THE GREY FILEFIELD NOTES FROM THE QUIET TRADE
← THE GREY FILE  ·  Tradecraft
Tradecraft

Encryption, in Plain Words

No math, no mysticism. Just what it does, what it doesn't, and the part everyone gets wrong.

Filed 01 Aug 2024 Anywhere FILE Nº TCR-0536 min Declassified — for field use

People treat encryption as a kind of magic, and I understand why. It looks like alchemy: a sentence goes in, gibberish comes out, and somewhere a sentence comes back. But there's no magic, and the moment you treat it as magic is the moment you start trusting it wrong. So let me explain it the way I'd explain it across a table, no equations, no jargon.

The whole idea in one breath

You take something readable — a message, a file, a list of names you'd rather no one saw. You run it through a process with a key. Out comes a scramble that means nothing to anyone. Only someone holding the matching key can run the process backward and get the readable thing again.

That's it. Plain text in, noise out, noise back to plain text for the one person meant to read it. Anyone who intercepts it along the way gets the noise and only the noise. To them it stays gibberish, forever, as long as they don't have the key.

The whole principle fits on a matchbook: without the key, the message is just static.

Two kinds of locks

There are two flavors, and the difference matters more than people realize.

The shared secret. The same key locks and unlocks. Fast, simple, efficient — wonderful when both ends already hold the same key. The problem is obvious the second you say it out loud: how do you get that key to the other person without it being seen on the way? You're back to the original problem, one layer down. Get the key across safely and this works beautifully. Fumble the handoff and you've handed everything over.

The key pair. Here it gets clever. You have two matching keys: one public, one private. The public one only locks. You can hand it to anyone — paint it on a wall, it doesn't matter. People use it to lock messages to you. The private one only unlocks, and it never leaves your hands. This solves the handoff problem, because the part you give away can't be used to read anything. The part that reads stays with you.

Both are sound. Both have been sound for decades. Which is exactly why the math is almost never where things break.

Where it actually fails

Strong encryption with sloppy key handling is not security. It's the feeling of security, which is more dangerous than having none. I've watched people armor a message with serious cryptography and then keep the key in a note on the same device, or text it to the recipient in the clear, or pick something a child could guess. The lock was magnificent. The key was under the mat.

The attacker who can't break your encryption doesn't try to. He goes after the key. He looks for where you wrote it down, who else holds it, whether you reused it somewhere weaker, whether he can simply ask you for it under a pretext. The cryptography is the strongest wall in the house, so no sensible adversary climbs it. He uses the door. There is always a door.

So the discipline isn't in the algorithm. It's in everything around it:

  • Where the key lives, and who else can reach it.
  • How the key got to the other person.
  • Whether you've used the same key in two places, so cracking one cracks both.
  • What happens to the key when the person holding it is careless, or compromised, or simply human.

What it gives you, honestly

Used properly, encryption does four good things. It keeps a message unreadable to anyone who grabs it in transit. It keeps a stolen file or drive useless to whoever took it. It can prove a message really came from who it claims. And it can show you whether something was tampered with on the way.

What it cannot do is fix bad habits. It won't save you if you encrypt the message and leave the original sitting next to it. It won't save you if your key is "password." And it absolutely will not save you if you treat the green padlock as permission to stop thinking.

Encrypt early, encrypt as a reflex, use modern tools that serious people trust — and then guard the key as if it were the only thing that mattered. Because it is.

Names and the list of names changed, naturally. The lesson cost someone the list, once.

The lock is rarely the weak point. The weak point is the man holding the key.

— M.