Encryption and hashing
Encryption
- Encryption turns readable plaintext into unreadable ciphertext using a key.
- Only someone with the right key can decrypt it back.
- There are two families — symmetric and asymmetric — plus one-way hashing.
Symmetric encryption
- Symmetric encryption uses the same key for encrypting and decrypting.
- It is fast and ideal for bulk data (a whole disk, a video stream).
- Its weakness is key distribution — how do you share the secret key safely in the first place?
Symmetric encryption uses:
Symmetric encryption shares one secret key — fast, but it must be distributed securely.
The main problem with symmetric encryption is:
Both parties need the same secret key — getting it to them securely is the key-distribution problem (solved by asymmetric crypto).
Asymmetric encryption
- Each user has a key pair: a public key they publish and a private key they keep secret.
- Data encrypted with the public key can be decrypted only with the matching private key.
- To message Alice: encrypt with her public key; only she can decrypt. No prior key exchange needed — but it is much slower, so not used for large data.
To send a confidential message to Alice using asymmetric encryption, you encrypt with:
Encrypting with the recipient's public key means only their matching private key can decrypt it.
Hybrid approach (what real systems use)
- Use asymmetric to exchange a fresh session key, then use that symmetric key for the data:
- the client makes a random session key → encrypts it with the server's public key → the server decrypts it with its private key → both now share it for fast symmetric encryption.
- This is how HTTPS and SSH work.
In the hybrid approach used by HTTPS, asymmetric encryption is used to:
Slow asymmetric crypto just shares a session key; the bulk data then uses fast symmetric encryption.
Hashing (one-way)
- A cryptographic hash turns any input into a fixed-size digest; the same input always gives the same digest, and a tiny change alters it completely.
- It is one-way — you cannot recover the input.
- Used for password checks, integrity checks and digital signatures. (Hashing is not encryption — there's no key to reverse it.)
A cryptographic hash function is:
Hashing is one-way (no key to reverse it); it is used for integrity checks, password verification and signatures.
You've got it
- symmetric = one shared key (fast, bulk) but has the key-distribution problem
- asymmetric = public/private key pair (solves key sharing) but slow
- hybrid: swap a session key with asymmetric, then use symmetric (HTTPS/SSH)
- hashing = one-way digest (no key); for integrity and password checks