Let’s talk about encryption. Hashification, symmetric and asymmetric encryption
Honestly, the more time pass, the more there are developers with a massive lack of knowledge about encryption.
This is an intro article to help figure out what key thing you need to know about encryption. Here you will not find deep math and algorithmic analysis of encryption algorithms or performance comparison.
At first glance, encryption seems vast and scary, but if we skip the part about how they work under the hood, it’s pretty simple. Don’t be afraid! I will guide you through.
There are three basic approaches in encryption:
- hashification
- symmetric encryption
- asymmetric encryption
Hashification
The simplest and most commonly used.
Its core function is to take something you need to hide, such as string, and uglify it in a way humans cannot read.
Why am I saying that it is most commonly used? Well, every modern application with authorisation uses hashification to store passwords.
Hashification is one direction, which means that if you used it to hashify string, you wouldn’t be able to return hash to its standard view.
The important thing is that the exact string will produce that same hash each time.
But wait, you say, if we cannot return the hash to the standard view, how exactly will we compare passwords when the user will log in for a second time? Simple! We send the password to our back-end, hashify it and save it to our database. Next time the user sends his password again, we hashify it too, and now all we need to do is compare two passwords.
The most popular algorithm is SHA-256. The number behind refers to the bit amount.
Is it possible to decrypt the value? — No! But you can hashify all possible words and combinations and receive a list of strings because hashification always produces the same output for the same input. This list is called Rainbow tables, and this is entirely another story.
Symmetric encryption
To use this approach, you must have an encryption key for encryption and decryption. You can always decrypt the data that you’re encrypting.
Everyday use flow is to store data on your servers securely, so for example, users want to send a picture to the back-end, but the back-end should not be able to view this picture. To accomplish this, the user generates an encryption key on his device, encrypts the image and then sends it to the server. The server will not be able to read this picture. Next time the user is required to view this image, he will request the image from the server to decrypt it and use it as usual.
Popular algorithms are DES and AES. AES nowadays is prefered.
When working with AES algorithms, you need to generate an encryption key and initial vector, but this is another story.
Asymmetric encryption
In purpose it to work, you need to generate a private and public key. Even if you lost the public key, you could always generate a new one until you possess a private key. The magic here is that you can encrypt only with the public key, but to decrypt — you need the private key. And now, you will see the critical difference between asymmetric and symmetric encryption.
The typical use case is when you want to secure the exchange of information between two users in the system. In this case, the user who wish to receive data, let’s say, Mike, generate the public and private key and sends the public key to the user who will send data, let’s call him Ben. Ben encrypt it with the public key and send to Mike, then Mike decrypts this data with the private key.
Can you guess what you’re using everything day that handles asymmetric encryption? — Yes! The browser connects to the server via HTTPS protocol.
Common algorithms are:
- RSA
- DSA
- ECC
That’s it for today. See you in the next one.
Follow me for more.
