Tech Primer Series: Encryption

itro > itro News  > Tech Primer Series: Encryption

Tech Primer Series: Encryption


A part of the Tech Premier Series 


  • Plaintext – Normal text anyone can read
  • Cyphertext – Encrypted text no one can read
  • Cypher – A pair of mathematical algorithms allowing encryption and decryption of information
  • Key – Specifies how an algorithm transforms plaintext into cyphertext (e.g. a password)
  • AES – Advanced Encryption Standard

Short explanation:

Encryption is a method used to secure data by transforming ‘plaintext’ information into ‘cyphertext’. Encryption works by combining a ‘cypher’ with one or more keys. Most encryption breaches are due to poor technical implementation and password hygiene rather than a brute force attack. Performing a brute force attack – without exploiting social engineering or algorithmic defects – on the 256-bit key (A 256 long string of 1s and 0s; or 1.1 x 1077 possible combinations) used to secure your bank’s web session would take many billions of years.

The goal of an encryption scheme is to make it easy to encrypt a message, but difficult as possible to decrypt.

More detailed:

Alphabet shift cyphers are an early and simple example of a cryptographic algorithm. If we shift the word ‘itro’ by four letters, it becomes ‘mxvs.’ In this example, the cypher dictates that you must shift the characters in one direction to encrypt, and to shift in the opposite to decrypt. The ‘key’ is four, as it specifies the number of letters by which to shift.

In an alphabet shift cypher, it becomes relatively easy to decrypt messages once you know the algorithm. Cryptographic experts develop modern cyphers in such a way that anyone with knowledge of the algorithm in use cannot easily decrypt messages. Knowledge of how AES functions is freely available for implementation by anyone and underpin much of the modern internet.

In short, the goal of modern encryption schemes is that an unauthorised third party can possess both the algorithm and cyphertext, without the ability to revert said cyphertext without the key.

Cryptographic Schemes:

The two most popular cryptographic schemes today are symmetric-key and asymmetric-key systems:

  • Symmetric-key systems utilise an algorithm with a single key to encrypt and decrypt data. The alphabet shift cypher detailed above is an example of such a system – You use the number 4 to both encrypt and decrypt messages.
  • The disadvantage of a symmetric-key system is that you must find a way to communicate the key so the recipient can successfully decrypt the message. In modern encrypted communications, endpoints generate and exchange symmetrical keys via an asymmetric-key scheme.
  • Asymmetric-key – or public-key cryptography – utilises a pair of keys; a public key used to encrypt, and a related private key used to decrypt. Although the two keys are related, a properly implemented asymmetric-key is computationally expensive to compromise.
  • For example; James runs a blog, and would like readers to email him sensitive information securely. He generates a public and private key pair. He keeps his private key secret but puts his public key on his website. A reader can take his public key, encrypt a message and send it to James, at which point he can decrypt the message by combining his secret private key with the public key on his blog.
  • When you connect to a secure website, your computer and the server initially communicate using an asymmetric-key system called the Diffie-Hellman key exchange. The devices will then negotiate the use of a symmetric-key algorithm and a pseudo-random key to continue communications.


Encryption relies on secure keys; if an attacker finds a way to compromise the secret key, they can decrypt any communications using said key. Security researchers, government agencies, and unethical hackers are extremely resourceful and can develop clever exploits, such as:

A more common weakness is utilising an insecure password for your encrypted data. The key for your bank accounts or mailbox is the password you type, so it’s important to ensure you use strong credentials.


Cryptography is an incredibly powerful tool utilising a mathematical process to convert plaintext into unreadable ciphertext. However, you should not use encryption in isolation; it must be part of a wider security implementation which limits physical access and educates users on its shortfalls. 

No Comments

Sorry, the comment form is closed at this time.