Encryption is a technology that keeps websites, data and communications secure both on and off of the internet. It's not only used to secure financial transactions, but most communication and data exchange on the internet uses some form of encryption to protect users. Since this technology is so prevalent throughout all facets of the IT industry, it's important for people to understand the basics of encryption.
What is encryption?
Encryption has actually been used for thousands of years. In simplest terms, encryption is a way of altering a document so that the data is unreadable to people other than the ones intended to receive the information.
In order to perform an encryption, you need to use a procedure to alter each word or character in a consistent pattern. This repetitive pattern is what coders refer to as an "algorithm." If you know what pattern was used to change the characters, you can "decrypt" and reverse the encryption process so that the information is readable again.
The solution to revert a document back to normal is called a decryption "key" because when a document is in a scrambled encrypted state, your machine will not be able to open it without a key. If there is no key or the key is lost, then the data is usually unrecoverable, unless it's an old or weak encryption that can be solved by modern hacking techniques.
Some of the oldest known examples of encryption are hieroglyphs appearing in Egyptian tombs built in approximately 1900 BCE. The inscribers intentionally altered the hieroglyphs from the standard language practices to either fool or possibly amuse literate people of that era.
One of the first practical encryption schemes was the alphabet shifting code used by Julius Caesar. In this case, each letter was replaced by one three letters higher on the alphabet so that it appeared as unreadable gibberish. The recipient would then shift all the letters back three letters in the alphabet to revert the words back to a readable state.
A famous example of encryption was the "enigma code" that the Germans used in World War II to hide military communications. No one was able to decipher the code until a British mathematician named Alan Turing invented the world's first programmable digital computer for the purpose of hacking the code. The story of Alan Turing was the subject of a recent movie entitled "The Imitation Game."
Modern encryption concepts
Modern encryption differs from older forms mainly through the use of sophisticated cryptography techniques. Cryptography is a method of hiding the original data in a document through the use of a "cipher." A cipher, in basic terms, switches or transposes letters and numbers in a data file to hide the information from someone who is not authorized to read it.
The word "cipher" is also used to refer to the solution "algorithm" that is used to unscramble the encrypted data. Consequently, the terms "key" and "cipher" are interchangeable. When a cipher transforms a data file, the result is referred to as "ciphertext." The readable text, in this context, is called "plaintext."
Encryption is used today in almost all types of internet communications including email, banking, messaging, basic web surfing and form submission. In order to have a basic grasp of modern encryption technology, there are a few concepts that you should be familiar with.
A hash is a method for hiding private information that is somewhat different from an encryption algorithm. Hash functions scramble the original data without any intention of reversing the process. Hashing is often used to verify passwords and file downloads by comparing the hashed versions without the need to read the original data. This makes it much more difficult for third parties to intercept the private data.
When encryption keys use a password as part of the process, one of the steps is called "salting," which adds extra random data in a hash function to provide a more hidden transaction. This is a way to thwart a hacker that is capable of reversing a normal hash function and retrieve your password.
This type of encryption method uses public and private keys for encryption and decryption. Both of the keys are very long numbers that are used together to add a greater level of security to the process. The public key can be shared with anyone, while the private key is a secret number that is only intended for one person. This is an enhanced protocol that is used with many current encryption systems in browsers, software programs and computer networks.
Types of modern encryption
There are many types of encryption technology used for network communications and data protection. The following examples are a few that you will encounter frequently.
HTTPS and SSL
You've probably noticed the HTTP and HTTPS at the beginning of the URL in your browser's address bar when you visit a website. HTTP stands for hypertext transfer protocol, which is the protocol used for websites that use various scripting languages like HTML. When there is an "S" at the end, it means it provides a secured connection using the SSL encryption protocol.
SSL stands for Secure Socket Layer and it's the protocol that is generally used to keep most web communications secure. This is especially important for sharing sensitive data such as bank transactions, online payments and any other instances where you're inputting personal information. In order to use SSL, websites need to obtain a certificate that verifies that they're a trusted site.
DES stands for the Data Encryption Standard, and it is an older symmetric encryption protocol that was used with a single key. This technology was developed in the early 1970s by IBM and approved for standard use in 1977. It's no longer secure because of the short length of the 56-bit decryption key, and it was later replaced with a more secure Triple DES encryption. Today this has been superseded by AES, the Advanced Encryption Standard.
This type of encryption, which was established in 2001, utilizes three different key lengths: 128, 192 and 256 bits. It uses a block cipher, which means that the encryption is performed on a fixed-length group of bits. AES also has an extra feature of security because it executes numerous cycles of encryption. This technology is the standard used by the US government for classified information and it's a common technology used to secure stored files.
This type of encryption was named after its three inventors, Rivest, Shamir and Adelman. It features an algorithm that is based on factoring extremely large numbers. It's one of the most secure types of encryption, but it takes a lot of processing power to execute, so it tends to be rather slow. RSA is a standard protocol for some types of very private data, especially when it's transferred over the internet.
PGP (recently discovered flawed)
PGP stands for "Pretty Good Privacy," but it looks like it no longer lives up to its name. This encryption protocol is commonly used to sign emails, documents, hard disks and other data. Security researcher Sebastian Schinzel found a flaw in the popular technology that could allow recovery of the original plaintext. This is the most popular form of encryption for emails, so it could pose a widespread problem if people don't act soon to switch to a different type of email encryption.
Encryption is a broad topic that has a lot of variations and some intricate math at its core, but you don't need to be concerned with the technical details as long as you understand the basic principles. Stay on top of the latest trends and standards so you can keep your transactions, identity and data secure.