Although the word "encryption" has a general meaning, it does not mean that all encryption is the same. In fact, the field of cryptography is so wide and varied that it is basically impossible for outsiders to understand it.
As with physics and other smart subjects, it takes some strange genius to truly understand how it all works.
The basic premise is simple enough for most people. That includes me, and it goes something like this:
Encryption is a method of taking an easy-to-read bit of information and then encrypting it using a special mathematical recipe known as a cipher. Hence the word "decipher" came from. Something we say while trying to figure out cryptic information. Hey, the word "mysterious" has to do with cryptography too!
While there have been many types of ciphers over the millennia, there are basically only three approaches to encryption that are relevant these days when it comes to computers and the Internet. In this article, I'm going to discuss all three of these approaches, and by the end you should have a good understanding of how they work. At least in general terms.
Hash encryption
A suitable term for using this type of encryption is cryptographic hash function. It's pretty hard. So let's figure it out a bit first.
The word "cryptographic" simply means that the hash function is designed to do the work of the cipher. So we are dealing with some kind of encryption. Not a big discovery, but ok. The hash function part is what's really interesting here.
A hash function is a method of associating data with a specific unique value so that you can quickly search for information in a computerized system.
In a sense, it is useful to think of a hash function as a way to create a fingerprint for a piece of data. Whether it's a line of text, a file, a photo, or whatever.
Hashing a piece of data involves running it through a specific recipe that converts it into something known as a digest. Changing even one bit of data will lead to a completely different hash digest.
The hash digest is always the same length, no matter how long or short the original data is. Only the raw data passed through the hash will give that particular digest. The process is also one-sided. It is not possible to return the original data in reverse order. The only way to know if a particular hash digest belongs to a particular chunk of data is to run the hash function again for that chunk of data.
This also makes it a fantastic technology to check the integrity of a file to see if a given file has been tampered with. If even the smallest change is made to the data, it will no longer match the hash digest. Ok, but how does this work as a form of encryption? I'm glad you asked!
How hash functions are used for encryption
How many passwords do you use every day? Hopefully you are not using the same password for multiple services, but that probably means you have a dozen different passwords for all the different internet services you use.
Ever wondered where these passwords are stored? When you enter your password to log into the service, the server needs to check somehow if that password is correct. Obviously, they can just keep a list of passwords in a database. However, if someone breaks into the service and gets a copy of that database, everyone is in serious trouble.
The best solution at the moment is not to store a copy of the password at all! As you probably guessed, this is achieved using a cryptographic hash function. You create a password when you subscribe to anything. The password text goes through a hash function. The hash digest is saved and associated with your username. When you try to log in, the password you enter is hashed again and the two digests are compared. If they're not exactly the same, then you're out of luck. Even if a hacker gets his hands on the hashes, it is impossible to figure out which password generated them.
Secure hashing algorithms
Just as we have different ciphers that offer different ways to encrypt data, there are different ways to perform a hash function. When it comes to cryptographic hashes, the most famous algorithm is SHA, or Secure Hash Algorithm .
SHA-0 was actually withdrawn before it went into widespread use. Mainly due to the shortcomings found in it. However, SHA-1 was a standard up until 2010, originally developed by the NSA. It now also has some vulnerabilities and should no longer be used for protection in most cases.
The current standard is SHA-2, which comes in many different types. The NSA has developed all SHA-2 variants. SHA-2 algorithms are usually denoted by block length: common examples are SHA-256 and SHA-512.
There is also SHA-3, which is not developed by the NSA. It has the same block length as SHA-2. However, internally it doesn't look like it. MD5 hashes
are also worth mentioning here . This hash function was created as a cryptographic tool. Unfortunately, it's pretty easy to hack. It is still used to check files these days.
Symmetric encryption
In the history of cryptography, the usual way to "crack the code" of a cipher was to figure out how the cipher worked and then redesign it. It doesn't really matter if you know how the hash is created. You just can't go back and get the original string back.
Other types of modern encryption work in a similar way. The key used in the encryption algorithm. This gives an unambiguously encrypted output. Unlike a hash function, all the actual information is contained in an encrypted code. If you have the correct key, you can return it all over again. In the same form in which it was before encryption.
In symmetric key encryptionthere is only one key. The same key that locks the data will also unlock it. This means that you have to be very careful with who you share this key with.
What is symmetric encryption used for?
You cannot send your symmetric key over the Internet for fear of interception. This means that you need a secure way to install it on both machines that will communicate with each other.
This does not make symmetric encryption very useful for anything long distance, but it is handy if you have easy access to both machines that need to talk to each other. For example, a router and a computer.
WiFi passwords are an example of a symmetric key. The Wi-Fi signal is encrypted with it so that no one listening to it can receive any data. When you enter a Wi-Fi password on your laptop, phone or tablet, you install a copy of the key on it. Then the encrypted code coming from the Wi-Fi router makes sense.
This symmetric encryption is preferred when computing power requirements are low. It doesn't take much to decipher the information. It's quick and easy. This makes it suitable for devices that need to run on battery power or may not have spare processing power. Just change your WiFi password often!
Asymmetric encryption
So, symmetric encryption works well enough for something like Wi-Fi, but how do you fix the problem of sending your precious encryption key far away where someone can steal it?
It turns out the answer is to use not one key, but two. This is asymmetric encryption . The two keys are mathematically related. What exactly does this mean? Technically, this is much higher than my head, but in practice it means that if you encrypt data with one key, you can only decrypt it with another.
Of the two keys, one always stays with you. Doesn't go anywhere. This is your private key. The other key is publicly available to everyone. Unsurprisingly, this is called a public key.
This means that if someone encrypts a message with your public key, you are the only one who can decrypt and read it. However, there is usually only one key missing in a game. Each of the participants in the transaction uses each other's public keys to encrypt messages. The public key cannot be used to decrypt anything it creates. This solves our problem.
Also, you now need to know that the public key you are using is indeed associated with the private key. That it will reach the person to whom you want to send the data. This is why we have central certification authorities or other verification methods.
This type of encryption is also heavier in processing power, takes a little longer to decrypt, and (as you can see) is slightly more complex than the symmetric method. However, the significant security benefits of asymmetric encryption have made it ubiquitous on the Internet, wherever reputable sites do business.
Encryption makes the world go round
Wouldn't it be nice if we never had to block anything? In a perfect world where everyone else can be trusted, you won't need all these tricky tricks. The bad news is that this is not a perfect world. There are many people who want nothing more than to deceive and exploit people for their own benefit.
With these encryption technologies, we can act as if people on the Internet can be trusted. Not because everyone is honest, but because these technologies make them honest. Without this technology-based trust, we couldn't do much more than sell a pack of chewing gum online. So thank goodness for the encryption!
