Crypto-Primer: Encryption Basics Every Security Pro Should Know
With so many choices for encrypting data and communication, it's important to know the pros and cons of different techniques.
Encryption has become a routine part of everyday life. Your iPhone uses it to defeat cybercriminals and snoopers. Security cameras may use it to keep footage private. And your VPN definitely uses it, to fence off online traffic and make it invisible to prying eyes.
Recently, however, there has been a legislative push in the US to limit ways in which encryption can be used. First came the EARN IT Act, which would set up a government commission to dictate best practices to tech companies, and now there is an even more direct affront to encryption in the form of the Lawful Access to Encrypted Data Act.
In light of these realities, it's helpful to have a better understanding of what encryption is, what are the various types of encryption and encryption algorithms, and which types offer the strongest protection. This article will explain why encryption is important but also help to make an informed decision when protecting your data.
What's an Encryption Type?
When we talk about encryption types, we are dealing with the way that encryption processes operate. There are three major forms — asymmetric, symmetric, and hash functions — and they work in different ways.
Asymmetric: A common form of encryption in use on today's Internet, asymmetric cryptography is also known as public key cryptography. In this type of encryption, data is encrypted using a pair of keys.
One of these keys is the public key, while the other is the private key. The public key is known by the provider of encryption services and is used to apply initial encryption. It will usually be changed on a regular basis to ensure that it is protected from hackers. The private key is used to decrypt data when it reaches its destination and is known only to the user or recipient.
Asymmetric encryption is ubiquitous on the Web. For instance, it's used in Bitcoin; payments via APIs also generally use asymmetric encryption to ensure to secure credit card details.
This is a slower type of encryption than symmetric encryption, so it's often used to encrypt small pieces of data. For example, it is often used in conjunction with symmetric cryptography to facilitate key exchange.
Symmetric: In symmetric encryption, only a single key is required. When information is encrypted symmetrically, the two nodes use the same key, which is applied to data to encrypt and decrypt it. Generally, this key will be created via random-number generators, which themselves have grades of sophistication. Even so, the best symmetric encryption will be weaker than asymmetric alternatives.
The advantage of symmetric encryption is speed. Because one key is involved, data can be encrypted and read much faster.
Hash functions: Slightly different than asymmetric and symmetric encryption, hash functions still turn plaintext into impenetrable code for the purposes of data protection.
A hash function converts an input into a predetermined output. It doesn't matter how large the input is; it will always create a hash of the same fixed length. The created hash cannot be turned back into the input, so there's no decryption involved in the conventional sense.
This may seem less useful than standard encryption, but it is actually a very powerful tool. Hash functions have become the primary way to prove that data or software is authentic and that outsiders haven't tampered with it.
Hashes are also used routinely in password storage systems, storing passwords in hashed format instead of plaintext. They can also detect whether documents or data have been changed via monitoring changes to the hash output.
Introducing Encryption Algorithms
Algorithms are essentially the tools used to turn plaintext into indecipherable chunks of data. We refer to it here as an algorithm, but in traditional cryptography, the word "cipher" is much more common. For the purposes of this article, we'll treat the terms as interchangeable.
Algorithms are graded according to their strength. This in turn usually refers to the length of the key size used by specific forms of encryption. For example, in the popular AES-128 algorithm, the key length is 128 characters.
Length matters because the longer a key is, the more computations an attacker must process in order to decrypt an encoded message. Hence, we've seen key lengths steadily growing over the years to 256- and even 512-bit versions.
However, key length is not everything; ciphers are stronger or weaker for other reasons as well. The five most common algorithms include:
DES: The granddaddy of today's encryption algorithms, Data Encryption Standard (DES) was invented by IBM in the 1970s with a key length of 56 characters. In 1977, it became the first digital algorithm approved as a Federal Information Processing Standard, and became the go-to option for protecting classified documents.
These days, DES is an antique, providing virtually no protection against hackers. However, without it we'd be unprotected against digital intruders.
Triple DES: Triple DES (or 3DES) uses a 168-bit cipher and essentially works by applying old-style DES to data chunks three times. Data is encrypted with one DES key, then decrypted with another, before being encrypted with a third key. At the other end, the process is simply reversed. This tends to provide enhanced protection against brute forcing, although NIST downgraded the algorithm in 2017. Therefore, it's not the gold standard.
AES: The Advanced Encryption Standard (AES) was introduced as a replacement for DES, and was created by the Belgian cryptographers Joan Daemen and Vincent Rijmen. In 2001, it was adopted by NIST as the leading encryption standard and remains relevant to modern cryptography.
Key sizes vary from 128 to 256 bits, which can apply between 10 and 14 rounds of encryption on targeted data. That delivers a high level of security and speed, which has made AES the option of choice for tools like VPNs. As of 2020, AES has still not been effectively cracked, and according to Edward Snowden, not even the NSA has been able to brute-force the algorithm.
RSA: RSA (Rivest–Shamir–Adleman) is a public key algorithm, which has been around since 1977. It uses two shared prime numbers, which are as large as possible. While the primes remain private, an auxiliary number also forms part of the public key.
Cracking the primes is extremely tough, especially if padding is used to strengthen the private keys. But the algorithm suffers in terms of speed, making it useful for some actions (such as encrypting documents), but less useful for encrypting traffic on the Web.
SHA-256: The gold standard hashing algorithm, SHA-256 replaced older ciphers such as SHA-1 and MD5. SHA-256 is often a good partner function of AES-256 and is yet to be cracked. Notably, SHA-256 is used quite extensively in Bitcoin.
Knowledge Is Protection Power
As you can see, there's a huge difference between a type of encryption and the cipher. In short, a type of encryption refers to the way the process is organized. An algorithm is applied as part of that process to actually convert data into an unreadable format.
With digital threats growing all the time and governments hungry for data on citizens, encryption isn't a minor issue. So, get to know how it works, and choose a system that provides the protection you need.
Related Content:
About the Author
You May Also Like
DevSecOps/AWS
Oct 17, 2024Social Engineering: New Tricks, New Threats, New Defenses
Oct 23, 202410 Emerging Vulnerabilities Every Enterprise Should Know
Oct 30, 2024Simplify Data Security with Automation
Oct 31, 2024Unleashing AI to Assess Cyber Security Risk
Nov 12, 2024