Cryptography for non technical people

While the internet is evolving, we see more and more frequently using cryptography to ensure security.

But hey, honestly, you are not a tech guy, and you probably don't want to become one, but at the same time, every day is getting more important that you have a rough idea of how cryptography works.

In this post, I will give you a non-technical and non-accurate introduction of asymmetric cryptography, only to let you understand why you find it in so many places.

I'm going to write about asymmetric cryptography, there are many other kinds of cryptography, but we want to focus only on this; why?

Because it is used in:

• Websites: HTTPS ensures security when you browse websites;
• Blockchains: cryptography is used to ensure security in all transactions;
• Authentication: cryptography ensures security on both the server and the client;
• End-2-End encryption: you are using it when you send a message in WhatsApp, for example;
• Many other contexts.

Asymmetric cryptography uses two key (private key and public key) that are strictly connected. The private key is linked to the public one and vice-versa.

The public key is the piece of information that can be shared with the world; it is not a secret. On the contrary, it should be made available publicly.

The private key is the piece of information that must be kept secure and private. If someone gets access to your private key, he/she can impersonate you.

When we have to exchange sensitive information between two systems (they can be websites, blockchains, etc.), we must be sure we're who we are saying to be.

To do so, I can generate an encrypted message using my private key and the recipient's public key.

Now the message is not readable by anyone (because it is encrypted) except to those who have the private key linked to the public one I used to generate the message.

I can send the encrypted message on a non-secure communication channel because the information contained in it is not readable.

In an extreme situation, due to an error, I could send the encrypted message to the wrong person, but he will not be able to decrypt it because he will not have the correct private key.

At the same time, if someone receives a message which looks like it is coming from me, he can be sure (or not) if it is real because it should be encrypted using my private key. If this is not the case, then the sender was not me.

Asymmetric cryptography is used often because it does not require any agreement before the security is implemented (we do not have to exchange any information or rule about the encryption/decryption of messages).

Moreover, based on the size of the keys used, it can be pretty impossible to decrypt the message without knowing the private key (actually, it can be decrypted by brute-forcing - which means trying every possible private key value - but it could take a huge amount of time).

Summarizing all of this in an image:

After this super-easy and not really accurate explanation (if you know cryptography, please forgive me), you have a rough idea of how asymmetric encryption works, why it is important, and why you will find more and more of it.

---

This series of articles is dedicated to managers who are not technical but need a quick introduction to technical topics from various subjects to be more aware in their work.

Feel free to propose new topics clicking here!