MetaLearn: Public Key Encryption
Send a friend an open padlock, but keep the key.
Open locks can be shut closed without a key. Once your friend locks something with your padlock, only you will be able to open it. Put the padlock on a box, and you have a secure container you can send around.
Only digital encryption is magnitudes more secure1 than physical padlocks, which have stayed breakable for the last 160 years.
Send a friend your public key, but keep the private key.
You can encrypt messages using just the public key. Once your friend encrypts something with your public key, only you will be able to decrypt it.
It can't be that hard to explain public key encryption, but some reason media always overcomplicates public key encryption with confusing diagrams, animations, emoji, Alice, Eve, and Bob.
Note: Public key encryption is also called asymetric encryption (as opposed to symetric). RSA is a popular asymetric encryption algorithm. The 3 are often used interchangably.
Note: If you want to learn about technicalities of RSA and Cryptography, check Khan Academy Cryptography and Computerphile. (Shame on me for not knowing better resources)
Since I am at it, let's run through a bunch more information:
Quantum computers could break RSA if they worked, but right now none are good enough. Besides, Quantum proof encryption is being adapted, so we will be fine.
Humans are the weakest link in computer security. You are more likely to be hacked through social engineering or by using weak passwords than through someone cracking an encryption algorithm.
The perfect encryption algorithms shouldn't give out anything even if the hacker knows both the message and its encrypted version. Your "Ok" messages all look the same even when encrypted, so computers add eg. the current time to make them different.
Most obsolete algorithms were phased out after some new math trick significantly sped up brute forcing (or because computers became much faster.)
Most cryptographic standards have different bit length options: 256, 512, 1024, 2048, 4096. As computers become faster, cryptographers simply stop using shorter length options.
Apps with bad random number generators create the same keys over and over again.
Cryptographic signing happens when you decrypt a message that isn't encrypted:
Encrypted message -> raw message -> signed message
. You can then check the signature by encrypting the signature with the public key.AES (Advanced Encryption Standard) symmetric encryption can only be brute forced, and is one of the more reassuring encryption standards out there. Computerphile
When an app says your data is encrypted, it is often them who have the keys.
Raw public key encryption doesn't protect against Man-In-the-Middle (MITM) (a mailman swapping the open padlocks you send, and locks on each messages ever since).
The only defense against MITM is to exchange keys physically in person. Manufacturers do it for you by pre-installing their own (as well as Google's, Microsoft's, and other certificate authorities') keys (after getting them in person) into your computer, whom you then trust to not do MITM out of malice, or by accidentally allowing someone else to do it.
- very qualified cryptography expert
Footnotes
Cryptographic strength is often presented as the amount of time needed to crack, but those estimates are algorithm and method specific. If you check forums or dig through research papers, you won't find clear answers. I can only say that the (most) developers use encryption algorithms that will take at least thousands of years to crack.↩