So what is it?
It might be the most important technology we have.
Most digital security measures, everything from safe browsing to secure email, depend on it.
Hannah Stryker / How-To Geek
Without encryption, we’d have no privacy.
ThisCybersecurity Awareness Weekarticle is brought to you in association withIncogni.
What Is Encryption?
To anyone else, it’ll appear as gibberish or a meaningless collection of characters and symbols.
An encryption scheme just describeshowa message or data is changed to make it unreadable.
We’ll give you a few historical examples, then discuss how it is done today.
The ancient Greeks would wrap a strip of parchment in a tight spiral around a wooden rod called ascytale.
They wrote their message along the length of the rod, over the wrapped parchment.
Uncoiled, the writing on the parchment made no sense.
This is a form oftransposition cipher.
It’s a primitive technique, but it has elements that you’ll find in modern encryption systems.
And they both need matching mechanisms to do so.
The Polybius Square
Another method used by the ancient Greeks used aPolybius square.
This was a five-by-five or six-by-six grid of letters.
A letter was referenced by its coordinates, like the game battleships.
Of course, there are many ways to fill the grid with letters.
Unless you know the layout of the letters, decryption is difficult.
This lets you set up a scheme with multiple squares with different layouts.
You could create seven squares and use a different square for each day of the week, for example.
Schemes that use multiple alphabets are calledpolyalphabetic ciphers.
A Polybius square is a form of code.
A code substitutes other characters for letters, in this example, digits.
Ciphers replace letters with other letters.
Caesar’s Cipher
Julius Caesar gave his name toCaesar’s Cipher.
There are 26 letters in the standard English alphabet, and 13 divides into 26 exactly twice.
Enciphering twice returns you to the original text.
In programming terms, this simplifies matters because you only need to write an enciphering routine.
There’s no need for a deciphering routine.
This is why writing a ROT13 implementation is a common exercise for people learning to program.
ROT13 is also commonly held up as an example of very poor, low-grade encryption.
you could try it yourself withthis online ROT13 engine.
Try entering “Alaska Nynfxn” then putting the output back in as the input.
So, What is Encryption?
That set of rules is an algorithm.
And that’s what encryption is.
It’s algorithms for privacy.
How Does Encryption Work Today?
What can you do to prevent unauthorized people from accessing the data?
And what can be done to make it secure?
All of the old systems could be overcome with knowledge of the encryption system.
Use the same diameter rod and the scytale message becomes readable.
Caesar’s Cipher can be broken by trying different offsets on the first part of the message.
You only have 25 to try, at the most.
Polybius squares pose more of a challenge because the layout of the letters within the square is unpredictable.
If you know what the layout of the square is, it isn’t even a challenge.
That’s called cryptanalysis.
They work through the data a chunk at a time and are called block ciphers.
If the last chunk to be processed is smaller than 128 bits, it is padded to 128 bits.
There are many block encryption schemes available.
TheAdvanced Encryption Standard(AES) is the officialencryption standard of the U.S. government.
Different encryption schemes use different algorithms and different block lengths and make use of different combinations of mathematical transforms.
Hash Strings
We’ll look at a special case first.
It’s possible to encrypt data using a one-way transform.
This is the very antithesis of ROT13 because the resulting ciphertext cannot be reverted to plaintext.
More accurately, it can’t be decrypted within a practical timeframe.
All of the hash strings are the same length.
How is this useful?
Well, a secure website won’t store your password in plaintext.
Your password is hashed and the hash string is stored.
Your password is never retained.
If they match, you could enter.
If you enter an incorrect password the two hash strings won’t match and you are not allowed in.
This lets the website use authentication without having to store the passwords in an exposed form.
If they get hacked, none of the passwords are compromised.
Hashing techniques may also add unique, random data called a salt to the passwords before they are hashed.
This means all hashes are unique even if two or more users happen to have chosen the same password.
What is Encryption Used For?
Today, encryption is used for just about everything (or at least it should be).
Here are a few of the examples you encounter almost every day.
A key is a long sequence of bytes generated by a complex algorithm.
They typically range in size from 128 bytes to 2048 bytes or more.
The key is used by the encryption algorithm when it is encrypting the plaintext.
The key size is independent of the block size.
To protect locally stored data,entire hard drives can be encrypted.
This jot down of protection safeguards data that is static or “at rest.”
This doesn’t just apply to regular computers, either.
Well, sort of.
What it actually means is that the connection between your gear and website is encrypted usingSSL/TLSencryption.
That’s a good thing, but it doesn’t verify the security of the rest of the website.
The website might be storing passwords in plaintext and using a default admin password on the database.
But at least if you see the padlock, you know your communication with the website is encrypted.
This encryption is possible because your web app and the website use the same encryption scheme with multiple keys.
At the start of a connection session your web app and the website exchange public keys.
A public key can decrypt something that has been encrypted using a private key.
Your web client and the website exchange their public keys and then encrypt using their private keys.
The private keys need never be exposed.
Releasing a public key is safe.
A public key cannot be used to fraudulently encrypt data.
This raises the question of authenticity.
Secure Email
The concept of public and private keys crops up again and again in encryption.
A common method of securing emails in transit uses pairs of public and private keys.
Public keys can be exchanged safely, private keys are not shared.
Messages are encrypted using the sender’s private key.
The recipient can use the sender’s public key to decrypt and read it.
They can use their own private key to encrypt a reply.
OpenPGP is awell-known encryption schemethat follows this model, with a twist.
The sender’s email client generates a random key.
This is used to encrypt the email message.
The random key is then encrypted with the recipient’s public key.
The encrypted message and the encrypted random key are sent to the recipient.
The purpose of the extra step is to allow an email to be sent securely to multiple recipients.
Of course, secure email systems also face the question of authenticity.
You have to trust the public key that has been sent to you.
Keys are tied to email addresses.
Most email clients can show the email address associated with a public key.
Another method of checking the authenticity of a public key is to obtain itfrom a repository.
The public keys uploaded to repositories are verified by the repository before they’re made public.
Lbhe cevinpl vf vzcbegnag, hfr gur nccebcevngr gbbyf gb fnsrthneq vg.
As Caesar might have said.
