The Importance of Encryption

Smart decisions relating to privacy and security are made when decision maker's have a grasp of how encryption works.

You don't need to be Einstein's gift to mathematics but knowing the fundamentals of encryption enables you to choose intelligently what crypto-systems are best suited for you and your business.

Knowing the essentials will improve your security and help you to preserve your privacy.

What is encryption?

1. Encryption :- a means to transform readable data (plain text) into unreadable text (also known as cipher text), enabling you to send or store data in a unreadable form, keeping your communication confidential.

2. Decryption :- a method of tranforming unreadable text (cipher text) back into readable text (plain text).

When a google search result for a website begins with 'HTTPS://', this means all content on their web pages is unreadable to anyone seeing the data beyond them on the network. This could be anyone from the internet service provider, possibly your government - they will only see the destination domain.

This means anyone between you and google would only know you're using google but wouldn't know what you're searching for as end-to-end encryption is being used between your browser and the server.

 

You only need to think of two things when it comes to encryption:

1. The algorithm :- This is publically known and gets scrutinised by people to determine the strength of it.

2. The Key :- This is secret. Think of the key like a password. You really must keep this secret.

The algorithm is like a padlock and the key is the key to that padlock. It's as simple as that.

The algorithm and key combination is determined by substituting and transposing the plain text characters. Basically, they move and change the characters around - like an 'A' to the 'Z'.

It is worth noting if either the algorithm or the key are weak; the encryption is depleted too.

Say you want to send a file to a friend. You don't want anyone reading the file except your friend so you wish to deny access to it. You can download something called 'WinZip'. This tool allows you to compress a file so it's smaller when you send it. It's then packaged into a 'zipfile', which you can choose to encrypt. 

You have a few encryption method options:

  • 256-bit AES
  • 128-bit AES
  • Legacy (Zip 2.0)

AES = Symmetric Algorithm (Uses one key/password)

256 or 128 = bit length and key space.

The bit length is a bit like how many locks you put on it. The higher the number, the longer it will take and more difficult it will be to unlock therefore it's arguably more secure. The '256' is the key space - meaning the number of total possible different keys you can have with this encryption algorithm.

Think of a four-rota padlock like the one above. It has 0-9 on each rota. This padlock has a total of 10,000 possible combinations to unlock it, making for a pretty secure padlock. Manually trying to crack the code could take from dusk til dawn which is why people cut locks instead of attempting to crack them.

256-bit length encryption has 1.1579 x 10 to the power of 77 possible keys. That's a lot of keys!

This number is so vast, it will be difficult for even the most powerful computers doing the guessing. If your password is both long and random enough to generate your key, rest assured your data will be secure.

 

Which encryption should you choose?

People and governments are forever trying to crack algorithms. We know which ones are good and which are not so good. We know which are susceptible to being cracked and which ones are not susceptible.

When someone tries to guess what the key is by going through every possible combination - this technique is known as 'brute forcing'. Attempting to break the code with brute force, basically.

There is another technique called a 'dictionary attack'. This is where an attacker tries all words from the dictionary against the key. If the key is a customised, non-dictionary word, the attack will fail so I recommend making a 'M0tl3y Tan9 C1an' of a combination from various characters. See what I did there!

Another way is a hybrid of the two methods - taking human behavioural psychology and combine it with a dictionary brute force attack. For example, the word 'monkey' is common in passwords. So much infact, it's in the top 10 most commonly used passwords. Numbers are often added to the end of passwords too. Knowing this, a hacker can use 'monkey' and every number combination possible to crack the key.

128-bit AES and 256-bit AES are not the only symmetric algorithms you can choose from.

There are some other ones to choose from:

  • Data Encryption Standard
  • Triple-DES (3DES)
  • Blowfish
  • RC4
  • RC5
  • RC6
  • Advanced Encryption Standard (AES)

Symmetric Algorithms are used in most everyday encryption systems like HTTPS, full-disk encryption, file encryption, Tor, VPN's, pretty much everything. AES is the common standard for symmetric encryption.

For maximum protection, use AES 256 where possible as it is fast and currently unbreakable.

Even governments, militaries or anyone with access to great resources and enormous computing power would have great difficulty trying to crack AES-256 encryption unless the password was weak.

[Reference: Nathan House, Station X Ltd]

Huw Tremlett

Data Management Consultant

Huw Tremlett