ôô

# How Does Encryption Work?

Tech Talker digs into the world of encryption, expaining what exactly is it - and how it works to keep your data safe.

By
Eric Escobar
Episode #172

Hey, everyone! in last week’s episode, I talked about how to take your data with you on the go, and to keep it secure. As I mentioned then, one of the best ways to keep your data secure is to encrypt it.

I got a ton of emails asking how exactly encryption keeps data safe. So in this week’s episode, I’m going to dig into the world of encryption. Don’t worry, because I’m going to make it easy!.

## The Basics

Let’s take a look at how at base encryption works. Basically, you are taking something that makes sense to people- such as a sentence - and manipulating it in such a way that only you know how to reverse what you did with it.

For example, say you had a secret message. You could substitute every letter for the next one in the alphabet. So every "A" would become a "B," and "B" would be a "C," and so on for every letter. The word ‘cat’ would then be ‘dbu.’ Everyone knows what a cat is, but it may not be obvious what "dbu" means - unless you know the trick to convert is back to "cat."

So at the base of it, that’s all encryption is. You’re taking something that is known, such as the word "cat," and transforming it into a ciphertext, which is just the fancy word for the encrypted form of the word or data.

Now, the substitution I made is a pretty easy one to break; it may take a person a little bit to figure out,s a lot of work to crack a password.

Without going to deep into the world of the math behind cryptography (trust me, there is a ton of high level abstract math that goes into the subject.), cryptography requires a lot of randomness to make guessing harder to do. Let's look at my earlier example of the word "cat."

If I wrote an entire letter using that type of encryption, it would most likely include a few 1 letter words, such as ‘I’ and ‘a." With a few guesses, a code buster could probably begin substituting ‘I’ and ‘a’ into the letter, and start to crack the formula pretty quickly. This is because the pattern used to scramble the letter isn’t very random.

## Symmetric Encryption

Symmetric Cryptography is where the message you’re encrypting is secured with a passphrase. This passphrase is used by both the sender of the message and the receiver.

There are primarily two different ways cryptography is used with computers: symmetric encryption and asymmetric encryption. It may sound complicated, but don’t worry - it’s really not!

Symmetric Cryptography is where the message you’re encrypting is secured with a passphrase. This passphrase is used by both the sender of the message and the receiver.

It’s one of the easier methods, because there’s an agreed upon password. However, there is one flaw with symmetric cryptography - and that is when  you’re trying to send a message to someone who doesn't know what the password is!

An example of symmetric cryptography is where you might encrypt a file on your hard drive. You would use the same password to encrypt it as you would use to decrypt the file. There’s only one password or key.

But say you were going to send your friend an encrypted message, but they don't know what the password is. How would you send them the password so that they could decode your message?

If someone saw you send the password before the message, then they would know the secret to decoding the message - which would defeat the purpose of encrypting the message in the first place!

## Asymmetric Encryption

Another way to think of a password is to think of them in terms of keys - like a key used to unlock a door. That’s where asymmetric encryption comes in. This is also the same thing as public/private key encryption, if you’ve ever heard that term before.

What happens in this type of encryption is that one key (or password) is used to encrypt data, but a different password is used to decrypt the password. This means you can have one key that everyone can know. This key is used to encrypt data, but when data is encrypted using this key, it can only be decrypted using a private key.

This would be the equivalent to sending someone a box with a lock: when they receive the box, they can put whatever they want in it, and then lock it. However, once the box is locked, only you can unlock it with your key. Now I just glossed over a few years of graduate level math, but that’s essentially how a large portion of the internet operates with this public private key system.

This has the name "public private key cryptography" because everyone can use your public key to lock or encrypt their data. But from there, only you can unlock that data with your private key. What’s great about this is that you can securely communicate with someone without them needing to know your password.

If you’ve ever used a secure website protected with SSL (Secure Socket Layer), then you’ve used this type of cryptography without ever knowing it. When you visit websites such as Gmail, Facebook, Instagram, and Twitter, your computer and the website use this method of exchanging keys back and forth without you ever realizing it, to keep you data safe from snooping!

## Breaking the Code

Okay, well that may be all well and good, but how the heck is encryption broken then? Well the first way is if the website’s private key is found. This could be done by carelessness, a computer vulnerability, or just some other way a private password is found.

The second and much harder way to break encryption is to find weaknesses in how a computer encrypts the data. There are many different ciphers that a computer can choose from to encrypt data. Some of these ciphers are decades old, and there have been issues found in some of them.

If a website uses an old cipher with some known holes, it can be like finding an ‘I’ or an ‘a’ in a letter- it’s a point where the computer says "Hey, I think I know how this message was encrypted!" (Again, it's way more complicated than that, but you get the idea). Web browsers take care of this exchange of information and keys without you having to get involved, which is extremely handy.

Well, that’s it for today! Be sure to check out all my earlier episodes at quickanddirtytips.com/tech-talker. And if you have further questions about this podcast or want to make a suggestion for a future episode, post them on http://Facebook.com/QDTtechtalker.

Until next time, I’m the Tech Talker, keeping technology simple!

Image of secure data courtesy of Shutterstock.