[From the last episode: We reviewed what we’ve already discussed for securityRefers to whether or not IoT devices or data are protected from unauthorized viewers., and laid the groundwork for the upcoming discussion.]

EncryptionEncryption refers to encoding and decoding (or encrypting and decrypting) data so that it can't be read unless you have the right key. It's critical for good security. is all about secret codes. There’s absolutely nothing new about it; we’ve been using codes for centuries, and kids still do it all the time. Just not at the scale and sophistication of the internet. Especially when it comes to the military, codes have been critical for communicating without letting the enemy know what was up.

Why do we need encryption anyway? For our purposes, there are two main uses: to protect data at rest and data in motion. That super-secret important file full of data that you want to store? Encrypting it before storing it means that, if everything works properly, no unauthorized person can read the contents of that file. That super-secret important message you’re trying to send over the internet? Encrypting it means that, if everything works properly, no unauthorized person can read the message if they snoop it en route.

Yes, everything has to work right, which, given the energy put behind hackingThis can mean a couple things. A quick-and-dirty (but not elegant) trick to get something done is a hack. A computer security break-in is also a hack (because inelegant tricks are used to break in). It can be a noun or a verb ("he hacked my computer"). and cracking, makes this an escalating race. But, by and large, the technology works, and there are future roadmaps for making it work even better. There’s a cost, of course: encrypting and decrypting takes time. But, for the most part, it’s not enough time to bog things down. There’s a delicate balance between tightening security down and slowing your computer down.

You all know some super simple ways to create codes. For instance, replacing letters with numbers – the simplest being the place of the letter in the alphabet. OK, that gets a little messy, since the 22^nd letter might be confused for two consecutive appearances of the 2^nd letter. But those are details that aren’t hard to manage.

Codes that Actually Work

The one detail that is hard to manage is how easy such a code is to break. Much, much harder schemes have been used, some of which are paper-and-pencil exercises, others of which might use, say, templates with holesIn a material with specific places where electrons should be (like silicon), if an electron moves out of its designated spot, what’s left is called a hole. A hole effectively has a positive charge, and, as electrons move from hole to hole, it looks like the hole moves (even though, strictly speaking, it doesn’t – it just gets filled or emptied by a moving electron). cut out in strategic places that will reveal critical letters embedded in an otherwise innocuous text. Famously, during World War II, codebreaking was so effective that Navaho and other nation members were recruited to send messages in the little-known native-American languages. (Wikipedia has a whole article on the history of cryptography.)

Eventually we started mechanizing codes; again during WWII, the Enigma machine is a famous example. But it’s all gone crazy with the widespread availability of increasingly powerful portable computers. Slow, tedious manual processes have given way to fast, automated processes. It’s been a cat-and-mouse game, with the cats not far behind, forcing the mice to run even faster.

There are different types of encryption that we use today for different purposes. We find ways to make them harder and harder – until someone comes up with yet a better approach that replaces the old stuff. We’ll look at some of those different ways next week, but for now let’s simply look at how encryption is fundamentally done today.

Letters into Numbers

First of all, it’s important to realize that letters are represented as numbers inside computers. Each letter has a code. The purpose of that code isn’t for security; it’s just so that we have a way to work with letters. Inside your computer memory, the processorA computer chip that does computing work for a computer. It may do general work (like in your home computer) or it may do specialized work (like some of the processors in your smartphone). can use a “number” as a number or as a letter; it’s up to the program you’re running to know how to interpret that number. But the power of this is that you can use the number as a letter and as a number.

The codes we use for letters have changed. Some time back, the ASCII code was used. It worked well enough – for English and similar languages using simple uninflected Latin characters. Which leaves a lot of the world out. So various levels of Unicode have been devised that allow us to represent any of the characters in existence in any language – plus some historical ones that no longer exist. Count emojis in there as well.

I’m going to use ASCIIAn older way of representing characters (letters, numbers, and punctation) in computers. It could handle only characters relevant to English and languages using those characters. It has mostly been replaced by Unicode, which can represent all the world's characters. for the following example. Even though it’s kind of passé. It’s simpler for what we’re trying to do.

So, for example, let’s try to work with the famous computer phrase, “Hello world”. Each of those letters has a number. Just because it’s simpler, we’ll use the decimalThe base-10 counting system that we usually use. Digits can go from 0 to 9. version of the number (most engineers would use hexadecimal since it maps better to the 1s and 0s used inside the computer). We assign them as follows:

Multiply and Be Sleuthful

We can stackRelated to communications: A way of organizing parts of a complicated process (like communications) so that any task relies on tasks below it and feeds the tasks above it. Related to computing: A place in memory where you store “where was I?” information when you go from, say, one function into another. Before starting a new function, you store where you were in the old one so that, when the new function ends and you’re back in the old one, you can figure out where you were and continue on. all of those numbers together to turn this into one huge number. I’m going to do it in decimal, which isn’t technically correct, but it still illustrates the points – which is all I’m worried about. So the number that reflects this phrase is: 72,101,108,108,111,032,119,111,114,108,100. (Or, I suppose you could start with the last letter and go the other direction. That detail doesn’t matter for our purposes.)

So… my intent was to do some math in Microsoft Excel to illustrate encryption, except that this turns out to be too big a number for Excel to handle down to all the digits. It rounds it off, which completely screws up what I’m trying to do. So we’ll work instead with just “Hello”. As in, “You had me at Hello!”

That gives us: 72,101,108,108,111. Still no slouch of a number, but within what Excel can work with. Now, just to give an idea of what happens here, let’s say I have a secret key, and that key is the number 7. I can encrypt “Hello” by multiplying its number by that key, which yields the number 504,707,756,756,777.

Now, if I send that number to someone else, they can’t make heads or tails of it – unless they have that key. If they know the key, then they simply divide the number by the key and get “Hello” back. As you can easily tell, the trick here is to use keysA number used to encrypt (or encode) information so that no one can read it. Keys are used when encoding and decoding. You shouldn't have to mess with keys yourself. in a way that keeps them secret and hard to guess. Which is decidedly not the case for the number 7 as a key. That’s not a simple problem. We’ll look more at that next week.