For thousands of years, human beings have been using cryptography to protect the sanctity of information in transit between two points. Using cryptography, even if a message is intercepted or captured, the encrypted information cannot be deciphered and is thus useless to anyone except the possessor of the key that allows for decryption back into an intelligible format.
In computer terms, cryptography serves a similar purpose. An encrypted email, for instance, can be transmitted over the internet, passing through several nodes along the way. Each of those nodes can see that data is being transmitted, but because the information is encrypted, it cannot be read or understood.
Encryption is also used on secure websites (denoted with a URL that begins with HTTPS) like banks or shopping platforms where sensitive financial data is being transmitted. Encryption is also used for verification purposes where only an authorized individual has the key to generate a digital signature required to gain access to a service or resource or to verify agreement, authorization, or generate proof that the information has been received.
On every home computer, the passwords used for each user account are encrypted. Since the computer has to store the password somewhere on its own system, there has to be a method by which it can prevent unauthorized access to those files from someone looking through the computer’s directories. This is done by “hashing” the password with something called a “salt.”
In cryptography, a salt is a term that refers to the special algorithm that encrypts data. The encrypted data is known as a hash. On modern computers, passwords are stored as hash files, meaning they cannot be read unless you can unscramble the hash. Salt values are usually generated on the spot based using (semi) random numbers. Since a new salt is (usually) used every time, each password or file that is hashed requires a different decryption algorithm to unlock it, adding additional security. Furthermore, even if a malefactor gets access to the hashed password files, the fact that each one was encrypted using a different salt makes it much, much harder to decrypt the information.
Note: For decades, personal computers running the most common operating systems (especially Windows) stored passwords in plaintext! Even though the files were stored in a “hidden” directory, this was not a very secure way to protect unauthorized people from discovering passwords and login credentials, including for accounts with administrator level privileges. Other operating systems such as UNIX, however, have been hashing passwords since the 1970s.
Other types of commonly used cryptography on the internet include block ciphers. In a block cipher, a secret key is used to encrypt information into multiple blocks (files). The receiver must know the secret key to decrypt the information. This is sometimes known as symmetric key cryptography as both the sender and receiver use the same key to encrypt and decrypt the data. The Advanced Encryption Standard (ASE) first created in 2001 is a symmetric cipher widely used to protect sensitive information on computer networks today.
Asymmetric key encryption, on the other hand, uses two keys to encrypt and decrypt the information. This is sometimes known as public key encryption because one key is public and used to encrypt the message, but the other key is secret and used to decrypt the information. Since anyone can acquire the public key, anyone can encrypt the information in the correct way and send it to the owner of the secret key. This allows the information to be transmitted in encrypted format, but only the owner of the secret key can decode and decrypt it.
Public key or asymmetric key encryption is widely used on the internet. One of the most popular public key formats used today is known as RSA (Rivest-Shamir-Adleman Ron Rivest, Adi Shamir, and Leonard Adleman, the people who invented it), first developed in 1977. RSA was created in order to allow the British government to transmit encrypted messages to secret agents in the field without having to worry about the information being intercepted along the way. But because RSA required so much computing power (in those days), it was never used by the British government for that purpose and only became commonplace after the internet was developed.
Other technologies which rely on public key encryption include Bitcoin (which uses the Elliptic Curve Digital Signature Algorithm (ECDSA)) and the Digital Signature Algorithm (DSA) standard implemented in nearly all American government computer networks.
Digital “signatures” can also be generated by encrypting communications with a public key. The information is sent to the intended recipient who uses uses their secret key to decrypt the information and thus “sign for” or verify receipt of the information. And since the secret key only works if the encrypted message has not been altered (it would become impossible to decrypt if a single digit was changed), this method also ensures the integrity of the message.
Other types of encryption widely used around the internet include:
- Triple DES – Uses three 56-bit keys. Not very secure anymore but still used by many banks for their internal networks.
- Blowfish – A 64-bit symmetric block cipher where each block is encrypted individually.
- Twofish – The successor to Blowfish, Twofish uses 256-bit keys for symmetric encryption.
Another important use for encryption is for digital certificates to attest to the legitimacy of a website. For instance, if you visit a website like google.com, it will transmit a certificate to your browser to verify that it is indeed the website owned and operated by Google. This is especially important when you want to make sure that you’re not visiting a fake website that looks like the real one.
With certificates, the verification is provided by a third party called the certificate authority. The requesting computer (i.e. your browser) will ask the certificate authority if the website’s certificate is valid, and the authority will sign the request by encrypting it with its public key.
Note: If your browser warns you that visiting a website may pose a security risk, it’s likely that this is being caused by a faulty or missing certificate.
Today, we call the process by which plaintext is encrypted into gibberish an algorithm, but it can also be referred to as a method or type. There have been dozens of different kinds of encryption methods invented over the years, but the simplest is the substitution method. Each letter (or number) of the plaintext is substituted for a different letter (or number). For instance, the letter “A” may be written as “G”, and the letter “B” as “H,” etc. Analyzing encoded text and attempting to reverse engineer how it was encrypted is known as “cryptanalysis” or “code breaking.”
The substitution method is far too simple to provide security these days. To provide security in the modern world, complex mathematical formulas are used to create a salt value in order to encrypt the message. These formulas are known as “keys” and are usually measured in bits, as in a 128-bit key.
The longer the key, the harder it is for computers to break the code. There are several ways to try and guess the encryption key ranging from “dictionary” attacks (i.e. trying words or phrases from a dictionary) to “brute force” attacks (trying every possible combination). Today’s most advanced encryption keys are virtually impervious to code breaking, but future advances in efficiency mean that today’s “unbreakable” codes may be easily deciphered.