TECHNOLOGY

Cryptography is secure… to what extent?

Password security

What is cryptography?

Today we all visit the Internet, we hang photos on social networks, we enter passwords in the bank… all this without worrying about what really happens with this password or how this information travels. The reality is that this travels encrypted, but… is this Encryption Is 100% secure? In this article we will try to answer this question, and we will see that it is currently safe, but perhaps not for much longer.

For starters, the Cryptography It is the science that is used to encrypt data that the user introduces or travels over the Internet in order that a third person cannot see its contents.

So, we can Send Any type of information that the browser is going to encrypt and no one will be able to decrypt to see its contents. Sure we have ever noticed the padlock that is next to the Web address that we enter in the browser (green means encrypted, red means dangerous, among others), or sure we have also fixed in the word https of the web address , for example Https://www.google.com. These two examples are the product of this encryption that applies to any information that travels on the network. For this cipher, throughout history, different algorithms have been designed. Today the most used is the so-called RSA algorithm.

RSA algorithm

The RSA algorithm is a cryptographic system of Public key Or asymmetric, in which emitter and receiver (as can be the user and the bank) make a key exchange to encrypt the information.

These keys are automatically generated by the encryption protocol of the same browser, using very complex mathematical operations. In the generation of these keys, the transmitter and receiver do nothing. The issuer will send that information that the browser is going to encrypt it by means of the public key that has been generated to the receiver and will only be able to decrypt the receiver that has the private key associated with the public key. To illustrate this, let’s put an example:

cryptography

Ana wants to send an information to David. To do this, Ana has a Public key and another Private key, just like David, who has his own.

  1. Ana writes a message.
  2. Encrypt this message with the Public key of David, which can only be decrypted by his Private key.
  3. Ana sends the encrypted message to David. This message, an intruder will be able to see encrypted, but if you want to decrypt it, you will need the Private key of David.
  4.  When David receives Ana’s message, he decrypts it through his Private key.
  5.  Only and exclusively David can read the message.

This whole procedure is very nice, but is it really safe under any circumstances? Can no one generate my Private key and read the message?

The first answer is no, but the second is affirmative. Really these public keys And private keys They are generated by mathematical operations that are very costly to calculate. How long would it take us to calculate David’s private key? It would take about 2 years using hundreds of computers of the most powerful that exist. So, we can say that it is impossible for someone to desencripte our password, due to the high cost of this.

Solved a question opens another… what if someday we have a computer capable of calculating it in a Very limited time?

Current cryptography problem.

Here’s the problem. Every time it is gaining more strength the idea of Quantum computers. These computers work with bits called Qbits. A general traits can be 0, 1 or both at the same time for a short period of time. For this reason, during this time we know all the values that the Qbit (0 and 1) wasting only the time to calculate one of the two values. The same will happen if we have two Qbits, we will be able to know all the values adopted by these Qbits (4 values) with the time to calculate only 2 Qbits. For the same reason, if our Private key It has 256 bits, we can calculate all the possible values that form these 256 bits, wasting only the time to calculate 256 bits, which are just seconds.

All this may seem very complicated. However, with a quantum computer that works with Qbits, we can significantly reduce the time to calculate a Private key. It will be possible to decipher keys in a very limited time. This opens the door to a new dimension, quantum cryptography, which must solve the problem exposed in this article. This new type of cryptography is going to start to collect strength in a short time. In the Next article We’ll explain it more in detail.

Oriol Val | Cybersecurity engineer at R3 CyberSecurity