How Cryptography Works In 2020

Share this

Out of all the topics in IT Security, none are as intimidating as Cryptography or at least to me.  It is a concept that is integrated and weaved into all aspects of technology but fundamentally one of the toughest concepts to grasp.  When I reflect as to why, I surmise that it’s due to the vast amount of history and my lack of understanding the relevance of some of the defunct applications.

To begin to understand why we use Cryptography, we must first understand what it is and how it is implemented today.

What Is Cryptography?

If someone were to ask me what Cryptography is, I would simply tell them that it is encryption algorithms that are used to enforce data privacy when you are sending and receiving messages.  Oversimplification, I know but does the average person really want to know the inner workings of Cryptography? Probably not, then again, if you are finding this blog, I wouldn’t consider you the average person.

Jokes aside, cryptography is an important part of data security.  It helps us protect digital communications transmitted over a network by taking the original message and converting it into an alpha-numeric message called ciphertext.  Think of a ciphertext as a transformation of your original communication into a secret code which requires encryption keys to reveal the message (decryption).

These keys are often referred to as Public and Private Keys.  More on that later.

What Is Symmetric Key Encryption?

Cryptography is typically lumped into two categories, Symmetric and Asymmetric.  

Symmetric Key Encryption is when you use the same key, often called a public key, to encrypt and decrypt communications.  The ciphers used to protect messaging are called Stream and Block-ciphers. Here’s how it works:

Let’s say that Asuka wants to send a message to Britt by email. Without encryption, it is typically sent in clear or plaintext format.  If an unauthorized person like Chris were to intercept the email, it would be easy for him to see the contents of the message.

Symmetric Key Encryption

If Asuka were to enable Symmetric Key Encryption before sending a message, her key would modify the message into ciphertext.  When she sends the message over the internet, even if it gets intercepted by Chris, the only thing viewable is the ciphertext.  Practically useless for him. As the message reaches Chris, he can decrypt the message and review the true content.

The main advantage to Symmetric Key Encryption is that it can encrypt large volumes of data relatively quickly.  Consequently, the drawback is that if the public key is ever discovered by an unauthorized actor, data can be compromised.  It is mainly for this reason an alternative key encryption was necessary.

What Is Asymmetric Encryption?

Asymmetric Key Encryption addresses the main drawback of Symmetric Key Encryption by deploying a Public and Private Key Infrastructure.  The important thing to remember is both the Public and Private Key have their own function.  

The Public Key is used to encrypt messages whereas the Private Key is used to decrypt messages.  This added layer of security enforces privacy in the event that the public key is discovered. Another example, anyone?

Asuka wants to send her itinerary to Britt which contains sensitive information she doesn’t want to get out.  So she decides to compose her email and encrypts the message with Britt’s Public Key. When the message arrives, Britt uses her Private Key to decrypt the message.  It’s important to know that even if Chris intercepted the message and Britt’s Public Key, the message is still safe as Chris would only see the ciphertext. This is the beauty of Asymmetric Key Encryption.

Asymmetric Key Encryption Explained; Sage Knows IT. All Rights Reserved.
Asymmetric Key Encryption (Public Key Infrastructure)

Now you may be wondering, if Asymmetric Key Encryption is so great, why are we still using Symmetric Key Encryption today? Like any good technology Asymmetric Key Encryption is not without its drawbacks.  

This technology uses discrete logarithms or factorization when converting to ciphertext which means it uses a lot of computing power to get the job done.  Ideally, it is best used with a point to point connection or when sending small amounts of data through a network.

How are they used today?

Sometimes the best technologies are used together.  When you are connecting to a website in 2020, the connection is likely using Asymmetric Key Encryption.  In theory the connection between your browser and the website is encrypted preventing people like Chris from seeing what is transmitted.  From there you can use Symmetric Key Encryption to encrypt the actual data being transmitted.

Many operating systems today use a combination of both encryption technology to secure computing devices.  This is especially useful when a device has been physically compromised or stolen.

When choosing between the two think of what you are ultimately trying to accomplish.  If performance is the goal, Symmetric Encryption is likely the best route. If privacy is the goal, Asymmetric encryption is the way to go.  

Drawing on over two decades of experience in the Information Technology industry, I have acquired a diverse range of roles that have shaped my distinctive outlook. Through this journey, I have developed into an accomplished authority in risk management, catering to Fortune 500 companies and small businesses on a global scale. Over the past 12 years, my primary focus has centered on empowering small business owners and insurance professionals to comprehend the ramifications of cyber incidents and effectively mitigate the risks associated with potential data breaches. My passion for cybersecurity has inspired me to create the Sage Knows IT blog. Through this platform, I aim to help small business owners and aspiring IT professionals understand the roadmap of the IT industry based on my experiences. Information Technology and Information Security are crucial for our future, and I hope my blog will motivate those who are interested in joining this ever-evolving field.

Related Posts

Maximizing Email Security: Understanding the Importance of DKIM, SPF, and DMARC

Email is a crucial part of our daily lives, but unfortunately, it’s also a popular target for cybercriminals who use various tactics like spam, phishing, and spoofing to scam people. The FTC recently issued a warning to users of MetaMask and PayPal about phishing scams that are currently circulating through fake emails. The scam claims that the user’s cryptocurrency wallet has been blocked and encourages them to click a link and update their wallet to prevent the loss of their crypto. To protect email users from these threats, authentication protocols like DKIM, SPF, and DMARC are strongly recommended.

Top 10 Cybersecurity Job Sites

Top 10 Job Sites for Cybersecurity Professionals

As the world continues to rely heavily on technology, the demand for cybersecurity professionals continues to grow. Cybersecurity jobs offer high salaries, job security, and a wide range of career options. However, finding the right job can be challenging.

Investigating the FAA Outage: Separating Fact from Fiction

On January 11th, the Federal Aviation Administration (FAA) experienced a nationwide outage that caused widespread delays and cancellations for flights across the United States. The outage was caused by a problem with the FAA’s NOTAM (Notice To Air Mission) system.

NOTAMs are messages issued by the FAA to provide pilots with important information about flight restrictions, hazards, and other critical information. The NOTAM system is a critical component of the FAA’s air traffic control infrastructure, and the outage caused a ripple effect throughout the entire aviation system.

Creating Your Wireless Workspace in 2023

As more and more of us work remotely or from home, having a wireless workspace has become increasingly important. Not only does it allow for greater flexibility and mobility, but it can also help declutter your desk and make your work environment more efficient.

Failing Exams: How to Turn Failure into an Opportunity for Growth

One of the most valuable lessons I have learned is that failing an exam is not the end of the world. In fact, it can be a crucial step in the learning process. When we fail, it forces us to take a step back and assess what went wrong.

What Is Symmetric Encryption? [VIDEO]

Symmetric Encryption is an algorithm that uses the same secret key to both encrypt and decrypt plaintext into ciphertext….