At their fundamentals, computer are just doing a lot of math. We have found a way to use that math to ensure that no one can see what we are texting, doing on the internet, or even emailing. Also, how do we know that someone hasn’t tampered with our data? All those problems can be solved with math.

Encryption

Encryption is really cool. You can take some data, and encrypt it with a key. Then, anyone else with that key can decrypt that data. Imagine that this is your data: “12345bce”. Next, imagine that this is your key: “hsienb6”. Then, if we encrypt our data with our key, we might get something that looks a little like this: “isu736;!,!7:hdidu&:&!$hfjs7&:7.777$:dn&4”. It would take longer than the remaining life of the universe to figure out what the encrypted data is, at least without the key. That’s math at its finest.

Cryptographic Hash Functions

What happens if the server storing your password was hacked? Does the hacker know the password you use for everything? Not necessarily. Cryptographic hash functions are one way streets. If you a value like this: “password123” through a cryptographic hash function, it might look something like this: “idjdkIdj773$;$7iieijd74&¥£||€”. Unintelligible, right? The only way to find out what generated that hash is to hash that same value, in this case, “password123”. That is why if you forgot your password to something, you HAVE to reset it. Because the password is stored as a hash, it is nearly impossible to recover your old password.

Digital Signatures

Digital signatures a function of the message that is being sent and the private key. The private key is literally just a bunch of random numbers. After you have your private key, you can use some special math to derive the public key. If everyone has your public key, then they can verify that the digital signature is valid, and that the message actually came from the owner of the private key.

Asymmetric Encryption

Asymmetric encryption uses public and private keys, just like digital signatures. The way asymmetric encryption works, is that you encrypt some data with the public key. Then, that data can be sent over the internet to the other side. After that, the data can be decrypted with the private key, and only the private key. This ensures that only the other party knows what you are sending.

Diffie Hellman

The problem with asymmetric encryption is that you can only encrypt so much data. This is where Diffie Hellman comes in. Both parties generate a private key and a pubic key, and then they send each other their public keys. This means that Person 1 has their private key, their public key, and Person 2’s public key, and Person 2 has their own private and public keys, and Person 1’s public key. Each person will combine their own private key, with the other person public key, and then they can arrive at the exact same piece of data. They can then use that data as a symmetric encryption key, and encrypt all of the communication that come afterwards.

What happens when you go to a website?

When you go to a website, the first thing that happens is the TCP handshake. This initializes the connection between the client and the server. After this comes the Client Hello. This is the client telling the server that it wants to encrypt the connection. Then, the server sends its certificate. The certificate is the servers public key, and it is digitally signed by a certificate authority. The public keys for all of the certificate authorities are stored on your computer, so your computer then verifies the digital signature of the certificate, so that you know a hacker isn’t trying to pretend to be the website you’re trying to visit. After that, the client generates a private and public key, and sends the public key to the server. Now, both sides have each others public keys, and their own private keys. Now, they can use Diffie Hellman to compute a shared symmetric encryption key, and then the connection is encrypted. To verify that that data hasn’t been tampered with, both sides use a cryptographic hash function to compute the hash of the data they sent and received, and then they compare that with the other computer’s hashes. After that, both computers can be sure that the connection is secure.

If you found this article interesting, please leave a tip down below, or at the very least a like.