AP CSP Day 21: Encryption & Security Tradeoffs

Key Concepts

Encryption transforms readable data (plaintext) into an unreadable format (ciphertext) using a key, protecting it from unauthorized access during transmission or storage. Public key cryptography uses a public key to encrypt and a private key to decrypt, enabling secure communication without sharing a secret key in advance. AP CSP exam questions about encryption often ask students to identify what encryption protects against and what it does not. A key tradeoff is that stronger encryption improves security but requires more computational resources.

📚 Study the Concept First (Optional) Click to expand ▼

Encryption and Security Tradeoffs

What Is Encryption?

Encryption transforms readable plaintext into unreadable ciphertext using a mathematical algorithm and a key. Only someone with the correct key can decrypt the ciphertext back into plaintext. Encryption protects data confidentiality during transmission and storage.

Symmetric vs. Public Key

Symmetric encryption uses the same key to encrypt and decrypt, which is fast but requires the key to be shared securely beforehand. Public key (asymmetric) encryption uses a public key to encrypt and a private key to decrypt, solving the key-sharing problem.

Common Trap: Thinking encryption prevents all attacks. Encryption protects data in transit and at rest, but does not prevent phishing, weak passwords, or attacks on the endpoints where data is decrypted.
Exam Tip: Know what encryption does protect (data confidentiality, man-in-the-middle interception) and what it does not protect against (stealing the decrypted data from an unlocked device).
Big Idea 4: Computing Systems & Networks
Cycle 1 • Day 21 Practice • Medium Difficulty
Focus: Encryption & Security Tradeoffs

Practice Question

A website uses HTTPS instead of HTTP. Which of the following best describes what HTTPS provides?

Why This Answer?

HTTPS uses TLS/SSL encryption to protect data during transmission between the browser and server. This prevents third parties from reading or tampering with the data while it travels across the network.

Why Not the Others?

A) HTTPS can add slight overhead due to encryption processing; it does not make sites faster. C) HTTPS secures the communication channel but does not scan or prevent malware on the site itself. D) HTTPS protects data in transit — it says nothing about the truthfulness or accuracy of the website's content.

Common Mistake
Watch Out!

Students think the padlock icon (HTTPS) means a website is completely safe or trustworthy. HTTPS only protects data in transit — it does not verify content quality or prevent all security threats.

AP Exam Tip

HTTPS = encrypted connection. It protects data IN TRANSIT only. A malicious website can still use HTTPS. Do not equate HTTPS with overall website safety.

← Previous Day Back to Hub Next Day →

Keep Practicing!

Consistent daily practice is the key to AP CSP success.

AP CSP Resources Get 1-on-1 Help
Back to blog

Leave a comment

Please note, comments need to be approved before they are published.