Encryption: Locking a Message

When you open example.com and a small padlock appears next to the address, something is quietly protecting you. Your password, your card number, the messages you send — all of it is being scrambled so that anyone who happens to see it along the way reads only gibberish. That scrambling is encryption, and the idea behind it is older than computers and easier to grasp than it sounds.

Encryption means turning a readable message into a scrambled one that only the intended reader can turn back. The locked version can travel anywhere — past anyone — and stay safe, because only the right party holds what's needed to unlock it.

Readable messageon your computer

→

Encryptedscrambled in transit

→

Decryptedfor the recipient

Why does a message need locking at all?

Back in Chapter 6 you saw that data doesn't travel from your computer straight to a website. It hops through your home router, your internet provider, and a chain of other computers along the way, until it reaches the server. Every one of those hops is a computer that could, in principle, read what passes through it.

For a public web page that's harmless — the whole point is that anyone can read it. But the moment you type a password or a card number, you do not want every machine on the route to see it in plain text. The data is fine; the exposure is the problem.

Encryption solves exactly this. It lets your private data make the same journey, through the same untrusted hands, without any of them being able to read it.

What encryption actually does

Think of a locked box. You put your message inside, lock it, and hand it to a courier. The courier carries it across the city — but the box has no key, so the courier can't look in. Only the person you're sending it to has a key that opens that box. They unlock it and read the message.

Encryption is that locked box, done with math instead of metal. Scrambling the message is locking the box; that scrambled form is called the ciphertext — the unreadable version. Unscrambling it back into the original is unlocking the box, called decryption. The "key" is a secret only the intended reader has, so only they can decrypt.

The strength of this comes from one fact: without the key, unscrambling the message by guessing would take so long it's effectively impossible. So the locked message can travel through any number of hands. They can carry it, copy it, even block it — but they cannot read it. That's the whole promise.

The padlock and https

This is what the padlock by the address bar means. When a web address starts with https rather than http, the extra "s" stands for secure: everything between your browser and the server is encrypted. Your browser and the server agree on a shared secret key the moment they connect, then lock every message they exchange with it.

So when you log into example.com over https, your password is scrambled on your computer before it leaves, travels locked past every hop in between, and is only unscrambled once it reaches the server. The provider, the coffee-shop Wi-Fi, the routers in between — none of them see your password. They see ciphertext.

This is the simplified picture. The real handshake that sets up the shared key is cleverer than "they agree on a secret," and a security course covers it properly. But the result is exactly as described: a private channel through a public route.

What encryption does and doesn't hide

Encryption hides the contents of your messages, not the fact that you sent them. Over https, an observer on the network can still tell that your computer connected to example.com and exchanged some data — they just can't read what that data was. The envelope is visible; the letter inside is sealed.

It also doesn't stop someone from intercepting your data in the first place. Anyone on the route can still copy the scrambled message as it passes. Encryption doesn't make interception impossible — it makes interception useless, because what they copied is unreadable.