Every message you send, every card number you type, every password you enter travels through wires and radio waves that anyone with the right equipment can listen to. The reason that isn't a catastrophe is encryption: a way of scrambling data so thoroughly that eavesdroppers see only garbage, while the intended recipient recovers every bit perfectly. The remarkable part is not that scrambling is possible. It's that unscrambling can be made easy for exactly one party and practically impossible for everyone else.

This cluster goes deeper. Five articles cover the machinery: this one frames the whole picture, then symmetric vs asymmetric encryption explains the two key families and why real systems use both, hash functions explained covers the one-way fingerprints that hold the internet together, RSA in plain English walks through the famous prime-number trapdoor with arithmetic you can check by hand, and what TLS actually does shows how all of it combines every time your browser shows a padlock.

The core move: plaintext, ciphertext, key

Strip away the math and encryption is one transformation. You start with plaintext, meaning the readable data (a message, a file, a credit card number). You feed it through a cipher, a precisely defined scrambling procedure, together with a key, a secret number. Out comes ciphertext: data that looks like random noise. Feed the ciphertext back through with the right key and the plaintext comes out intact. Feed it through with the wrong key and you get more noise.

The essential design decision of modern cryptography is where the secrecy lives. It does not live in the cipher. AES, RSA, and every other serious algorithm is published, taught in universities, and picked over by hostile experts. All the secrecy is concentrated in the key. This idea is old enough to have a name, Kerckhoffs' principle, from the 1880s: assume the enemy knows your system, and rely only on the key.

Why design it that way? Because a secret algorithm is a fragile thing. It leaks, it gets reverse-engineered, and worst of all, nobody qualified ever checks it for flaws. A public algorithm that has survived decades of open attack is trustworthy in a way no secret recipe can be. Keys, by contrast, are cheap: if one leaks, you generate another.

How hard is the wrong-key problem? A 256-bit key is one number out of 2^256 possibilities, which is roughly a 1 followed by 77 zeros. If you turned every computer on Earth to guessing keys, you would not cover a meaningful fraction of that space before the sun dies. Modern ciphers are built so that guessing is the best available attack, which turns "secret" into a statement about arithmetic rather than about hoping nobody looks.

The two families and why you need both

Encryption comes in two flavors, and the difference is entirely about keys.

Symmetric encryption uses one key for both directions: the same secret locks and unlocks. It is the ordinary padlock of cryptography. The standard algorithm is AES, selected by the US standards body NIST in 2001 after a public worldwide competition, and it is fast enough that your phone encrypts video streams with it in real time, usually with dedicated hardware support.

Symmetric encryption has one famous weakness, and it isn't the math. It's logistics. Both sides need the same key, and you cannot send the key over the same channel you're trying to protect. Encrypting the key would require another shared key, and now you're chasing your own tail. For centuries this was solved with couriers and sealed briefcases, which does not scale to a world where your browser needs to talk secretly to a server it has never met.

Asymmetric encryption, invented publicly in the 1970s, breaks the loop. Each party gets a mathematically linked pair of keys: a public key anyone may see, and a private key that never leaves its owner. What the public key locks, only the private key unlocks. Now a stranger can send you a secret without any prior arrangement: they look up your public key, encrypt, and only you can read the result. The trick behind it is a mathematical one-way street, an operation easy to perform and brutally hard to reverse. RSA builds its one-way street from prime numbers (RSA in plain English walks through it with numbers small enough to check on paper); elliptic-curve systems build a steeper street from different math and get equal security from much shorter keys.

Asymmetric encryption is thousands of times slower than symmetric, so real systems use it sparingly: asymmetric math to agree on a fresh symmetric key, then AES for the actual data. The full logic of that hybrid design is covered in symmetric vs asymmetric encryption.

The third tool: hashing

Alongside the two encryption families sits a tool that often gets lumped in with them but does something fundamentally different. A hash function takes any input, of any size, and produces a short fixed-size fingerprint, called a hash or digest. Change one bit of the input and the fingerprint changes beyond recognition. Crucially, the street runs one way for everybody: there is no key, and no way for anyone to reconstruct the input from the fingerprint.

That sounds less useful than encryption until you notice how many problems are really fingerprint problems. Did this file arrive unmodified? Compare hashes. Is this the password you registered with? Compare hashes, so the server never needs to store the password itself. Did anyone tamper with this signed document? The signature is built on its hash. Hashing is arguably the most-used cryptographic operation on the planet, and its failure modes, like the broken MD5 and SHA-1 algorithms, make instructive stories. The details, including why password storage needs deliberately slow hashing, are in hash functions explained.

Where TLS puts it all together

If you want to see all three tools working as a team, look at the padlock in your browser. TLS, the protocol underneath HTTPS, runs a short opening ceremony called a handshake: asymmetric cryptography lets your browser and the server agree on a fresh secret key even though they have never met and the whole exchange happens in the open; certificates and digital signatures prove the server is who it claims to be; and then everything switches to fast symmetric encryption, with hashes verifying that nothing was altered in transit. The current version, TLS 1.3, standardized in 2018, does all of this in a single round trip. The step-by-step version lives in what TLS actually does.

What encryption does not do

It's worth being honest about the limits, because most real-world failures live there. Encryption protects data in transit and at rest, but not at the endpoints: if your device is compromised, the attacker reads the plaintext just like you do. It hides content, not metadata: an observer can often still see who talked to whom, when, and how much. And it cannot fix key management done badly; a perfectly encrypted vault with the key taped to the door is just a door.

None of this diminishes the achievement. It just locates it. Encryption converts the enormous, messy problem of "keep secrets in a hostile world" into the small, sharp problem of "protect this one key," and that conversion is what the rest of this cluster explores. It belongs to the same family of hidden everyday machinery, like refrigeration or radio, that NerdSip's five-minute explainers cover for people who like knowing how things work under the hood.

The takeaway

Encryption is a public recipe with a private ingredient. Symmetric ciphers like AES do the heavy hauling; asymmetric systems like RSA and elliptic curves solve the impossible-sounding problem of establishing secrets with strangers; hash functions provide unforgeable fingerprints without any key at all. Every secure connection you have ever made is these three tools, in that arrangement, running in a few milliseconds. The four supporting articles take each piece apart slowly enough to see the gears.