How Encryption Works

is Chris Colette. I'm an editor here at How Stuff Works, and today I have with me in the studio right here, sitting here Jonathan Strickland, one of our writers in the flesh Ye, And today we are going to talk about some encryption things, things that you might want to keep an eye on because this could be an issue of great personal significance. Yes, uh. In fact, it was an issue of great personal significance for about forty million people recently.

Um actually probably not that many. That was the That was the total number of people acted by a recent UH discovery. The federal government had a sting operation where they identified eleven international computer hackers who are accused of stealing the information of forty million people and some of

that included pen numbers, which was a that's huge news. Yeah, because the thing about it is if somebody has your debit card number, they can't do an awful lot with it unless they have your pen, your personal identification number. So for hackers to get hold of the number and the pen, then they're in business because that allowed them to create or at least there the authorities are alleging that they were able to create fake debit cards with numbers and they were allowed to get use those to

get money. Yeah, they could go to any a t M and use that and put in the pin number because the number and the pen matched. Uh. The they a t M had no way of knowing that this was uh, you know, someone impersonating an innocent victim and the guy could withdraw money. Now, whether or not this actually happened will that remains to be seen. We we haven't. We don't have all the information just yet. But um, this kind of leads into a discussion about what encryption.

Encryption is, how it works, why it works, and why it's difficult, uh to to crack it. So kind of give you an overview of encryption. That's essentially you're talking about encoding information, so that only the person or organization that receives that information will be able to decode it and get at that information. Um. And this is done with a key, So the key decodes the encrypted message.

And there are a couple of different ways you can do this right right, Um, Actually, encryption goes back centuries. You know, it's something we think about as being sort of a new thing. You mean, you hear about famous encrypt and like the the Enigma machine from Germany during World War Two is a famous way of encrypting messages used in wartime. And sure that's you know, the military has used codes and encryption, you know, for you know, as long as there have been militaries, you know, people

sending encoded messages. But when we're talking about this, basically they're there are two sides to encryption. It's generally the way it's done in electronic transmissions. Uh, there is a there are two keys. There's a private key and a public key, and basically to to get at the encrypted information, you have to have both pieces of information right right the way. Now, there is one other way you can do this besides the public private key, there's there's the

symmetric key. Encryption approach, but it's it's less secure. Uh, symmetric key encryption. What that means is that you have two keys that are exactly the same. They can both encode and decode information. It's kind of like having a decoder ring, you know, like you'd get out of a serial box. Kids still eat cereal, right, yeah? Okay, So so they basically each person has an identical codebook, right, and the person on one end is encoding it with

the codebook. And you know, you passed through a message on your friend who uses the identical codebook and can decode the message exactly. The problem with that is if anyone else grabs hold of that codebook, they can also decode the message, so it's not terribly secure. That's where the public private key comes in. Now, in this situation, you would have a private key that belongs to you, it's on your computer, that's the only place it's ever

going to be found. And then you have a separate key called a public key that you can give to whomever so that they can encode information, send it to you, and only your private key can decode that information. Um. And this this is a this is a secure, more secure way of doing things than the symmetric key, because it's designed in such a way that you can't figure out what the private key is based solely on the

public key. So you can stare at the public key all day long and you're not going to figure out what what the right process is to decode that information.

And on the flip side, if you encode something with your private key and send it out, well, because because the public key is public, because other people can get hold of it, the information in that message won't be secure, but it is verifiable that it came from you, So it becomes kind of a digital signature, right You're you're saying, well, the public key can only decode informations that came from this particular private key, so we know the information came

from him. The information itself isn't secure, but at least you know, like it's an authentication. It's it's like a digital signature. You know, you can it's absolutely verifiable that it came from this person. Um, you know what. There is one way around that though, if somewhere were able to get hold of your, say your laptop computer with your digital signature, you know, embedded in the computer, and

you weren't encrypting your log in information. If it were just on then they could sign documents, which you know is another important part of encryption. It's not just for you know, your your pin number at your bank. You've got all kinds of other things that that could uh stand to be encrypted, especially if you have, uh, you know, very private information. If you have, say, uh, your bank account information on your computer. Um, my wife keeps a

backup of our financial data on there. Well, if she were to not encrypt the log into her computer, someone could break into our house, open the computer up and see all that information because the log into the computer is wide open. Um. You know, they're they're all kinds of other things to Email is one of the most common places that you're going to see encryption. Um, you know,

