🔏 Module 05 · Intermediate

🕵️‍♀️ Secret Code School & Digital Detectives

Ever wanted to send a message only your best friend could read? Or wondered how games keep your password safe even if hackers break in? You're in the right place! We're about to explore the amazing world of cryptography and learn how to spot digital fakes. Ready to become a code-breaker and a digital detective? Let's go! 🚀

📜

The Art of Secret Messages

For thousands of years, people have used ciphers to hide information. A cipher is just a set of rules for scrambling a message. One of the oldest and simplest is the Caesar Cipher, named after Julius Caesar himself! All he did was shift each letter of the alphabet forward by a certain number of places. If the "key" was 3, 'A' would become 'D', 'B' would become 'E', and so on. Simple, but super effective for its time!

🧪 TRY IT YOURSELF

The Secret Message Machine

Type a message below and use the slider to change the secret key. Watch how your message transforms in real-time! Can you send a coded message to a friend?

Your Message:

Coded Message:

Secret Key (Shift): 1

👨‍👩‍👧 Family Challenge: Grab some paper and create your own secret decoder wheel! It's a fun way to bring cryptography to life. Write a secret message for your family to solve at dinner tonight.

🌪️

The Magic Blender: What is Hashing?

A Caesar Cipher is fun, but a modern computer could crack it in less than a second! For real security, like protecting your passwords, we use something called hashing. Imagine a magic blender that turns any message into a unique, secret code. It's a one-way trip—you can blend, but you can't un-blend!

🍌

1. Input
You start with your password.

password123

🌪️

2. Blend!
A hashing algorithm scrambles it.

SHA-256(...)

🥤

3. Output (Hash)
You get a unique, scrambled code.

ef92b...

The same input always creates the same hash. But change one tiny thing (`password124`), and you get a completely different jumble. Most importantly, you can't un-blend it! It's a one-way street. This is how websites protect your password without ever needing to see it.

⚡ HACKER CHALLENGE

Crack the Code!

A hacker has found a password hash, but not the password! We know the password is one of the four options below. Can you use our real SHA-256 Hash Checker to find the right one and unlock a secret message?

Target Hash (first 16 characters):

0b01185311532848

Potential Passwords: dinosaur, Tr3asure!, hunter2, password123

Type a password to check its hash:

Your Calculated Hash (first 16 characters):

---

⚙️

How Real Logins Work

So, how does this "magic blender" protect your real accounts? When you create an account, the website doesn't store your password. That would be too risky! Instead, it hashes your password and stores the hash. When you log in, it hashes the password you just typed and compares the new hash to the stored one. If they match, you're in!

🎮 PLAY THE GAME

Login Simulator

See the login process in action! The system has a stored hash for the password "neverland_rules". Try to log in.

Username: Password: Stored Hash (for 'neverland_rules'):

🤖 CODE-ALONG PROJECT

Run a Real Python Password Checker

Ready to level up? Below is a real Python script that does exactly what our simulator just showed. Press the ▶️ button to run it. Then, try changing the password attempt on the last line from `"wrongpassword"` to `"neverland_rules"` and run it again. See what happens? You're running a real login checker!

🕵️‍♂️

Can You Trust Your Eyes? Becoming a Deepfake Detective

Cryptography protects our data, but what about protecting ourselves from fake videos and pictures? Welcome to the world of deepfakes—AI-generated media that can look and sound incredibly real. Learning to spot them is a new kind of digital superpower!

🔎 DETECTIVE CHECKLIST

How to Spot a Deepfake

👀 Weird Blinking: Do they blink too much, or not at all? Real people blink naturally.
👄 Awkward Lip-Sync: Does their mouth movement perfectly match their words? Sometimes it looks a little "off."
🤖 Unnatural Movement: Does the person's head or body move stiffly, like a video game character?
✨ Digital Artifacts: Look for blurry spots, strange lighting, or weird edges, especially around the face and hair.

🛡️ Real-World Security Secrets

What if two people use the same password, like `123456`? Their hashes would be identical! Hackers use "rainbow tables" — giant lists of pre-made hashes for common passwords — to crack them instantly. Pros use extra tricks to stop this:

Salting: A "salt" is a random piece of data added to your password before hashing. Now, even if two people use the same password, their hashes will be different because their salts are different. This makes rainbow tables useless!
Peppering: A "pepper" is a secret site-wide ingredient added to every hash. Unlike a salt, it's not stored in the main database. If hackers steal the database, they still don't have the pepper, making hashes much harder to crack.
Key Stretching: Instead of hashing a password once, modern systems hash it thousands of times (hashing the hash of the hash...). This makes it incredibly slow for a hacker to guess, but still fast enough for you to log in. It's like a lock that takes you 5 seconds to open, but a computer 5 years to guess!

🛡️ Safety Check: A great tool to see if your email has been part of a data breach is "Have I Been Pwned?". Ask a parent to help you use it. It's a powerful way to check your digital safety, and it's best to explore it together.

📚 Learn More

Cryptii - A fun playground for ciphers and codes, just like a digital secret decoder ring!
The OWASP Top 10 - See the biggest security risks websites face, including cryptographic failures.
Have I Been Pwned? - The tool mentioned in our "Secrets" section. Remember to use it with a parent!