2/1.3).

2 Cipher Suite (Locks)

Replace rusty locks with modern ones (AES-GCM, ChaCha20).

3 PFS (New Key Per Trip)

Every messenger gets a unique sealed chest key β€” if one chest is stolen, others remain safe.

4 Certificates (King's Seal)

Every chest bears the king's signed scroll; check it's genuine and not expired.

5 MITM Spies

Watch for strangers trying to stand between messenger and castle; don't let them swap messages.

6 Revocation Checks (OCSP/CRL)

If a key is broken, it's posted on the guardboard β€” guards refuse the old key.

7 Mixed Content (Open Windows)

Close every window so no one can pass an unsealed note into the tunnel.

8 Key Management (Vaults)

Store master keys in the royal vault, rotate them, and only let trusted officers touch them.

9 Library Updates (Masonry Repairs)

Patch cracked stones (update OpenSSL and libraries) so no secret passage exists.

10 Client Protections (Browser Shields)

Make townsfolk only accept sealed chests (HSTS) and sometimes pin a particular king's seal so impostors fail.

πŸŽ“ Test Your Knowledge, Young Inspector! πŸŽ“

Which attack method involves trying every possible key until finding the right one?
A) Cryptanalysis - solving the mathematical puzzle
B) Brute Force - trying every key from the pile
C) Social Engineering - tricking the guards
D) Side-channel attack - listening to the lock sounds

🎯 Final Image for Your Head

See a glowing tunnel with ten lit guard booths. Each booth tests a different part of the chest β€” lock, seal, messenger, or vault. Green lights mean safe; any red light stops the messenger and triggers fixes.

"Guard every gate, refresh every key β€” keep the castle's whispers free."