Question on cryptation

[Tinker Grey]

Consider a program that all it does is multiply two numbers. Suppose you see an answer and it is 24. There is nothing about the answer 24 that ensures that you know what the inputs were. The inputs could be 1 & 24, 2 & 12, 3 & 8, or 4 & 6.

You may look at an encryption program and know and understand how the encryption takes place. But, the point of encryption is that you can't tell what the input was from the output.

The multiplication problem is extremely easy and one can narrow down the possible inputs. However as simple as it is, you could never be sure which of the inputs generated the output this time.

Searching for the private key that renders something meaningful from the output is extremely complex. And that is the point, finding the key may be possible, but if it takes you longer than the age of the universe using the fastest computers available, then it is effectively impossible to break.

 

[Wiccan_Child]

Encryption software takes the text you want to hide, and uses a mathematical procedure to generate the encrypted text. BUT, the way that procedure works uses a random string of numbers, and without that string of numbers, you don't know how the program actually did the encryption.

Think of it like this. The program takes the text (for example, 'HELLO') and a string of digits of equal length (for example, '12345'), and advances each letter forward by its corresponding number. So the encryption is based on the text, the encryption method, and the key.

So, the first letter, H, of the text goes forward 1, since that's the first digit of the key, and becomes I. The second letter moves forward 2 (the next digit in the key), and so on. Thus, the outcome is:

HELLO --> IGOPT

This is done using the encryption method ("Move each letter forward a number of letters equal to the number in that corresponding position in the key"), but it should be plain to see that the encryption method itself doesn't tell you what the key actually is - that is provided by the user. You define the key, not the program.

Thus, even if you have the encryption method, you wouldn't have the key. If you were a spy, you wouldn't know the key was '12345'. You'd know it was a 5-digit number, etc, but you wouldn't know what it was - and so, even with the method, you wouldn't be able to decrypt the cipher (well, not immediately, you could try every key and see what works).

Now, this is a quick example that, in real life, wouldn't work, but it proves the point: encryption methods use a key to encrypt something, but don't have the key hard-wired inside the coding.

 

[Lillen]

But the program must reveal the way "hello" is encrypted like you said. Isn't it just run the equation backwards processing the encrypted text to readable information.

I am not sure I follow you.

If I process "H" into "A" the program and the both keys must hold infromation how i did it? And if i run the information backwards, information i gathered from the program and both keys, it will turn the 'A' to 'H' again. Now some said it will take long time to do this using a machine. But lets assume, simplified, I define 'A' as '1' in the key everyone has access to, and '1' to 'Ö' in the personal key. Knowing this, how I processed 'A' to '1' to 'Ö' I will be able to figure out the information by processing it backwards. Now in pgp i believe they use 128 bit encryption but instead of counting the bits 1, 2, 3... 127, 128. I count the bits 128, 127... 3, 2, 1. And I will be able to decrypt the information, no?

 

[Lillen]

To simplify, If my encryption process 1 to B, The program must hold information how I processed it. If I run that information backwards, i will get B to 1 instead.

Now with two keys the information how to process it must be stored in the program along with the keys?

Also i doubt that the create a new personal key for each and every user. or?

 

[zmonkey]

Lillien, imagine that to translate from 1 to B is based on a set of instructions (the key) and the rules of how to use the instructions (the program). Without the key you cannot use the program to encrypt your 1 to B. You need both key and program.

In simple encryption you can use the key and program to both encrypt 1 -> B and decrypt B -> 1. This is commonly called "private key encryption" because it requires that you keep the key private. Anyone that has the key can decrypt the message.

Without a key the program does nothing. The key tells the program that 1 should be B and not C. No key, no encryption.

Now in public key encryption, first two keys are generated. These keys are mathematically related and it is possible to derive one from the other but it is just very difficult (take a lot of time). The public key is used to encrypt the message. The private key is used to decrypt the message. The relation between the two is "hidden" by the complexity of the calculation. what is considered encrypted by these methods will not remain so forever. Key sizes have been growing to assure that the difficulty to decrypt remains high.

And yes, a key set is generated for every user. It is just two large numbers, we are not going to run out of them