Encryption 101

S2E7 | A breakdown of one of today's leading tech themes.

June 11, 2024

Hi, Friends —
✰ Welcome to [our digital disco]! Today we’re diving into encryption: How it works, why it matters, and what’s in its future.
You can also check out the last newsletter here, and share your anonymous feedback here.

In the digital age, our lives are increasingly intertwined with technology. Safeguarding our information—our text messages, photos, banking transactions, and more—has never been more critical. Encryption, the process of converting information into an illegible code, stands at the forefront of our digital privacy. But what exactly is encryption, how did it evolve, and why is it crucial for you?

Let’s dive in.

☞ What exactly is encryption?

Encryption is a method used to protect data. It transforms readable information (plaintext) into a scrambled format (ciphertext) using complex algorithms and keys. Only those with the correct key can decode and read the original data. For example, if you send a text to a friend using an encrypted app (e.g., WhatsApp), the text cannot be read by a third party—the interceptor would only find indecipherable characters in its place. Think of it as locking your valuable information in a digital safe: only those with the combination can access it.

A brief history of encryption

Encryption isn’t a modern concept; it dates back to ancient civilizations. The Egyptians used basic hieroglyphs to hide messages, and the Romans developed the Caesar cipher, a technique where letters are shifted to disguise the message. During World War II, the Germans used the Enigma machine, an advanced encryption device, which was eventually deciphered by Alan Turing and his team—a pivotal moment in the war.

The digital revolution brought new challenges and innovations. In the 1970s, public key cryptography, particularly the RSA algorithm, emerged. This method uses two keys—a public key for encryption and a private key for decryption—enabling secure communication over the internet.

☞ How to spot encryption

Browsing the web:

  • Look for a small padlock icon next to the website's URL in the address bar of your browser.

  • This padlock signifies that the website is using HTTPS (Hypertext Transfer Protocol Secure), meaning your connection to the site is encrypted and secure.

  • Click on the padlock to view more about the site's security certificate, including information about the encryption used and the authenticity of the website.

Text messaging:

Spotting encryption in text messaging can be a bit more nuanced, but there are a few indicators and methods to ensure your texts are secure:

  • App indicators: Many messaging apps will display a lock icon or a message indicating that the conversation is encrypted. For instance, in WhatsApp and Signal, you should see a small lock icon or a note at the start of a chat stating that messages are end-to-end encrypted.

  • Security features: Check if the app explicitly mentions encryption features. Reputable apps highlight their use of end-to-end encryption in their settings.

  • Verification methods: Some encrypted messaging apps offer ways to verify that the encryption is working. (E.g., Signal and WhatsApp allow you to verify with your contact to ensure the encryption keys match.)

  • Reputable apps: Use well-known and reputable messaging apps that prioritize security and privacy. Apps like Signal, WhatsApp, and iMessage are known for their strong encryption practices.

☞ Why should we care?

Consider the implications if anyone could easily access your healthcare data, banking information, or identity details. Encryption prevents such breaches. Here’s why it’s essential:

  1. Privacy: Encryption ensures that your personal conversations, photos, and financial information remain private.

  2. Security: It protects online transactions, ensuring your credit card and other financial details stay safe.

  3. Integrity: Encryption guarantees that the data sent is the data received, without alterations. (E.g., so that you don’t receive a text that has been edited or is sneakily sent from someone other than its listed sender.)

  4. Trust: It helps us trust our digital services, such as e-commerce and online banking. We want these services to be reliable and secure.

The threats to encryption

Despite its importance, encryption faces significant challenges:

  1. Legislation: Some policymakers are pushing for backdoors in encryption for national security reasons, potentially weakening it & exposing us to cyber threats.

  2. Quantum computing: Emerging quantum computers are predicted to break current encryption algorithms, specifically asymmetric encryption, making them obsolete.

  3. Cyber attacks: Advanced attacks, like brute force (trying every possible key) and side-channel attacks (exploiting physical properties of the encryption process), test encryption’s resilience, and sometimes identify and exploit weaknesses in encryption algorithms or protocols.

☞ How does encryption actually work?

At its core, encryption involves two main processes: encryption and decryption. Here's a simplified breakdown of how it works:

  1. Encryption: When you send a message, the data is taken by an encryption algorithm and transformed into ciphertext using a specific key. This key acts like a complex code, which scrambles the information into an unreadable format.

  2. Decryption: When the intended recipient receives the encrypted message, their device uses a decryption key to transform the ciphertext back into readable plaintext. This key—which could be the same key, or a new key—is like the combination to the digital safe, ensuring that only authorized parties can access the original information.

There are two primary types of encryption:

  1. Symmetric Encryption: The same key is used for both encryption and decryption. It's fast and efficient, but requires both parties to securely share the key. (Securely sharing the secret key between the sender and receiver can be challenging, especially over untrusted networks.)

  2. Asymmetric Encryption: Uses a pair of keys: a public key for encryption, and a private key for decryption. This method enhances security by eliminating the need to share a key. (To reduce the risk of compromising the private key, asymmetric encryption is slower and uses more complex algorithms.)

Encryption is a fundamental tool in the digital age, protecting our privacy and security. As technology evolves, so do the challenges in secure, long-term encryption. Understanding and supporting encryption practices ensures that the digital world remains a safe and trusted space.

Snacktime

📓 Reading: Paul Graham’s How To Do Great Work, as mapped out by Jason Shen.

Listening to: Glass Animals’ newest release, A Tear In Space (Airlock).

✿ As always — any and all feedback is welcome! You can share it here.

Reply

or to participate.