# A quick lesson on blockchain for accountants: Part 3 – cryptography

Following from the previous two posts,  today I will explain cryptography in the simplest way I can – in reality, it is more complicated. However, a basic understanding is useful to appreciate blockchain – which will be the final post on this topic.

Cryptography is the art/task of creating and solving codes. Messages have been sent in code from centuries, and you can read a good summary of some methods here. The basic idea of cryptography is to render communications unreadable to the human eye by mixing up inputs (e.g. letters) to give a different output. One of the more famous uses of cryptography was the Enigma machine used by the German armed forces during WWII.  The Enigma worked by scrambling letters into other letters and relied on the sending and receiving machines being set up the same. The set up was from three initial letters, resulting in over 17,576 (26^3) combinations. As you may know, it took a computer and some captured settings to break the Enigma code.

Move forward 70 years and a lot of information sent today over the internet uses some form of cryptography. There are two basic forms 1) encryption and 2) hashing. Encryption is what the Enigma did, an original message was scrambled on one end, sent via morse code, and de-scrambled on the other end. Hashing only involves scrambling. It uses an algorithm to derive a fixed length string which is different from the original text. A good example is a password. Passwords are usually not stored on servers in their original form, but as a hash value. If you enter a password, it is run through the algorithm and if it matches the stored hash value, you’re in. A commonly used hash is SHA256, which has 2^256 possible combinations – let’s just say that is a big number.

Encryption, as mentioned above, is a two-way thing. While I could write a lot more, let me try to keep it simple and explain the most common form, which is asymmetric encryption.  First though, let us remind ourselves that encryption means some form of setup or code is needed, which is usually referred to as a key. In asymmetric encryption, there are two keys, a public key and a private key. Here is a simple example of how this works. Let’s say I want to send you an encrypted message. Your public key is sent out to anyone who may want to send messages to you. To send the message, I use your public key to encrypt it, so the message is secure when sent across any networks. When you receive the message, your private key unscrambles it. Only the combination of these pair of keys can do this, making the system quite secure. An example of an asymmetric encryption protocol (or set of rules) is TLS (Transport Layer Security) which is embedded within most operating systems and web browsers. It also offers 256 bit security, which is 2^256 – see more about TLS here.  The current agreed TLS version is 1.2, and below you can see it is embedded within my version of Windows.

So, to sum up, encryption is complicated, but it is commonplace in our daily lives and apps. So can it be broken/cracked? Yes, but it would take a long long long time. See a great infographic below which details how long it would take to crack the code/cipher used in AES 256 – which is used by the TLS protocol mentioned above.

So now you know a little about cryptography, the next post in this series will cover blockchain.