How Software Works: Encryption

How Software Works: Chapter 1

Encryption

Welcome to the first chapter of How Software Works—a series where we explore the inner workings of the technology that powers our digital lives. We’re kicking things off with a foundational concept in digital security: encryption.

What is Encryption?

We rely on software to protect our data every day, but the average person rarely stops to ask: How does this protection actually work?

Ever wondered how your phone password prevents unauthorized access? Or what stops attackers from logging into your Facebook, Google, or X account? The answer begins with computer security—and at the heart of that is encryption.

A Brief Look at Computer Security

Let’s start with a basic definition:
Computer security is the science of protecting digital data.

In many ways, computer security is technology’s solution to a problem created by technology itself.

Not long ago, people stored sensitive data in filing cabinets or shoeboxes under their beds. To steal that data, someone had to break into your home or office. Today, your bank details, private messages, and personal photos travel the world through the internet—and someone can steal them from the other side of the planet without you knowing.

In fact, you may only realize it happened when your bank calls to ask why you just spent KSH 300,000 on digital gift cards in another country.

This is where encryption comes in—why it’s important, and what it tries to solve.

What Encryption Does

Encryption lets us lock our data so that only we (or those we authorize) can unlock it. It’s not the only tool used in computer security, but it’s the most essential one.

The Goal of Encryption

Imagine a file on your device. It could be text, a photo, a spreadsheet, or a video. You want to keep it private—but also be able to access it easily.

Encryption allows you to convert that file into a new, scrambled format that appears meaningless to anyone without permission. This scrambled version is called ciphertext. When you want to read or view the original file again, you decrypt the ciphertext back into its original form—called plaintext.

Plaintext: The original readable data (even if it’s not text—could be an image, video, etc.)
Ciphertext: The unreadable, encrypted version of that data

Why Encryption Matters

Attackers—malicious hackers, criminals, or snoopers—try to decrypt ciphertext without having the proper key. Good encryption is designed to make this practically impossible.

Of course, just like no physical lock is truly unbreakable, no encryption scheme is theoretically unbreakable either. Given unlimited time and computational power, any encrypted data can eventually be cracked.

But modern encryption aims to make cracking so expensive—so computationally demanding—that it's useless to even try.

This is the key idea behind secure systems: make attacks infeasible rather than impossible.

Before we get into how encryption works in the digital age, let’s look at where it all began—before computers, when secrets were passed in whispers, codebooks, and handwritten messages.

Historical Roots: Ciphers and Spies

Even centuries before the internet, people had secrets worth protecting. Early forms of encryption were used by generals, kings, and spies. These simple methods laid the groundwork for today’s digital encryption.

Transposition: Same Data, Different Order

One of the simplest historical techniques is called transposition. It’s exactly what it sounds like—rearranging the letters or elements of a message into a new order.

For example, the message “MEET AT DAWN” could be scrambled as “TAM WNE EED” using a transposition scheme. The letters are all still there—but out of order.

Early transposition ciphers often relied on grids, patterns, or other agreed-upon structures. The trick was knowing the pattern to reverse the scrambling and reconstruct the original message.

However, once someone figures out the pattern, the encryption breaks. This leads us to a critical rule in modern cryptography.

Kerckhoffs’s Principle

In the 19th century, Dutch cryptographer Auguste Kerckhoffs proposed a key principle for any good encryption system:

The security of a system should depend only on the secrecy of the key—not the secrecy of the method.

This is still true today. Modern encryption algorithms (like AES or RSA) are publicly known and published. Anyone can study or use them—but without the key, they’re useless for decrypting data.

This naturally leads to the concept of...

Cipher Keys

If the encryption method itself isn’t secret, how is your data protected?

The answer is the cipher key. A cipher key is a secret, randomly generated value used during the encryption and decryption process. It ensures that even though everyone knows how the algorithm works, only those with the correct key can unlock the data.

So, while the algorithm might be standard, the key is unique to your data and must be kept secret.

What's Next?

In the next chapter of How Software Works, we’ll dive into symmetric and asymmetric encryption—two fundamental approaches to securing communication. We’ll explore how your web browser uses encryption when you visit a website, and what’s really happening when you see that little padlock icon in the address bar.

Thanks for reading Chapter 1!
Feel free to share your thoughts, questions, or ideas you'd like me to cover next.