Chapter 2. A crash course in cryptography

Table of Contents
2.1. Symmetric ciphers
2.2. Public-key ciphers
2.3. Key exchange
2.4. Message digests
2.5. Digital signatures
2.6. Public key certificates
2.7. Certification Authorities and "Public Key Infrastructure"
2.8. The TLS process
2.9. The downside of using HTTPS

For our purposes (dealing with TLS) there is a small amount of cryptography that you need to know about. To avoid the all too common problem with computer security of "shooting yourself in the foot" you really do need to understand this much. Please appreciate that what follows is a broad-brush outline that glosses over an embarrassingly large amount of detail.

2.1. Symmetric ciphers

These are what most people think of as codes: using a well-known algorithm and a secret key to encode information, which can be decoded using the same algorithm and the same key.

Notice that it is only the key that is secret; encryption schemes that depend on the algorithm remaining secret are not regarded as satisfactory. Some of the symmetric algorithms used by TLS include RC2, RC4, DES (The US "Data Encryption Standard"), Triple-DES, and IDEA, many with a variety of key lengths. With all ciphers, the longer the key the harder they are to break. DES, which has a 56 bit key, is now routinely cracked (admittedly using specialist hardware) in a few days. Key lengths of 128 bits currently seem reasonable for information that you want to remain secret for the foreseeable future. TLS also supports a "NULL" encryption algorithm, intended for testing, which should be disabled in a live environment since otherwise an attacker might trick both client and server into negotiating use of this algorithm.

A significant problem with symmetric ciphers is that it is difficult to transfer the keys themselves securely.