For many, the word “encryption” probably stirs up James Bond-esque images of a villain with a briefcase handcuffed to his wrist with nuclear launch codes or some other action movie staple.
In reality, everyone uses encryption technology on a daily basis. While most probably don’t understand the “how” or the “why,” it is clear that data security is important, and encryption is a core part of that.
Nearly every computing device we interact with daily utilizes some form of encryption technology. So, how does encryption work, and is encryption safe?
What Is Encryption?
Encryption is a modern form of cryptography that allows a user to hide information from others.
Encryption uses a complex algorithm called a cipher to turn regular data (known as plaintext) into a series of seemingly random characters (known as ciphertext) unreadable by those without a special key to decrypt it. Those that possess the key can decrypt the data to view the plaintext again, rather than the random character string of ciphertext.
Two of the most widely used encryption methods are public key (asymmetric) encryption and private key (symmetric) encryption.
Both encryption methods allow users to encrypt data to hide it from others and then decrypt it to access the original plaintext. However, they differ in how they handle the steps between encryption and decryption.
Public Key Encryption
Public Key—or asymmetric—encryption uses the recipient’s public key and a (mathematically) matching private key.
For example:
- Joe and Karen both have keys to a box.
- Joe has the public key, and Karen has a matching private key.
- Joe can use his public key to unlock the box and put things into it, but he cannot view items already in there, nor can he take anything out.
- Karen’s private key can open the box, view all items inside, and remove them as she sees fit.
Note that Karen can view and remove items from the box, but she cannot put new items into the box for Joe to see.
For that to work, Joe and Karen need to swap a new set of keys, for a new box. In this case, Karen holds the public key and can unlock the box to put a new item in, while Joe’s private key allows him to open the box and view the items.
Private Key Encryption
Private Key—or symmetric—encryption differs from public-key encryption in the purpose of the keys. There are still two keys needed to communicate, but each of these keys is now essentially the same.
For example, Joe and Karen both possess keys to the aforementioned box, but in this scenario, the keys do the same thing. Both of them are now able to add or remove things from the box.
Speaking digitally, Joe can now encrypt a message as well as decrypting it with his key. Karen can do the same with hers.
This is a simplified way of considering private key encryption. Often, online sites and services will use both public and private key encryption to secure different features, building layers of security in the process.
A Brief History of Encryption
When talking about encryption, it’s important to make the distinction that all modern encryption technology is derived from cryptography.
At its core, cryptography is the act of creating and (attempting to) decipher a code. While electronic encryption is relatively new in the grander scheme of things, cryptography is a science dating back to ancient Greece.
The Greeks were the first society credited with using cryptography to hide sensitive data in the form of the written word, both from the eyes of their enemies and the general public.
However, the Greeks weren’t alone in developing primitive cryptography methods. The Romans followed suit by introducing what came to be known as “Caesar’s cipher,” a substitution cipher that involved substituting a letter for another letter shifted further down the alphabet.
For example, if the key involved a right shift of three, the letter A would become D, the letter B would be E, and so on. The Caesar Cipher is one of the first forms of cryptography many of us are introduced to as children.
Examples of Modern Encryption Technology
Modern encryption technology uses more sophisticated algorithms and larger key sizes to conceal encrypted data better. The larger the key size, the more possible combinations that a brute force attack would have to run to decrypt the ciphertext successfully.
As key size continues to improve, the length of time it takes to crack encryption using a brute force attack skyrockets.
For example, while a 56-bit key and a 64-bit key appear similar in value, the 64-bit key is actually 256 times harder to crack than the 56-bit key.
Most modern encryptions use a minimum of a 128-bit key, with some using 256-bit keys or greater. To put that into perspective, cracking a 128-bit key would require a brute force attack to test over 339,000,000,000,000,000,000,000,000,000,000,000 possible key combinations.
One of the biggest encryption language misnomers comes from the differences between encryption types (encryption algorithms) and their respective strengths. Let’s break it down:
- Encryption type: The encryption type concerns how the encryption is completed. For instance, asymmetric cryptography is one of the most common encryption types on the internet.
- Encryption algorithm: When we discuss the strength of encryption, we’re talking about a specific encryption algorithm. The algorithms are where the interesting names come from, like Triple DES, RSA, or AES. Encryption algorithm names are often accompanied by a numerical value, like AES-128. The number refers to the encryption key size and further defines the strength of the algorithm.
There are a few more encryption terms you should familiarize yourself with that will help expand your knowledge of encryption.
There are several common encryption algorithms preferred due to the strength and security. You probably know more about encryption than you think, especially some of the names.
1. Data Encryption Standard (DES)
The Data Encryption Standard is an original US Government encryption standard. It was originally thought to be unbreakable, but the increase in computing power and a decrease in hardware cost has rendered 56-bit encryption essentially obsolete. This is especially true regarding sensitive data.
2. RSA
RSA is one of the first public-key cryptographic algorithms. It uses the one-way asymmetric encryption function explained above (and also in the linked encryption terms piece above).
RSA is a prominent encryption algorithm. It is a primary feature of many protocols, including SSH, OpenPGP, S/MIME, and SSL/TLS. Furthermore, browsers use RSA to establish secure communications over insecure networks.
RSA remains incredibly popular due to its key length. An RSA key is typically 1024 or 2048 bits long. However, security experts believe that it will not be long before 1024-bit RSA is cracked, prompting numerous government and business organizations to migrate to the stronger 2048-bit key.
3. Advanced Encryption Standard (AES)
The Advanced Encryption Standard (AES) is now the trusted US Government encryption standard.
It is a symmetric key algorithm that can generate keys in three different sizes: 128, 192, or 256 bits. Furthermore, there are different rounds of encryption for each key size. A “round” is the process of turning plaintext into ciphertext. For 128-bit, there are ten rounds. 192-bit has 12 rounds, and 256-bit has 14 rounds.
AES is one of the strongest forms of encryption currently available. When you read “military-grade encryption” on a product, it is referring to AES. While there are theoretical attacks against AES, all require a level of computing power and data storage simply unfeasible in the current era.
Is Encryption Safe to Use?
Unequivocally, the answer is yes.
The amount of time, energy usage, and computational cost to crack most modern cryptographic technologies makes the act of attempting to break encryption (without the key) an expensive exercise that is, relatively speaking, futile.
That said, encryption does have vulnerabilities that rest largely outside of the power of the technology.
- Backdoors: No matter how secure the encryption, if someone inserts a backdoor in the code, someone can negate the security. Encryption backdoors are a constant talking point for governments worldwide, becoming an especially hot topic after any terrorist attack. There are numerous reasons why we should never allow a government to break encryption.
- Private key handling: Modern key cryptography is extremely secure. However, human error is still the biggest factor in most security issues. An error handling a private key could expose it to outside parties, rendering the encryption useless.
- Increased computational power: With current computing power, most modern encryption keys are unfeasible to crack. That said, as processing power increases, encryption technology needs to keep pace to stay ahead of the curve.
- Government pressure: Along with encryption backdoors, some governments enforce mandatory decryption laws that force detained citizens to hand over private encryption keys. The nature of key disclosure laws varies by country. In the US, the Fifth Amendment protects witnesses from self-incrimination, making mandatory key disclosure illegal.
Should You Use Encryption?
It isn’t really a case of whether you should use encryption. You use encryption each and every day to access your online banking, to send messages on WhatsApp, and to access websites securely without eavesdroppers.
A better question to consider is “What would happen without encryption?”
About The Author