Home : Topics : Security : Encryption
Introduction
Passwords
Software security
Information security
Handling secure information
Encryption
Scare stories
Summary
< Previous: Handling secure information

Encryption

Web sites use encryption to keep information secure in transit. Modern encryption works using a 'public key' scheme. If done properly, this encryption is not reasonably broken, but you need to pay careful attention to the points when unencrypted information is available.

What public key encryption achieves

Public key encryption allows you to transfer a message securely between two people who might not have previously communicated. Even if all communications between the two people are intercepted, they cannot easily be decrypted.

Conceptual overview

Imagine that you have a briefcase containing secret documents. You can send that briefcase to the recipient, but it might be intercepted. In order to protect against this, you obtain a special unbreakable padlock, which you use to secure the briefcase.

You lock the briefcase and send it to your recipient. Now, even if the briefcase is intercepted, you are safe because it cannot be opened. Unfortunately, when your recipient receives it, they cannot open it because they don't have the key to the padlock.

You could send the recipient the key as well as the briefcase... but if both are intercepted, the attacker can easily open it and obtain the documents.

Instead, your recipient also purchases an unbreakable padlock. When they receive the locked briefcase, they lock it with their padlock, so that it is now locked twice. They then send it back to you.

You receive the briefcase, unlock and remove your padlock, and send it back. It is still locked with the recipient's padlock.

Finally the recipient receives it, unlocks their padlock, and can open the case.

Note that the briefcase was always locked (from when it was sent until when the message was finally received), and you did not have to transfer the keys.

Public key encryption

Public key encryption achieves the same type of security as described, although not in exactly the same manner. The message is not actually sent back and forth three times.

Instead, both parties (the sender and recipient) have a pair of mathematical codes known as keys; a private key which must be kept secret and cannot be transferred, and a public key which can be made public.

When a message is encrypted using a combination of the sender's private key and the recipient's public key, it can only be decrypted using the recipient's private key and the sender's public key. (Some complicated maths which I'm not going to explain makes this happen, so just trust me.)

So, if the recipient sends their public key to the sender, the sender can then encrypt the message using their private key, and send it - along with the sender's public key - to the recipient. The message is secure because it cannot be decrypted without the recipient's private key which was not transferred.

Key sizes

The size of a key is measured as a number of bits. If a key is small, it may be possible to break the encryption without having access to the private key.

Some encryption on the Web uses only 40 bits. This is not secure and is easily broken. However, the more common 128-bit keys should be secure for most purposes at present (in other words, the amount of computer time it would currently take to break a 128-bit key is not worth gaining a few credit card numbers).

Encryption security issues

Fundamentally, a public-key encrypted message is not secure if the private key that is needed to decrypt the message is not secure.

For example, Web servers which provide secure connections work by storing the private key on the server (so that the server can decrypt messages). This means that the message is secure in transit, but is not secure if anybody hacks into the server.

Similarly, there is not too much point encrypting data if you are going to store the private key on the same system.

You could securely store data on a server by encrypting it so that it can only be read using a private key that is not present on the server (but is available on another system that isn't connected to the Internet). Periodically, you could transfer information from the server to your isolated machine, and then access that data using the private key stored on that machine.