always the key. A message that is encrypted is valuable only if it can be decrypted, of
course. If I were to send you an encrypted message, you would need the key to be
able to decrypt it. This is where the challenge starts to come in.
There are two means of handling keys. The first is
asymmetric encryption
. This is
where there are two keys, one for encryption and one for decryption. You may also
hear this referred to as
public key encryption
. The idea is that everyone has two keys—
a public key and a private key. The public key is something everyone can have. In fact,
it works only if everyone has the ability to access everyone else’s public key. Encrypt‐
ing a message using a public key means that the message can be decrypted only by
using the private key. The two keys are mathematically related and based on calcula‐
tions using large numbers. This all seems like a reasonable approach, right? The prob‐
lem with asymmetric encryption is that it is computationally hard.
This leads us to
symmetric encryption
. With symmetric encryption, as you may have
guessed, we have a single key. The same key encrypts and decrypts. Symmetric key
encryption is computationally easier. However, symmetric key encryption has two
problems. The first is that the longer a symmetric key is used, the more vulnerable to
attack it is. This is because an attacker can gather a large volume of ciphertext (the
result of feeding plain text into an encryption algorithm) and start performing analy‐
sis on it in the hopes of deriving the key. Once the key has been identified, any traffic
encrypted with that key can be easily decrypted.
The second and more important problem is that after we have a key, how do we both
get it? This works, after all, only if both of us have the key. So, how do we both have
the key if we are not physically proximate? And if we are physically proximate, do we
need to encrypt messages between us? We could have met at some point and shared
the key, but that means that we are stuck using the key until we meet again and can
create a new key so we both have it. The longer we use the same key without meeting
again brings us to problem #1 noted previously.
As it turns out, two mathematicians solved this problem, though they were not the
first. They were just the first who could publish their work. Whitfield Diffie and Mar‐
tin Hellman came up with the idea of having both sides independently derive the key.
Essentially, we both start with a value that is shared. This can be safely shared unen‐
crypted because it’s what happens to it after that matters. We both take this initial
value and apply a secret value using a mathematical formula that we both know.
Again, it doesn’t matter whether this is public because it’s the secret value that mat‐
ters. We share each other’s result from our individual computations and then reapply
our secret values to the other’s result. In this way, we will have both gone through the
same mathematical process from a single starting point, so we will both have the
same key in the end.
The reason for going through all of this is that in practice, all of these mechanisms are
used. The Diffie-Hellman key exchanged is used along with public-key cryptography
