Rate this article: (13 votes, average: 3.85)
“What is RSA encryption?” and “What is an RSA algorithm?” These are two of the first questions someone who hasn’t dealt with SSL/TLS certificates before asks when they come across the term “RSA.” RSA is a term quite commonly used when it comes to cryptography. RSA is a modern cryptographic algorithm that encrypts and decrypts data. It was invented by mathematicians named Rivest, Shamir and Adleman (hence where the name “RSA” was derived) in year 1978.
Today, RSA is the most widely used public key encryption method. Wait, you don’t know what public key encryption is? Well, we can help because you can’t understand RSA without understanding that first. So, let’s get to learning then!
It’s no secret that data encryption is one of the significant foundations of today’s web security. But what many are not aware of is that there are two major ways this encryption is done. The first one is symmetric encryption and the other one is asymmetric encryption, or what’s also known as public key encryption. Let’s explore that latter.
Public key encryption is an encryption method in which two distinct but mathematically related keys are used to encrypt and decrypt data. One key is called a public key and the other one is called a private key. The public key, as the name suggests, can be shared with anybody and the private key is kept secret.
In this method, one key is used to encrypt a message and the other is used to decrypt it. As a result, only the intended recipient will receive the message and no unauthorized third party can come in and steal the data via a ‘man-in-the-middle attack. Public key cryptography ensures three fundamental requirements of data security:
Public key encryption ticks all the boxes, and that’s why it’s widely used in website security through SSL/TLS certificates.
Tip: You can typically save a significant amount by buying your SSL certificate direct instead of through your web hosting company.Shop Now
So, you’re still wondering what an RSA algorithm is. An RSA algorithm is the most popular public key encryption technique used today. What RSA encryption is used for is encrypting website data, emails, software, etc.
RSA algorithm works on the prime factorization method to encrypt and decrypt the data. It works by factoring a gigantic integer based on the multiplication of random prime numbers (n = p * q). The multiplication of these two number is easy, but determining these two numbers from the product of them is almost impossible.
First, two extremely large numbers, p and q, are generated using the Rabin-Miller primality test algorithm. A modulus, n, is derived by multiplication of these numbers. The length of this number is expressed in bits and its length is called “key length.” An exponent named e is used in the public key and it’s usually set at 65,537. This number isn’t kept a secret as it’s a part of the public key, which is available to everyone. Another exponent, d, is also used, although it’s kept private as it’s part of the private key. The private key is calculated using the modulus n and private exponent d, which is derived through the Extended Euclidean algorithm to find the multiplicative inverse with respect to the totient function of n.
Many people disagree about whether the RSA algorithm is truly secure. Well, this doesn’t have a simple answer because the strength of the RSA algorithm totally depends upon the key length (entropy) that you apply. The larger the size of the key, the harder it is to crack.
In 2009, a team of academics cracked a 768-bit RSA key through factoring. This operation was done using hundreds of computers and lasted for two years. Since that time, we’ve witnessed a remarkable rise in the computing power, and with the potential of quantum computing on the horizon, there is a possibility that such an attempt could crack a much larger key. However, doing so with modern resources is highly impractical because of the resources and time it takes. That’s why this type of threat is beyond the capabilities of most hackers.
The National Institute of Standards and Technology (NIST) recommends minimum key size of 2048 bits. In SSL/TLS certificates, key length of 2048 bits is generally used. This puts it well above the wrath of hackers and makes your communication safe. However, alternate algorithms such as elliptic curve cryptography (ECC) have started taking its place. It’s expected that RSA will be replaced by newer algorithms by 2030. But as things currently stand, RSA is still quite safe and it doesn’t put your security at risk.
We hope this article answers your questions about “what is an RSA algorithm in cryptography?” and “what is RSA encryption used for?”