Hey, don’t freak out about the name of this post Cryptography isn’t so scary. It’s all just Office 365 stuff. Basically, it’s a way to share information with people without anyone else being able to see it. Think of it like how your company talks to Microsoft using ADFS.
So, cryptography is all about sending sensitive information over networks that aren’t secure, like the internet. It works by using math to encrypt the information, it can also be used to make sure the information comes from who it says it does.
There are two main types of encryption: symmetric and asymmetric (or public).
Both use something called a “key” to encrypt and decrypt the information. The key is shared between the sender and receiver before the message is sent, only the person with the key can read the message. But, the complexity of the key also matters. Just like how a complex password is harder to guess.
Symmetric Encryption
So, with symmetric key encryption, both the sender and the receiver use the same key to encrypt and decrypt the messages. They have to agree on the key ahead of time and keep it a secret. Once they have the key, they can send each other secure messages.
But, it’s not perfect. A simple substitution algorithm can be pretty easy to crack for a computer. You can make the key longer to make it harder to crack, but then it takes longer to encrypt and decrypt the messages. And that’s a trade-off you have to make between security and speed.
But, it’s not perfect. A simple substitution algorithm can be pretty easy to crack for a computer. You can make the key longer to make it harder to crack, but then it takes longer to encrypt and decrypt the messages. And that’s a trade-off you have to make between security and speed.
Symmetric key encryption is good for bulk encryption and is faster than the other type of encryption, asymmetric encryption.
The catch is that in order to start sending secure messages with someone else, you have to send them the key first. And until the key is in place on both ends, your messages aren’t secure. If you already had a secure way to send the key, you wouldn’t need this kind of encryption in the first place. So, it’s a bit of a catch-22. It’s a brave attempt at security, but it still leaves a gap for a “what-if” scenario. I hope my bank isn’t using this method to transfer my data.
Asymmetric Encryption (Public Key encryption)
Asymmetric encryption was invented by Cryptography geniuses, Whitfield Diffie and Martin Hellman (known as Diffie-Hellman), but it was overshadowed by the RSA algorithm.
The idea behind asymmetric encryption is that you can’t just decrypt something by reversing the process you used to encrypt it. With this type of encryption, you use two keys: a public key that anyone can access and a private key that only one person has and keeps safe.
Anything that’s encrypted with the public key can only be decrypted with the private key. So, unlike symmetric encryption, there’s no need to physically exchange a secret key. And, if you can decrypt a message using the public key, you know it came from the person with the private key.
Asymmetric encryption can be used to start a secure connection and to exchange a temporary symmetric encryption key. By using both types of encryption, you can create a secure way for two people to share information. This is known as a ‘session key.’