Without modern cryptographic techniques, the Internet as we know it would not exist. Secure communications enable virtually all online interactions. Encryption algorithms enable secure data exchange and reliable identity verification. Without these common cryptographic tools, our modern connected society could not function as it does today.
ContentsSymmetric Key Encryption AlgorithmsAsymmetric Key (Public Key) Encryption AlgorithmsSecurity in (Big) NumbersHash FunctionsSalted HashesConclusion
Asymmetric or public key encryption uses a pair of cryptographic keys. These keys are related to each other mathematically. The widely shared public key encrypts the message. The private key decrypts the message. Therefore, any sender can encrypt a message with a recipient's public key. Then they can be sure that only the intended recipient can decrypt the message because the parties share no secrets; they don't need trust.
As a practical example, consider this analogy. What if Alice wants to communicate securely with Bob, but she doesn't trust him?
To facilitate communication, Alice can duplicate the unlocked padlock and publish it widely. Anyone with the padlock can send secure communications to it. With a sufficiently complex lock, an attacker cannot derive the key from the lock alone.
To stay secure, these algorithms rely on complex padlock/mathematical problems with no known effective solution. These unsolvable problems define one-way functions:easy to compute in one direction but extremely difficult to compute backwards. RSA, a commonly used public-key algorithm, relies on the difficulty of finding prime factors of integers with hundreds of decimal digits.
To begin with, an RSA user generates two very large prime numbers. These numbers are then multiplied together to create the product. The user keeps the prime factors that make up the private key a secret. The user posts a public key derived from the master pair product. The public key encrypts messages; the private key decrypts them.
Without knowing the prime factors, finding the prime factors of the product would take infeasible time. RSA-1024, the minimum standard, uses 1024-bit binary products made from 512-bit binary primes. According to the math, it would take 5.95 × 10^211 years to factor without the key. For perspective, the universe only existed for a relatively short period of 13.75 x 10^19 years.
A hash function translates an arbitrary length message into a fixed length string called a hash or digest. Cryptographic hashes are deterministic:the same input always produces the same output. Even minor changes to the message will result in a drastically different hash. Finding two unique messages that produce the same hash value, called a hash collision, should be impossible.
Both digital signatures and password authentication use hash functions like SHA. Rather than authenticating your plain text password, login servers use the hash of the password. The server compares this hash to the hash stored on the server. Same hash, same password.
For storing passwords, companies usually add a "salt" before the hash. This randomly generated string is concatenated with the password text before hashing, ensuring that even two identical passwords produce distinct hashes. This also protects against a dictionary attack on a stolen table of hashed passwords.
Until the 1970s, encryption was based on symmetric keys. Only after proof of public key encryption could two different keys – one for encryption, the other for decryption – be used to communicate. This revolutionary change, which allows communication without trust, is what allows the Internet to exist in the form it takes today. Everything from banking and shopping to messaging and web browsing depends on it.
