If you're seeing this message, it means we're having trouble loading external resources on our website.

If you're behind a web filter, please make sure that the domains *.kastatic.org and *.kasandbox.org are unblocked.

Main content

Encryption and public keys

Mia Epner, who works on security for a US national intelligence agency, explains how cryptography allows for the secure transfer of data online. This video explains 256-bit encryption, public and private keys, SSL & TLS and HTTPS. 

Want to join the conversation?

  • female robot amelia style avatar for user Taru Jain
    How can public key and private key be different when the key (or answer) to the message can be only one? If you encrypt the message using 'x' key, then how can a 'y' key decrypt the message?
    (15 votes)
    Default Khan Academy avatar avatar for user
  • hopper happy style avatar for user Hassan Abdul-Kareem
    A team recently tried to break a 1024 bit encryption , that took 3 years to break it "trying each possibility" is such a weak attack and there's various algorithms to do that way more smarter and faster, actually what i assumed your calculations aren't petty much right or doesn't have the accuracy to find the right time to break it , because each algorithm takes different time, am i wrong?
    (6 votes)
    Default Khan Academy avatar avatar for user
    • male robot hal style avatar for user Cameron
      Key length and the key strength are different things.
      The key strength tells you how many bits worth of security you get compared to a key where no attack other than brute force can be used.

      So for AES-256 where there are no known practical attacks against it, its 256 bit long key also has 256 bits of key strength.

      On the other hand, for RSA, which has all sorts of attacks against it, a 1024 bit long key only has 80 bits worth of key strength. An 80 bit key is small, so it isn't that shocking that a concentrated effort could break it. Most keys used these days have at least 128 bits of key strength which means they are 2^48 = 281,474,976,710,656 times as strong (although some people are still using 3DES with only 112 bits of strength).

      For an RSA key with 256 bits of key strength we would use a 15360 bit long RSA key.
      (As shown on page 88 of FIPS 140-2 implementation guidelines here: http://csrc.nist.gov/groups/STM/cmvp/documents/fips140-2/FIPS1402IG.pdf )

      Hope this makes sense
      (20 votes)
  • mr pink red style avatar for user Zach
    Some times though in cryptography it ( I mean a hacker) doesn’t have to do all of the possibilities because the English language. As every one knows it has patterns and rules so even thought there could be billion of possibilities there are algorithms that can solve the cypher even quicker. If a individual following particular rules and common patterns can solve a encrypted message even quicker.

    Then again this is a 101 Class so maybe this should be elaborated later on in the lesson when you guys develop the new class.
    (6 votes)
    Default Khan Academy avatar avatar for user
    • piceratops seed style avatar for user govaertscedric
      Well, I think this course are for beginner. When you started to learn how to read & write, your teacher didn't put you european, cyrilic, mandarin, arab etc...He just told you that your alphabet have 26 letters (in general).

      This course are a approach of it. Not mean to make you a professionnal or even a amateur.
      (6 votes)
  • blobby green style avatar for user Miguel Angel Villanueva Ramirez
    I don't get it, if the public key is to let anyone access the "mailbox" then why would we need to lock it in the first place? couldn't we just let it opened?
    (3 votes)
    Default Khan Academy avatar avatar for user
    • leafers seed style avatar for user Jorge Lainez
      The public key does not allow access to the mailbox. Instead, the public key simply encrypts the message being sent. The private key decrypts the message sent. That is why the public key exists. You don't want someone to be able to see your message that is meant to be private.
      (9 votes)
  • primosaur sapling style avatar for user Fan Of Edwin Van Der Sar
    does 256 bit encryption = CAESAR'S CIPHER ?
    (0 votes)
    Default Khan Academy avatar avatar for user
  • aqualine ultimate style avatar for user Jorge R. Martinez Perez-Tejada
    What would happen if the Riemann's hypothesis is solved? Is the perceived possibility of this soooo low, that all the information on the internet relies on it never being solved? Is there any plans to transitioning to another type of encryption?
    (3 votes)
    Default Khan Academy avatar avatar for user
    • male robot hal style avatar for user Cameron
      Modern public key cryptography schemes typically rely on the discrete log problem being hard, and/or factoring large numbers being hard. Proving Riemann's hypothesis would not make either of these problems easier. Cryptography schemes can be , and have been, built upon different hard problems in the event that the factorization and discrete log problems are solved.

      As a side note: It is generally assumed that the Riemann's hypothesis is correct, so it would be unusual to build a scheme that relied upon it being false
      (4 votes)
  • piceratops seed style avatar for user SMakarovi4
    How do public and private keys correspond to each other? If they are not the same, how can we be sure that encrypted with public key message will be correctly decrypted by private key? And also if public key is openly available, what's the catch of private key if the message can be sniffed and decrypted to its original state using public key?
    (4 votes)
    Default Khan Academy avatar avatar for user
    • male robot hal style avatar for user Cameron
      How do public and private keys correspond to each other?
      It depends on the one-way function being used for the encryption scheme e.g. in RSA the private key is the modular inverse of the public key mod phi(n)

      If they are not the same, how can we be sure that encrypted with public key message will be correctly decrypted by private key?
      Any encryption scheme will have a mathematical prove showing that the private key will act as a trapdoor for the corresponding public key. e.g. here is a proof of correctness for RSA ( https://en.wikipedia.org/wiki/RSA_(cryptosystem)#Proofs_of_correctness )

      And also if public key is openly available, what's the catch of private key if the message can be sniffed and decrypted to its original state using public key?
      Not sure what this is trying to ask, but it should be impractical to decipher a ciphertext without the private key as this would be reversing a one way function. The public key will not help in reversing a one way function.
      (1 vote)
  • blobby green style avatar for user Ashikur Rahman
    Public keys encrypt the message. So is it possible to reverse engineer the public key to work as a private key to decrypt the message?
    (4 votes)
    Default Khan Academy avatar avatar for user
  • male robot hal style avatar for user KhanEagle
    A bit of confusion in the private key concept. Suppose the package is received by the receiver and he has the private key does the package have information about the receivers private key. Because if not, how does the package know the receiver is using the right private key. And if yes how does the sender know about the private key of the receiver, do they share each other private key before hand? Sorry for long Qs.
    (2 votes)
    Default Khan Academy avatar avatar for user
    • male robot hal style avatar for user Cameron
      To receive packages you need to create two keys: a public key and a private key.
      These two keys are related to each other mathematically, so you could say, that the public key knows about the private key. However, someone looking at the public key can't tell which private key the public key knows about without solving a super hard problem.

      You give everyone the public key, and keep the private key secret.
      When someone encrypts the package with the public key the package will be constructed so that only the private key will open it.

      One way to think of it is like this:
      - The receiver has a padlock and a matching key
      - The sender borrows the opened padlock from the receiver, and locks it around their package
      - The receiver can then just use their key to open it
      (The padlock is the public key, and the matching key is the private key)

      Hope this makes sense
      (5 votes)
  • leaf green style avatar for user vamsirocks0007
    we say "internet is huge and holds lots of data"... actually where is it getting stored(all that packets of data).?..like when the sender is not active..?
    (2 votes)
    Default Khan Academy avatar avatar for user

