Watch this episode on YouTube.
Reasonably Accurate 馃馃 Transcript
Good morning, everybody. How are you doing today? Welcome to episode 100 of Mornings with Mark. That's kind of crazy to me that we've made it to episode 100. Thank you for sticking with me throughout this journey. Um I think it's been a lot of fun.
It continues to be a ton of fun. Hopefully you feel the same way. Um Wanted to continue our cybersecurity basics discussion. Um Today, I want to talk about encryption. Um Encryption is something that a lot of people use is a word.
It's kind of hit the mainstream vocabulary. We see it popping up in TV and in movies and in books, but a lot of people don't necessarily understand what exactly it is. So we're going to cover that in brief today just at a really high level.
So essentially encryption refers to a number of modern technologies or modern implementations. But at its core, encryption is the application of a field of study we call cryptology or cryptography. So there's going to be a bit of confusion with Cryptocurrency.
It uses the same underlying math. Basically, the goal here is to obscure and secure content so that if only people who have the key can unlock that data. It's really that simple. So where we see encryption popping up in common use is encryption for data at rest and data in transit.
So what I mean by that is encrypting data at rest means data that's sitting on a hard drive, on a thumb drive, it's sitting in storage. So we want to make sure that anybody who has access to that storage can only access that data if they're allowed to.
So we use encryption. You are using encryption right now, probably whether you know it or not if you're watching on an Apple ios device. So an ipad or an iphone, it's encrypted, right? Your passcode actually unlocks a series of keys that unlocks all this crazy layer of encryption because that's encrypting data at rest.
The goal is that if somebody picks up your phone and doesn't have your password, that phone is useless to them, they can plug it into a computer, they can plug it into analysis machine. But the goal is to make that data inaccessible.
So we use encryption to lock it away. The other form that we commonly use is encryption, encrypting data in transit. So you see this all the time when you're doing banking transactions online, that little padlock in your browser indicates that encryption is in use.
So the website you're connecting to has a public key and a private key, it keeps that private key, private it. But the public key and the private key are a mathematical match essentially. And what you do is you allow people to see the public key.
They use that public key, which is really just a big giant number. And they use that in a mathematical function that then encrypts the data. It uses a certain type of math function to lock that data away for the matching private key.
The matching private key can unlock that data. So when we talk about public key, private key, these are just two really big prime numbers that form these keys and the public key can obviously be public and shared.
The private key needs to be held secure. And that's the real key around encryption. This is the same way it works at rest as well. The key there is ensuring no pun intended that your private key stays private because as soon as that private key is leaked or someone gains access to it, they can gain access to the data.
So the easiest way to think about encryption is it's a set of keys, public and private. Everybody who's using encryption needs a set of those keys and they will it will lock away the data with one of those keys.
So if I lock the data away with a private key, my public key can unlock the data. So obviously we want to lock it with the public key and use the private key to unlock the data. Now, interestingly enough digital signatures are very similar to encryption.
And then I use my private key to sign data. So not to lock it away, but just to lock a tiny bit of it in a signature. So a meaningless part of the data in a signature and then people can use my public key to verify that it was actually me interesting little use there.
So there's a whole bunch of different types of encryption, public key is the most common. There's a whole bunch of different types of what we call ciphers, which is the algorithm used to encrypt the data. And the whole goal here is to have a really complicated cipher that you don't have to worry about as the end user, but that it makes it harder for people to break.
So encryption is all about making sure that the data is so hard to get at that. It's not worth the attacker's time just because data is encrypted doesn't mean it's impossible to get at. So that's a really important fact is that encryption we know will be broken.
That's just how it's been, we've been using encryption um since, you know, hundreds and hundreds of years in different forms. This is just the latest form with using these public and private keys. And we know we have cryptographers, we have these are people who use cryptography or to encrypt things and we have Attackers who are trying to get at that and it just at this point of computational cost.
So how much effort is it required to break the encryption? And quite often we talk about the strength of encryption in terms of computational years that it will take to break. So if you mess up and that's most of the time when we see encryption being messed up, it's because somebody is messed up in the implementation, the math still holds up, but somebody made a mistake, they exposed that key or they picked a small number for that key, which makes that encryption easy to break.
So the goal here is to make it that it's locked up with a strong enough algorithm with a strong enough level of math that it's going to take eons years and years and years and years of a lot of computing strength to brick.
So that that's data is reasonably secure. By the time it was broken that data was probably no longer relevant. So that's encryption in a nutshell. What do you think? Let me know, hit me up online at marknca in the comments down below on the blog and as always by email me@markn.ca, does that help clear up encryption a little bit?
I know that was a little dicey in places. Again, this whole point of this basic series, get out some of that uh terminology work with you guys work with the audience here. Try to figure out what makes sense, what doesn't, what areas we need to focus on to make a little bit of a tighter video series that I'm gonna publish out under the trend micro handle um to help people have an easy reference.
So, uh you know, targeted at a general audience. What does all this stuff mean? Um I hope you're set up for a fantastic day. I will talk to you online and I will see you on the show tomorrow for episode 101 crazy.
