In simple words, converting a readable information(plain text) into something unreadable(also known as cipher text) to protect it from anyone who isn’t supposed to see it is what is called as Encryption. Encryption involves scrambling of a plain text to produce a cipher text with the help of a key.

Imagine you(Person A) want to send some physical item to a friend(Person B) sitting abroad. This thing is very personal and if it gets exposed both of you guys might get into some problem. So you pack the thing inside a box and lock it with a key. Both you and your friend have same copy of this key. You locked the box with the thing inside and send it to your friend. Your friend received the box and unlocked it with the same key he had and access the thing.

In this scenario, ‘A’ did encryption(boxing) whereas ‘B’ did decryption(unboxing). Since both of the parties use the same key to both encrypt and decrypt hence this process is known as ‘Symmetric Encryption’.

Below is the representation of how symmetric encryption works:

The key thing to note here is that the algorithm used here is just a mathematical formula which is designed to scramble the input whereas the key is used as a part of this formula. This algorithm is generic but the key, this is what ensures the uniqueness of the scrambled data.

Let’s understand one of the simplest encryption algorithm, called the Caesar Cipher.

This algorithm is a very basic one which simply replaces each alphabet with its subsequent character. Simply speaking, A becomes B, B becomes C and so on.

With this algorithm in play, “Hello” can become “Ifmmp” which isn’t readable hence known as the Cipher text.

This is a very poor algorithm and is rarely used in the industries as we all know a simple brute force can help us determine the actual input. Who would want their credit card information to be leaked this easily?

Modern encryption algorithms like AES-256 ensure proper uniqueness and hence are very secure from threats. I’ve myself used this algorithm in one of our company’s project. Considering the current computing capabilities, it could take almost a trillion year to decrypt this information.

Symmetric Encryption uses the same key for encryption and decryption. Hence, its very important that the key should be kept secure. Sharing this key could lead to security issues and your data can be easily exposed.

An effective strategy to use encryption algorithm is to generate the key at runtime.

This means, a new key is generated each time the data needs to be encrypted or decrypted. By new key, I mean that for a single transaction the key would remain same but for every new transaction it should be unique. After the session ends, you can either drop the key(if stored in the database) or you can expire it.

Symmetric Encryption is usually used for encrypting data at rest such as for files stored on a disk or a database. Databases that store sensitive information (like user credentials or payment details) often use symmetric encryption to secure that data when it is not actively being used.

This is it about Symmetric encryption. In future posts, we’ll dive deeper into other encryption techniques, including asymmetric encryption as well.

If you read it till here, I’d like you to please share your story in case you used this encryption algorithm in your experience. If not used, do consider giving it a try and if you liked this post, please like, comment and share to increase the reach. You can also follow me for more such content. I post on weekends. Thanks :)