where you're actually aware of it being there. Um. There are ways to add that to your email program uh, programs like Pretty Good Privacy or there are There are actually some open source encryption standards, and even Google is talking about the possibility of adding a new open source encryption standard a p I, so that other people can

incorporate that into their into their products. And I imagine and you know, they don't say that, but I'm just guessing that it's probably gonna end up in Gmail too, so that you can say encrypted messages back and forth. And you might be wondering how all this encoding happens. UM. It's generally uh accomplished through the use of a hashing algorithm to create a hash value. Now, an algorithm is a set of instructions that that machines follow to to

complete a certain task. With a hash value hashing algorithm, what what happens is that it takes an agreed upon number. For example, this is just one of many different versions of hashing, but takes an agreed upon number that both the public and private key no, and it multiplies it by a different number, and without anyone knowing what that different number is. There's you know what what you end up with is the product of those two numbers. UM. If you don't know the identity of either of the

two factors that went into making this product. UM, that's where the encryption comes in. You have to be able to say, hey, this number was arrived at by multiplying this number by this number. I'm the right person, let me see that information. UM. That kind of plays into r s A encryption, which is uh the idea that computers are really really bad at figuring out uh, the

factors of a very very very very large number. We're talking about a hundred and twenty eight bit number, so uh uh this is this is a very large figure that that you have to take into account. So the what a computer has to do is it has to go through and try and figure each of those factors, finding the largest prime numbers that that factored together to to make this uh product um and computers take can take millions and millions of years to do this with

a really really large number. Uh. In fact, the only real way of of cracking it right now, at least as far as people are theorizing, is to create a quantum computer. Yeah. Quantum computers operate on a much different level. Yeah, it's it's kind of a mysterious, magical level almost because you may know that the classic computers operate by looking at bits, so it's either a zero or it's a one, But with quantum computers it's a little bit more bizarre.

It can be both a zero and a one, or a zero or a one or anything in between, which is kind of hard to get your mind wrapped around, and quantum computers have uh the potential of being able to crack this really hard encryption. It's through the use of something called s wars algorithm UM, and it's a really really complicated, complicated process. It's it's really hard to explain in layman's terms, so we won't really get into it here because I'm not a mathematician and I'm sure

i'd stumble along the way. But it's it's because quantum computers are not actually viable right now. We can't really make a stable quantum computer of any significant size. It's something to worry about, but it's further down the road, right, So it's very unlikely that you're going to have to worry if you come up with a reasonable uh level of encryption on your computer that it's you know, nothing's going to be able to hack it easily, right, you know.

But the more complex you can make your passwords, the more involved you can you can get your encryption. If you could take it up to or even two six bit encryption, it's just going to take a computer longer to try to break the code and decrypt your messages or you know, get into your file else. So you know that that if you can take the steps necessary, you can make sure that your your private information is

more private. Of course, that doesn't really help when you're talking about someone else's network, like you know, your local mall the wireless networks that they used to to get that information. Yeah, it kind of brings us back to the story we were talking about at the beginning. So how did these guys managed to crack this encryption? Well, we don't really know right now, but the one theory is that they actually managed to get hold of the

key that unlocks this information. That they did not actually decrypt it through some sort of complex hacking system. They just managed to get hold of that special dacoder ring. Um. So if that's the case, then encryption is not nearly as badly off as as we would think Otherwise, If, however, they found a way to decrypt that themselves without the key, that's something to really really start to freak out about.

I think we all have things to think about, like say, what's the best site to buy a new leather jacket, whether to buy the three or six megapixel cameras. But thankfully we don't need to think about online fraud because for every purchase you make. Visa keeps an eye out for fraud with real time fraud monitoring and by making sure you're not liable for any unauthorized purchases. How's that for peace of mind, safe secure Visa. Yeah, the authorities in the article I read in an MSNBC said that,

you know, there really wasn't any reason to worry. It didn't appear like this is a widespread phenomenon, and then not sure that that it actually happened the way that they think that it may have happened. But if if these uh, these hackers were able to figure this out, you know, we may be moving on to a new standard in encryption in a very short time. Yeah. Nothing like nothing like impending doom to really get you get the gears running right right. Well, I guess that's about

all we have right now for encryption. But if you'd like to learn more, you can read how encryption works at how stuff works dot com and we'll talk to you again soon. Let us know what you think. Send an email to podcast at how stuff works dot com. Brought to you by the reinvented two thousand twelve camera. It's ready, are you