I’ve been around the computer business for a long time. Way back, before the Web and even before computers, if you wanted to send a secret message to someone, you used a simple substitution code. An example of this was the Caesar cipher. This was a simple rotation or shift of the alphabet.
Plain: ABCDEFGHIJKLMNOPQRSTUVWXYZ
Cipher: DEFGHIJKLMNOPQRSTUVWXYZABC
To decode the message, you look up the cipher text letter in the Cipher line and replace it with the letter in the Plain text line.
Ciphertext: WKH TXLFN EURZQ IRA MXPSV RYHU WKH ODCB GRJ
Plaintext: THE QUICK BROWN FOX JUMPS OVER THE LAZY DOG
The above example (from the Wikipedia reference above) is a shift of 3 cypher.
This is an example of a simple symmetric encryption algorithm which, even without a computer, would be fairly simple to break using a brute force approach (there are only 26 possible shifts, try them all until you can read the message.)
As time moved on from 100 BC, encryption algorithms became more sophisticated, and with the invention of the computer, easier to implement.
In 1977, three men, Ron Rivest, Adi Shamir and Leonard Adleman worked together to develop the RSA encryption algorithm. By using very large prime numbers and some math, they created an encryption process that allows you to have one function to encrypt the message using a public key, and one function to decrypt the message using a private key.
Since the public and private keys are different, it is also called asymmetric encryption. The key pairs are generated by picking a very large random number and using it to pick a very large prime number. The math needed to do this is beyond this article, but those masochists out there can read all about it.
The point to all of this complex math is that while it is very easy to create a key pair, it is very, very hard to calculate the private key knowing the public key without doing a lot of calculating.
However, the basic premise of all encryption has not changed. A message is created, it is modified in some reversible way, and then sent (if everything works correctly) to the intended recipient, who then, using some secret knowledge, reverses the change and reads the message. As an added bonus, the process provides a way to verify that the message really came from the person that you think it came from.
A weakness in this process is introduced using a Man-in-the-Middle attack, where a server is inserted into the chain between the sender and recipient that is able to masquerade as the intended destination.
The basic problem is that as computers get faster and faster, the secrets become breakable in a reasonable amount of time. Another problem is that while the math used to create the encryption system may create a very secure way to transfer messages, the implementation of that math may have taken some shortcuts or just contain bugs, which renders the entire process insecure.
In the last two years, several of our trusted algorithms (SSL, SSLv2, SSLv3) have fallen, and others may be showing signs of weakness. We continue to need ways of exchanging and protecting our information. I believe that new ways of hiding and protecting our information will be invented – if not, our way of life may have to change.