Students in Information Technology need to understand security issues as they pertain to the many different technologies they study. With lack of sufficient technical background to study complex cryptographic concepts, a traditional course in Information Security tends to focus on higher level knowledge involving policies, tools, and case studies and avoids an in-depth look at the underlying technology that is used to protect modern computing systems. We present a cryptographic sandbox developed for such an introductory security course. The aim is to introduce traditionally math-intensive concepts in a simple, easy-to-understand format. The sandbox focuses on incrementally developing an encryption system based on a random sequence stream cipher that students build from the ground up. We use JavaScript as our language to develop these algorithms, requiring minimal programming background. We built a set of simple-to-follow labs that allow students to build the encryption system, apply it to security concepts and eventually attempt to crack it using a brute force approach.
