Security; Privacy; Algorithms
Encryption is the encoding of information so that only those who have access to a password or encryption key can access it. Encryption protects data content, rather than preventing unauthorized interception of or access to data transmissions. It is used by intelligence and security organizations and in personal security software designed to protect user data.
Encryption is a process in which data is translated into code that can only by read by a person with the correct encryption key. It focuses on protecting data content rather than preventing unauthorized interception. Encryption is essential in intelligence and national security and is also common in commercial applications. Various software programs are available that allow users to encrypt personal data and digital messages.
The study of different encryption techniques is called “cryptography.” The original, unencrypted data is called the “plaintext.” Encryption uses an algorithm called a “cipher” to convert plaintext into ciphertext. The ciphertext can then be deciphered by using another algorithm known as the “decryption key” or “cipher key.”
A key is a string of characters applied to the plaintext to convert it to ciphertext, or vice versa. Depending on the keys used, encryption may be either symmetric or asymmetric. Symmetric-key encryption uses the same key for both encoding and decoding. The key used to encode and decode the data must be kept secret, as anyone with access to the key can translate the ciphertext into plaintext. The oldest known cryptography systems used alphanumeric substitution algorithms, which are a type of symmetric encryption. Symmetric-key algorithms are simple to create but vulnerable to interception.
In asymmetric-key encryption, the sender and receiver use different but related keys. First, the receiver uses an algorithm to generate two keys, one to encrypt the data and another to decrypt it. The encryption key, also called the “public key,” is made available to anyone who wishes to send the receiver a message. (For this reason, asymmetric-key encryption is also known as “public-key encryption.”) The decryption key, or private key, remains known only to the receiver. It is also possible to encrypt data using the private key and decrypt it using the public key. However, the same key cannot be used to both encrypt and decrypt.
Asymmetric-key encryption works because the mathematical algorithms used to create the public and private keys are so complex that it is computationally impractical determine the private key based on the public key. This complexity also means that asymmetric encryption is slower and requires more processing power. First developed in the 1970s, asymmetric encryption is the standard form of encryption used to protect Internet data transmission.
Authentication is the process of verifying the identity of a sender or the authenticity of the data sent. A common method of authentication is a hashing algorithm, which translates a string of data into a fixed-length number sequence known as a “hash value.” This value can be reverted to the original data using the same algorithm. The mathematical complexity of hashing algorithms makes it extremely difficult to decrypt hashed data without knowing the exact algorithm used. For example, a 128-bit hashing algorithm can generate 2128 different possible hash values.
In order to authenticate sent data, such as a message, the sender may first convert the data into a hash value. This value, also called a “message digest,” may then be encrypted using a private key unique to the sender. This creates a digital signature that verifies the authenticity of the message and the identity of the sender. The original unhashed message is then encrypted using the public key that corresponds to the receiver's private key. Both the privately encrypted digest and the publicly encrypted message are sent to the receiver, who decrypts the original message using their private key and decrypts the message digest using the sender's public key. The receiver then hashes the original message using the same algorithm as the sender. If the message is authentic, the decrypted digest and the new digest should match.
Encryption can be based on either hardware or software. Most modern encryption systems are based on software programs that can be installed on a system to protect data contained in or produced by a variety of other programs. Encryption based on hardware is less vulnerable to outside attack. Some hardware devices, such as self-encrypting drives (SEDs), come with built-in hardware encryption and are useful for high-security data. However, hardware encryption is less flexible and can be prohibitively costly to implement on a wide scale. Essentially, software encryption tends to be more flexible and widely usable, while hardware encryption is more secure and may be more efficient for high-security systems.
—Micah L. Issitt
Bright, Peter. “Locking the Bad Guys Out with Asymmetric Encryption.” Ars Technica. Condé Nast, 12 Feb. 2013. Web. 23 Feb. 2016.
Delfs, Hans, and Helmut Knebl. Introduction to Cryptography: Principles and Applications. 3rd ed. Berlin: Springer, 2015. Print.
History of Cryptography: An Easy to Understand History of Cryptography. N.p.: Thawte, 2013. Thawte. Web. 4 Feb. 2016.
“An Introduction to Public Key Cryptography and PGP.” Surveillance Self-Defense. Electronic Frontier Foundation, 7 Nov. 2014. Web. 4 Feb. 2016.
Lackey, Ella Deon, et al. “Introduction to Public-Key Cryptography.” Mozilla Developer Network. Mozilla, 21 Mar. 2015. Web. 4 Feb. 2016.
McDonald, Nicholas G. “Past, Present, and Future Methods of Cryptography and Data Encryption.” SpaceStation. U of Utah, 2009. Web. 4 Feb. 2016.