Ive been doin alot of research on encryption, so here it is.





So like for passwords on sites, it is encrypted so when hackers get into the site, they can't get the passes.

Hmm... isn't encryption a little more complicated than that? I dont really know about encryption because I can use readymade certificates from VeriSign etc., but how does encryption work?

Let's take two computer for example (Computer X and Computer Y). Now, I want to send a 'secret' message from X to Y. So, I'll use a 'secret key' to encrypt the file that I'm sending. So I send an encrypted message that Y can't understand without the key. Now, how will I send the key to Y without exposing the secret key to hackers who can then take both pieces of information (secret key and encrypted message) and put it together to reveal the secret? Because, If I send the key via the internet, it is exposed to the same danger as the encrypted message is!

Hope you understand what I'm asking !


NOTE that it would be considered plagiarism to post material from other sites directly onto these forums without placing them in quotes!

Please place the definition of encryption in quotes like these:


Doing this ensures that you are sticking to forum rules!

Encryption usually involves an encryption "key" that you use to decode the encrypted string. Although it's not encryption, look up MD5 for a good example.

Encryption can be as basic as replacing every 'a' in the plain text by a 'b', every 'b' by 'c' or, easier for computer users, by hitting the key right or left to the original key (I'll give an example for a german notebook keyboard):

(plain) TRAP17 IS GREAT
(a->b) USBQ28 JT HSFBU
(right) ZTSÜ28 OD HTRSZ
--the fourth letter in the last example is a german Umlaut, a special character. It might not be displayed correctly in other regions--

Well, that's encryption for you. It is, however, not secure since the pattern will repeat and thereby it will become easy to crack. Some smart people invented a secure (well, as secure as encryption can be. If you lose the secret key, it's not secure anymore but hey, that's the human factor) encryption method working with a pair of keys, one of them public and one private. Unlike other encryption methods, public key-encryption works better the wider you can spread your public key.

Whoever wants to send you an encrypted message uses your public key to encrypt it - but this message can not be decrypted using your public key. Your private key on the other hand enables you to decrypt it.
Using this method, a text (or file) can even be "signed" by you - use your private key to encrypt the text or create the text's signature and it can be decrypted/validated using your public key...

...this method is used in the proprietary PGP("Pretty Good Privacy")-Software and the compatible, free Open- and G-PG("GNU Privacy Guard")-Software and some other software to encrypt your communication.

If your private key-file falls into the wrong hands, however, you should be quick to spread your revokation certificate (a file PGP/OPG/GPG can generate using your private key) so people know for sure that your private key is not private anymore (well, it might still be secure but everything that prevents someone from using your private key to decrypt your communication is a simple passphrase like you can set for e.g. a web service)...

by the way, "TRAP17 IS GREAT" looks like this when encrypting it using GPG and a 4096bit-key (i.e. the one I'm mostly using):



try guessing that...

This post has been edited by brainless: Jun 13 2006, 12:36 PM

Yeah, it like an uncrackable language for like storing passwords

What is encrypion? That is the question that you are asking us to tell you. Let me explain encryption in the easiest way that I can. Dictionary.com explains encryption in a scientific, yet simple way to get the point across. It says simply this:



So it is as if encryption is a computer science

It should be noted that there is a difference between two-way encryption(reversable) and one-way encryption (hashing).

For most password checking and such where the original message is unimportant but you need a way to check that the person has the correct data. you could use such one-way hashing such as md5 which outputs a string of hex digits(I think 40 characters?). the original message cannot be reconstituted from the hash but everytime you has a certain string it will begit the same hash. you can therefore match the hashes to check a password but if someone is able to break into your database or storage depot they won't be able to get the code even with the hash firmly in hand.

two-way encryption is best divided into two parts. single key encryption is used for such things as your windows password or basic encryption for file transfers. This isn't as secure as other forms because there is a single key that must be transferred from one place to another. typically the key is formed by taking one huge prime number and multiplying it by another huge prime number (aka: double prime encryption). this makes it very hard to guess the key because the number has only two factors and "normal" methods of cracking a code rely on factoring the key based on the output of the decryption attempt but with only two it's very difficult for the program to guess.

the other form of two-way encryption is private/public key encryption. (this stuff is all around you). this has a publicly available key that enables anyone to encrypt data. but to unencrypt the data there is a separate key that is kept private and is often encrypted using the first method of two-way encryption. this makes the data an order of magnitude more secure because instead of guessing one key(which can be very very difficult) they have to guess one key then try and decrypt another something that is also encrypted to see if the key was done correctly. this adds another step which will bog down even the fastest machines because of the millions of iterations necisary to guess the first key. the private key can also be sent using another bit of data used when generating the public key that will force the generation of the correct private key. this is typically done using parallel programming. both the sender and the reciever have a program that generates private keys and using a token of data will generate the proper key to decrypt the data.

A new form of encryption that is still in the development state is called "quantum encryption". before you turn off your eyes, it really does exist. it involves a hand shake of sorts (like how your computer negotiates a connection to a host). the sending computer sends bits of lets say electrons. the recieving computer chooses a filter and sees if the electron makes it or not. only the data of whether or not the electron made it are important to the home computer. after several iterations of this a key is generated on the sending computer and the data is then sent to the reciever by this method (after being encrypted). the data appears at the other end correctly. if someone trys to sniff the data it will be very evident because the data will appear garbled on the other end because the sniffing alters the qantum state of the electron(thing of it spinning counterclockwise or clockwise for different states.) and unless the intruder has guess the proper filter the data will also appear garbled to him/her. and this can be done on the fly indefinitely without any possible leaks.

Thats very interesting, i skim red everything above, so if it replaces all a's with b's, when it changes em bak woodnt it make b's a's so if I sent.

Hi how Are you BritAny

It wood chnge it to this:

Hi how bre you Britbny

So if it changes all b's bak to a's it wood be like dis:


Hi how are you aritany