**Cryptography** is the art of encoding and decoding secret messages. Cryptographic techniques have been used for thousands of years, well before the introduction of computers, and the techniques have evolved since. (e.g. See how the Caesar Cipher was used by the roman empire 2000 years ago).

More recently, with the introduction of electronics and later on computer science, it has been possible to implement more advanced encryption techniques based on complex mathematical calculations. (e.g. See Alan Turing’s work on breaking codes encrypted by the Germans using the Enigma Machine during World War 2).

#### Symmetric Encryption

At this stage, encryption techniques were based on

**symmetric encryption**algorithms. With such algorithms

**a single secret key**is needed to both

**encrypt and decrypt**a message. The secret key is possessed by both parties involved in the communication, the sender and the receiver.

The following algorithms use Symmetric Encryption: RC4, AES, DES, 3DES, QUA.

**Symmetric keys** are usually 128 or 256 bits long. The larger the key size, the harder the key is to crack. For example, a 128-bit key has around 340,000,000,000,000,000,000,000,000,000,000,000,000 encryption code possibilities. This means that a brute force attack (trying every possible key until you find the right one) is no longer a realistic approach to crack such a key.

#### Asymmetric Encryption

In today’s digital world, there has been a need to develop a different approach to encryption, called

**asymmetric encryption**. With this approach

**a pair of linked keys**is used and consists of a

**public key**, used to

**encrypt**data and a

**private key**used to

**decrypt**data. Both keys are different (but related). The public key, is available to everyone who wishes to send a message. On the other hand, the private key is kept at a secure place by the owner of the public key.

As they involve a pair of keys, asymmetric algorithms tend to be more complex to implement (and slightly slower to execute) than symmetric algorithms. The following algorithms use Asymmetric Encryption: RSA, Diffie-Hellman, ECC, El Gamal, DSA.

**Asymmetric keys** are typically 1024 or 2048 bits long which leads to 2^{1024} or 2^{2048} encryption codes. (We did not even try to write these numbers down as they would contain several hundreds digits!)

#### HTTPS and the SSL Handshake

On the internet, a lot of websites are now using the

**HTTPS protocol**. This means that the communication between the web browser and the web server is encrypted in both directions (data being uploaded, such as your credit card number when you pay online, as well as data that is downloaded: the HTML code, the images and video clips, etc. that appear on a webpage).

The HTPPS protocol uses **SSL (Secure Sockets Layer)**, a standard security technology to create an encrypted link between a server and a client.

The following steps describe the process of creating a secure connection between a web browser and a web server. It is called the **SSL handshake** and uses **both symmetric encryption and asymmetric encryption**:

To recap, the 5 steps of a **SSL handshake** are:

- Browser sends an https://www… request.
- Web Server sends a
**digital certificate**with its**asymmetric Public Key**. - Browser generates a
**symmetric session key**, encrypts it using the public key and sends it to the server. - Server decrypts the encrypted session key
**using its asymmetric private key**to get the**symmetric session key**. - Server and Browser now encrypt and decrypt all transmitted data using the
**symmetric session key**. The communication channel is secure as only the web browser and the server know the symmetric session key. The session key is only used for that session. If the browser was to connect to the same server at another time, a new session key would be created following the 5 steps of the SSL handshake.

#### Symmetric vs. Asymmetric Encryption

Check our online symmetric and asymmetric encryption tools: