Symmetric algorithms are fantastic ways to encrypt and decrypt data. But symmetric algorithms have one big problem, you use the same key to encrypt that you do to decrypt. And in the real world that can cause some very serious issues. Now, in order to show you what those issues are, let me introduce you to my friends, Alice and Bob. Now, Allison Bob want to send each other encrypted data of some form or another. Now it doesn't matter at this point, what they're sending.
Alice could be a web server, and Bob could be a web browser or Alice and Bob could be sending each other encrypted email, or they could be talking on Skype. I don't care what they're actually doing. They simply want to send each other encrypted data. Now if we were to use a symmetric algorithm like eight, yes, that's a great algorithm. The only downside to it, yes is is that the same key that Alice is going to use to encrypt has to be used by Bob to decrypt. So how does Alice get the key to Bob That's where the problem comes in asymmetric encryption are vulnerable to people like Eve here who are listening in.
If Alice were to send the key via an email or something like that, then he could get a copy of it. And she could decrypt our encoded information. So this is always a big problem with symmetric types of encryption. The secret to getting around this problem is to not just use one key to both encrypt and decrypt. The secret is, is to use two keys, one key can only encrypt and one key can only decrypt. And this key can only encrypt in such a way that only this key can decrypt it.
So you can have a bunch of other keys. But if you don't have this key pair, and you don't have them set up the right way, you're not going to be able to do anything. So this is a very powerful idea. And we call this asymmetric encryption. So asymmetric encryption will always consist of what we call a key pair Now one key is one key, we just give out to anybody who wants it, you know, even the bad guys, go ahead have a copy of my key bad guy, because the only thing that this can do is encrypt data that can only be decrypted by this one. So this one that we send out to everybody, we call this the public key.
So we send this out to whoever wants it. Now, that way, somebody can go out there. And if I give them my public key, they can encrypt, and then send me something or if I've got a webpage, they can encrypt it and send it to me or whatever it is, they can send it to me and the only person who can decrypt from this public key is me with what we call the private key. So when we talk about asymmetric we're talking about two keys, a public key and a private key. Now, there's a whole bunch of ways to do this. And I want to go through some of the examples right now let's start with probably the granddaddy of all good old RSA.
RSA stands for rhythm Shamir and Edelman, three guys who got together and back in the late 1970s, came up with a whole bunch of algorithms and protocols, which are collectively known as RSA. Now, in this point, I want to cover the most basic parts. So RSA is an asymmetric algorithm. So that means we have to have a public and a private key, the public key encrypts and the private key decrypts. So RSA number one specifies how do you as an individual host, generate your own public and private key pair. And then secondly, how we go about sending public keys to people that we want to talk to.
Now, I don't know about you, but I find it utterly fascinating that somebody can use groovy math to take one algorithm and you take that one algorithm, you shove in a public key, you take some plaintext and outcomes ciphertext. Now you take the same algorithm, you pull out your public key, put in your private key, and you take that ciphertext and it comes out as plaintext. Well, it absolutely works. Now, the math behind RSA is pretty advanced and you don't need to know it for the exam. But I want to give you at least a little bit of a tease to get an idea of how all this works. So what I'd like you to do is talk about factoring a little bit.
So let's take the number 12, for example. Now, the factors are all the numbers that can be multiplied together to come up with 12. So just from experience, we know three times four equals 12. We know two times six equals 12. And of course, one times 12 equals 12. So it's fairly trivial for us for a small number like this, to come up with all the factors for the number 12.
Now, there are lots of numbers out there that can only be divided by themselves. Like for example, the number 11 is a number that can only be divided by itself, we call that eight prime numbers. So a prime number like 11 is fairly easy to look at. And we can say well, we can only multiply that times one and 11. But if you take two prime numbers, and you multiply them together, so 11 and 17 cents, We get what's known as a semi prime number, which is in this case 187. Now, if I had taken 11 and 17 away, and I said go ahead and factor that, how long do you think it would take you to do it?
It would take you a while. There is no easy groovy mathematical way to do factoring. All factoring is basically done by brute force. Now, again, because 180 sevens are relatively small number, you can figure that out. But how about if I generate a slightly larger semi prime number? Like, how about that?
I'll take a minute. In fact, I'll take 15 minutes right now on the video and let you go ahead and try to figure that one out. No, I'm kidding. I'm kidding. Let me go ahead and generate those answers for you. The bottom line is, is that it's very, very hard to factor.
So in the world of RSA, we start off with values that can be Oh, so like 40,096 bits long. So how about a number like this and that isn't even 4096 bits worth it. Do you think you could factor that one easily? Why don't you go ahead and get your best supercomputer and take a couple of hundred years. And you tell me what the two prime numbers are that generate this value. That's the cornerstone of RSA is to be able to take two large prime numbers multiplied together to generate a semi prime number.
The actual math behind this is while we complicated there are wonderful resources on the internet that you can look at if you really want to get into the math. But that is the process we use to generate our initial key pair. Now once we have that key pair, let's go ahead and use Alice and Bob and show you how an RSA key exchange takes place. Now, Alice and Bob want to communicate via RSA asymmetric encryption. So the first thing they're going to do is generate each of their own key pairs. And this is done through whatever software is supplied for that particular application.
And then they go about the process of exchanging their public keys. Now keep in mind, if he grabs one of these public keys, it doesn't really make any difference because Because the only thing he could do would be encrypt something and then send it to somebody else for them to decrypt. But there is a problem. And that is, what if Eve pretends to be Alice or Bob? Well, the RSA guys thought about that stuff ahead of time. And RSA includes all kinds of protocols that do things that include what we call authentication.
Now, we have entire episodes that cover all of this stuff. In fact, it boils down to digital signatures and certificates just to give you an idea, but that even goes beyond the basics of what I want to cover in this episode. So go ahead and check out those episodes if you really want to get into the details of what makes RSA very, very powerful. Now, RSA is great, but it's been around for a long, long time. When RSA first came out. It had very short keys, 256 bit keys, 512 bit keys, 1024 bit keys, and in the last few years, the internet folks have said if you're going to use RSA use at least a 2048 bit key as your absolute minimum size, because computers are getting better, and people are figuring out how to crack the smaller keys.
So even though RSA goes up to 40,096 4096, the problem that we run into is that these become big keys and people have to keep copies of keys and it becomes kind of a bit of a pain. And that's why we came up with a new type of methodology called ECC. elliptic curve cryptography, or ECC is probably about the hottest thing that's going on right now in terms of asymmetric algorithms. The power of ECC is that it can provide us very, very small keys that we could transfer around that have the same robustness as much larger RSA key. So right now, don't hold me to this because there's differences of opinion but Basically a 3072 bit RSA key can now be replaced with roughly a 256 bit ECC key. So that is one of the biggest benefits of ECC also generating these keys and going through the encryption decryption process is a lot faster than an RSA even that's arguable though.
The bottom line is that ECC is based on an elliptic curve formula that looks basically like this. So this formula, when plotted on a graph, will look well in one of many iterations will look something like this. So what you can actually do is you can plot a point on the curve, and through a lot of fascinating mumbo jumbo can generate a key pair that is extremely robust, extremely fast and extremely small compared to RSA. ECC is only now starting to come out in a big big way. But we're seeing it take over more and more every day.