Video transcript

(energetic music) - Hi. My name is Mia Gil Epner. I'm majoring in Computer Science at UC Berkeley and I work for the Department of Defense where I try to keep information safe. The internet is an open and public system. We all send and receive information over shared wires and connections. Even though it's an open system, we still exchange a lot of private data, things like credit card numbers, bank information, passwords, and emails. So how is all this private stuff kept secret? Data of any kind can be kept secret through a process known as encryption, descrambling or changing of the message to hide the original text. Now, decryption is the process of unscrambling that message to make it readable. This is a simple idea, and people have been doing it for centuries. One of the first well-known methods of encryption was Caesar's cipher, named after Julius Caesar, a Roman general who encrypted his military commands to make sure that if a message was intercepted by enemies, they wouldn't be able to read it. Caesar's cipher is an algorithm that substitutes each letter in the original message with a letter a certain number of steps down the alphabet. If the number is something only the sender and receiver know, then it's called the key. It allows the reader to unlock the secret message. For example, if your original message is, "Hello", then, using the Caesar's cipher algorithm with a key of five, the encrypted message would be this. (typrwriter keys clacking) (computer chime) To decrypt the message, the recipient would simply use the key to reverse the process. But there's a big problem with Caesar's cipher. Anybody can easily break or crack the encrypted message by trying every possible key. In the English alphabet, there are only 26 letters, which means you'd only need to try, at most, 26 keys to decrypt the message. Now, trying 26 possible keys isn't very hard. It would take, at most, an hour to do. So let's make it harder. Instead of shifting every letter by the same amount, let's shift each letter by a different amount. In this example, a 10 digit key shows how many positions each successive letter will be changed to encrypt a longer message. (typewriter keys clacking) Guessing this key would be really hard. Using 10 digit encryption, there could be 10 billion possible key solutions. Obviously, that's more than any human could ever solve. It would take many centuries, but an average computer today would take just a few seconds to try all 10 billion possibilities. So in a modern world, where the bad guys are armed with computers instead of pencils, how can you encrypt messages so securely that they're too hard to crack? Now, "too hard" means that there are too many possibilities to compute in a reasonable amount of time. Today's secure communications are encrypted using 256 bit keys. That means a bad guy's computer that intercepts your message, would need to try this many possible options until they discover the key and crack the message. (robot bleeps and beeps) (energetic music) Even if you had a hundred thousand super computers, and each of them was able to try a million billion keys every second, it would take trillions of trillions of trillions of years to try every option, just to crack a single message protected with 256 bit encryption. Of course, computer chips get twice as fast, then half the size every year or so. If that pace of exponential progress continues, today's impossible problems will be solvable just a few hundred years in the future, and 256 bits won't be enough to be safe. In fact, we've already had to increase the standard key length to keep up with the speed of computers. The good news is, using a longer key doesn't make encrypting messages much harder, but it exponentially increases the number of guesses that it would to crack a cipher. When the sender and the receiver share the same key to scramble and unscramble a message, it's called symmetric encryption. With symmetric encryption, like Caesar's cipher, the secret key has to be agreed on ahead of time by two people in private. That's great for people, but the internet is open and public, so it's impossible for two computers to meet in private to agree on a secret key. Instead, computers use asymmetric keys, a public key that can be exchanged with anybody and a private key that is not shared. The public key is used to encrypt data and anybody can use it to create a secret message, but the secret can only be decrypted by a computer with access to the private key. How it works is with some math that we won't get into right now. Think of it this way, imagine that you have a personal mailbox where anybody can deposit mail, but they need a key to do it. Now, you could make many copies of the deposit key, and send one to your friend or even just make it publicly available. Your friend, or even a stranger, can use the public key to access your deposit slot and drop a message in, but only you can open the mailbox with your private key to access all of the secret messages you've received. You can send a secure message back to your friend by using the public deposit key to their mailbox. This way, people can exchange secure messages without ever needing to agree on a private key. Public key cryptography is the foundation of all secure messaging on the open internet including security protocols known as SSL and TLS which protect us when we're browsing the web. Your computer uses this today. Any time you see the little lock or the letters https in your browser's address bar, this means your computer is using public key encryption to exchange data securely with the website you're on. (energetic music) As more and more people get on the internet, more and more private data will be transmitted, and the need to secure that data will be even more important. As computers become faster and faster, we'll have to develop new ways to make encryption too hard for computers to break. This is what I do with my work, and it's always changing. (energetic music)