Thanks for joining me this week on Bits N’ Bytes! This week, we’re covering how data is encrypted and able to travel through the open Internet safely. It is true that we all put in our credit card information, passwords, and private credentials into websites that provide us a service in return. But how does it travel safely? Can every router in transmission see during the transmission? How about a determined hacker?
Well, all thanks to Public and Private Key Encryption, we are able to send sensitive information over the insecure networks of the Internet. Public and Private Key Encryption or Asymmetric Encryption means that both there are different keys to encrypt than there are to decrypt the message. Each user has a private key, which nobody can see, and a public key- which everyone is free to see! (The algorithm you use). How does this work?
Let me break it down by using an analogy with Emma, Jilly, and Jack– all with a jar of scrambled words.
- Firstly, if Emma wants to send a message and communicate with Jack, Jack will have to begin the conversation by grabbing a cookie jar, filling it with his favorite words: ladybug, chair, socks, science, snowman, butterfly, kindergarten. These words inside the jar are Jack’s private key
- As these words inside the jar get sent trough the network, nobody on the outside can comprehend what is inside the jar. They can see the jar itself, which is “his way of encryption.” They KNOW that he put words in a jar. Because of this, the jar is the public key that everyone knows, including Jilly, who is trying to spy on the conversation. Jilly sees the jar FILLED to the top with words, but cannot figure out all the words he put in, as they are garbled, and she would have to use brute force, try every possibility. This makes the private key secure.
- Emma gets the jar! Yay! Now, she can send her message to Jack. Emma sees that the jar is filled with random words, but doesn’t care what these words are, and cannot make any sense out of it anyways. She adds her message to the jar which reads, “Free pizza in the cafeteria!” and sends it back. Emma does not user any private key (her own set of words) here but makes use of the public key (the jar filled with the random words).
- Again, Jilly can’t know what was added (Emma’s encrypted message), and what was originally in there (Jack’s private key), as it all looks garbled. Think of the jelly bean guessing game where you can only look, but you would have to try many, many possibilities to get the number of beans inside.
- The jar is sent back to Jack and Jack, seeing that the jar now has his words (ladybug, chair, socks, science, snowman, butterfly, kindergarten). Jack knows his private key by heart and can use this knowledge to recognize what has been added by Emma. He opens it up and sees that “Free pizza in the cafeteria!” has been added. He knows this is not part of his private key, so this is definitely the encrypted message. Jack, an eager beaver hungry for lunch, rushes down to grab a slice while Jilly is unaware of this happening (mission accomplished!)
On the internet, every computer has a private key it doesn’t share, even with the computer it is communicating with. The computer that wants to send a message utilizes the public key of the other party, as Emma did with Jack’s public key (the jar). However, Emma doesn’t know the words inside, nor does it matter to her. If a two-way conversation is desired and Jack wants to respond to Emma saying “Awesome! I’m heading down!”- Emma would have to send her jar down to Jack.
What does this mean?
- The basic way we communicate every time we type in a password or anything on a website.
- If a site has the HTTPS lock in the URL box, this means that this extra layer of communication is added.
- Imagine sending your credit card and Jilly could easily see this as it is not even in a jar and is simply laid out for her. This is how sites without SSL communicate. For sensitive information, always look for the lock before communicating, to make sure the communication is private.
- This makes it all the more important to make your passwords more extensive and hard for Jilly to figure out. If Emma had just said “P” or Jack’s private key took up less than 1/2 of the jar, this would significantly decrease the number of possibilities Jilly would have to try to get the message or Jack’s public key.
Wow! You’ve just learned a really confusing concept surrounding how computer communicate in a safe highway (and try to!) through the unsafe and open Internet! There is a lot of math involving the modulo operator with the public and private key encryption, but these basic key concepts should lay out what happens behind the scenes when you type in your credentials.
As always, thanks for reading! Stay safe and follow the HTTPS rule!