Encrypting a piece of information involves protecting it by turning it into an unreadable mess for unauthorised viewers, but making it perfectly legible for its intended audience.
The scrambled version is called ciphertext, and to anyone without the key to decrypt it, it looks like a meaningless array of random characters. The way that this obfuscation is achieved is with a cryptographic key: a set of mathematical values that is agreed upon by both parties.
To encrypt and decrypt data, secure encryption will use keys that are so complicated that an attacker who intercepts the data will not be able to guess the key, no matter how many attempts they make. The simple approach is known as a brute force attack. Data encryption can take place during storage or transmission.
What is a cryptographic key?
In cryptography a key is a character string used within an encryption algorithm to alter data to make it look randomised. As with the kind of key that you would use to open your front door, it locks and unlocks the data (encrypts and decrypts it). Without the key the attacker would need to make guesses which could quite literally take millions of years.
How do encryption types differ?
Symmetric and asymmetric (aka public key) encryption are the two most prominent types. With the former, there is a single secret key, which those involved use both to encrypt and decrypt the information. With the latter type of encryption, there are a pair of keys, one for each task. The decryption key stays private while the encryption key is publicly shared, meaning anyone can use it). Asymmetric encryption technology is the basis for TLS (often referred to as SSL).
Why do we need data encryption?
Privacy: Encryption makes data unreadable for anyone other than permitted users whether it’s in transit or in storage. There are so many governmental, criminal, and commercial interests that now have both the means and desire to access our personal data that encryption has become an essential protection in the modern digital landscape.
Security: Data breaches can be costly for commercial, political, medical, military and other organisations. Sensitive data that has been released to the public cannot be unreleased so with prevention being better than cure, encryption is mandatory practice within many different industries now. This means that even when mistakes are made, such as a laptop being inadvertently left on a train by a government minister (as has happened in the UK) an encrypted hard drive ensures that the data it contains is still secure.
Data integrity: Encryption helps to prevent nefarious activities such as on-path attacks. With so much data in transit these days it’s important to be sure that it cannot be altered by a third party while in transit.
Authentication: one of public key encryption’s benefits is that it can be used to ensure that the website is genuine and so is the private key shown in its TLS certificate. This gives its users confidence that the site they are accessing is the genuine one.
Regulations: governments are aware of all the vulnerabilities that we have covered and for this reason have created regulations which stipulate the ways in which organisations should manage and encrypt user data. Such standards include HIPAA, PCI-DSS, and the GDPR.
What is an encryption algorithm?
An encryption algorithm turns information into ciphertext and back into plaintext using the encryption and decryption keys to alter and restore the data in a consistent way.
What are some frequently used encryption algorithms?
Examples of frequently used symmetric encryption algorithms include:
Frequently used asymmetric encryption algorithms include:
- Elliptic curve cryptography