Encryption Demo

AES (Symmetric Encryption):

• Uses one key for both encryption and decryption
• Very fast - can encrypt large amounts of data quickly
• Problem: How do you securely share the key?
• Like a physical lock - same key locks and unlocks

RSA (Asymmetric Encryption):

• Uses two keys - public key encrypts, private key decrypts
• Slow - 100-1000x slower than AES
• Solves key distribution - public key can be shared openly
• Like a mailbox - anyone can drop in mail (public), only owner retrieves (private)

Use AES when:

• Encrypting large files or databases
• You already have a secure way to share the key
• Speed is important
• Examples: Full disk encryption, encrypted backups, VPN connections

Use RSA when:

• Need to establish secure communication without prior key exchange
• Digital signatures (prove who sent a message)
• Encrypting small pieces of data (like AES keys)
• Examples: SSL/TLS handshake, email encryption (PGP), SSH keys

Use Both (Hybrid) when:

• Most real-world applications!
• RSA encrypts an AES key, then AES encrypts the actual data
• Examples: HTTPS, PGP email, secure messaging apps

RSA uses two mathematically related keys:

• Public Key: Can be shared with anyone. Used to encrypt messages.
• Private Key: Must be kept secret. Used to decrypt messages.

Key properties:

• Messages encrypted with public key can ONLY be decrypted with private key
• It's computationally infeasible to derive private key from public key
• Keys are generated together as a matched pair

Digital Signatures (reverse):

• Sign with private key, verify with public key
• Proves the message came from the private key holder

AES is fast because:

• Simple operations: XOR, bit shifts, table lookups
• Hardware acceleration available (AES-NI on modern CPUs)
• Optimized for bulk data processing

RSA is slow because:

• Requires modular exponentiation with huge numbers (2048+ bits)
• Mathematically complex operations
• Security depends on computational difficulty

Speed comparison:

• AES: Can encrypt ~1 GB/second on modern hardware
• RSA: Can encrypt ~1 MB/second (1000x slower!)

AES Key Sizes:

• 128-bit: 2^128 possible keys - secure for most uses
• 192-bit: 2^192 possible keys - high security
• 256-bit: 2^256 possible keys - maximum security (used by governments)

RSA Key Sizes:

• 1024-bit: Deprecated - can be broken with sufficient resources
• 2048-bit: Current standard - secure until ~2030
• 4096-bit: High security - significantly slower but more secure

Important: Can't directly compare AES and RSA key sizes!

• RSA-2048 ≈ AES-112 in security strength
• RSA-3072 ≈ AES-128 in security strength

When you visit an HTTPS website:

1. Handshake (RSA):
   • Server sends its public key (in SSL certificate)
   • Browser verifies certificate
   • Browser generates random AES key
   • Browser encrypts AES key with server's RSA public key
   • Server decrypts AES key with its RSA private key
2. Data Transfer (AES):
   • All subsequent data encrypted with AES
   • Fast encryption for images, HTML, etc.
   • Both sides have the same AES key

Why hybrid? RSA solves key distribution, AES provides speed!

AES-256:

• 2^256 possible keys
• Even if you tried 1 trillion keys per second, it would take longer than the age of the universe
• No known practical attacks

RSA-2048:

• Requires factoring a 2048-bit number into two primes
• Current records: 829-bit number factored (took years)
• 2048-bit is considered secure until at least 2030
• Quantum computers could break RSA (but not available yet)

Weak points are usually:

• Weak passwords (not the encryption itself)
• Implementation bugs
• Side-channel attacks (timing, power analysis)
• Social engineering (tricking users)