Pin Me

A Guide to Encryption for the Basic Computer User

written by: N Nayab•edited by: Bill Fulks•updated: 7/30/2011

Internet data is vulnerable to interception when in transit over networks, and without encryption, anyone can intercept and read the data. The increasing level of cyber attacks makes security encryption for online data an absolute must, and all computer users require knowledge of encryption basics.

  • slide 1 of 11

    What is Encryption?

    Encryption is a branch of cryptography, and involves making plain text unreadable by using an algorithm, known as cipher. The algorithm contains a decoding key, and only those with this key may make sense of the information. It adds a layer of security when transmitting data, and now finds almost mandatory use when transmitting sensitive information such as bank details, passwords, and personal particulars.

    Encryption originated as a military application to transmit coded communications without the enemy becoming aware of the contents. It remained confined to such military purposes, until the open nature of the Internet that made sending data across networks insecure and prompted its adoption for commercial use.

  • slide 2 of 11

    How does Encryption Work?

    Security Encryption for Online Data Encryption works by substituting one letter or character with another, at random, and keeping the key secret. To illustrate the basic concept of encryption, write the alphabet A to Z in a line. Below each letter, write another letter, at random. After writing normal text using the letters in the first line, substitute such letters with letters from the second line. This makes the text unreadable, but those with access to the sheet containing both the first line and second line letter string may replace the second line letters with the first line letters to make sense of the text.

    The above example is the most basic level of encryption. Encryption systems in use now are much more complex and difficult to crack.

  • slide 3 of 11

    What are the Major Types of Encryption?

    There are two main types of encryption: symmetric and asymmetric.

    Symmetric algorithms have a single key shared between the sender and the receiver, and the key both encrypts and decrypts the text. This type is older and less expensive, and in use by popular algorithms such as Blowfish, AES, and DES.

    Asymmetric encryption schemes use two keys: a private key and a public key. Senders use the public key to encrypt data, and send the private key to the intended recipients. Once encryption is over, only those with access to the private key makes sense of the text. Asymmetric encryption is more secure compared to symmetric ones, but also more complex and expensive. Encryption providers such as RSA and Diffie-Hellman adopt such asymmetric key algorithms. Electronic commerce protocols such as SSL use RSA.

  • slide 4 of 11

    What is the Difference Between 64-bit and 128-bit Encryption?

    Whenever encryption finds mention, the phrases 64-bit encryption, 128-bit encryption, and even 256-bit encryption come up frequently. These phrases owe their origin to Advanced Encryption Standard (AES), a symmetric key standard which remains the most popular and widely used encryption standard. Earlier, AES adopted AES-32 and AES-64, or 320-bit and 64-bit encryption. The new standards are AES-128, AES-192 and AES-256, denoting 128-bit, 192-bit, and 256-bit encryption respectively.

    The bit denotes the key length of the encryption. The longer the key length, the more difficult it becomes for people to guess out the algorithm without the key. Governments protect secret and top secret documents using AES-192 and AES-256.

  • slide 5 of 11

    How to Encrypt

    Security Encryption for Online Data Some popular encryption applications are PGP (Pretty Good Privacy), TrueCrypt, IPSec, SafeHouse, BitLocker, CryptoForge, Secure House, Advanced Encryption Package, and more. Such applications allow users to encrypt email messages, personal files, folders, and even the entire hard disk or USB drive.

    Select an application that works on the operating system in use. Also, consider how these applications encrypt data. Some applications change the file format independent of the file system. Other such as TrueCrypt install a mountable encrypted file with its own internal file system, and still others such as BitLocker build the encryption into the real file system.

    Web browsers automatically encrypt information when it connects to a secure website, as depicted by the https:// prefix, as opposed to standard http:// prefix. Popular email clients provide encryption programs as plug-ins or interfaces, allowing users to encrypt emails.

    Windows XP has an Encrypting File System (EFS) feature that allows storing files in an encrypted format on hard disks, formatted NTFS volumes. Linux Operating systems such as FreeBSD/Solaris have a .gpg command that serves as an encryption and signing tool.

  • slide 6 of 11

    Is Encryption Fool-Proof?

    Encryption makes the data private, but not totally secure. Hackers may still intercept the data using fake digital signatures and certificates, blocking it from the intended users. Encryption also does little to stop or prevent the files from succumbing to malware infections, network worms, password sniffing, attacks against listening TCP/UDP ports, malicious insiders, SQL injection attacks, and other security threats.

    Normally, people cannot make sense of encrypted files without the decryption key. However, cyber criminals have devised ways to decode encrypted data. One such way is the Brute Force attack, which involves checking all possible keys systematically by traversing the entire search space. Longer keys such as AES-128 or AES-256 make this task difficult or practically impossible.

    Another major threat relates to compromising or losing the encryption key, which makes the hacker’s task easy. Usually, only a password protects the encryption key, and all it takes is for the hacker to deploy a network packet sniffer pry out the password and open the key. The robustness and reliability of the encryption depends on storing the encryption key and the application provider changing keys frequently.

  • slide 7 of 11

    How Encryption Affects System Performance

    Security Encryption for Online Data Encrypting files for sending across networks does not have any effect on system performance, except for a negligible delay to undertake the encryption process. Whole-disk encryption however may slow down the system by 10 to 20 percent.

    The extent of slow downs and degraded system performance depends on the combination of encryption standard used, the processor, and the RAM. For instance, AES encryption is the fastest, and using combined encryption slows down the system.

  • slide 8 of 11

    What Are the Costs Associated with Encryption?

    The direct cost to encrypt is the cost of the application used for the purpose. TrueCrypt, for instance, is freeware and encryption using this application does not cost anything. Complex and advanced encryption systems require a PKI, Active Directory, RADIUS, a new special-purpose server, or new cryptographic hardware, all attracting considerable costs.

    Apart from the direct cost, the indirect system performance costs and administrative costs in installing and using encryption applications apply. At times, when the encryption system is complex, users may require training on how to encrypt and decrypt.

  • slide 9 of 11

    What Are the Alternatives to Encryption?

    Encryption is an advanced and secure way of keeping data private, but other methods also serve the same purpose. Some such ways are:

    • Masking text, such as displaying * instead of the actual character at the point of disclosure. This combined with regulations such as PCI Compliance Standards Requirement 3.4 that forbid saving credit card numbers in a database in its entirety offers a good level of protection. Data masked in storage remains unavailable for reading or search by anyone regardless of the security level.
    • Coding, or assigning numeric or alphanumeric values to represent the real values of data. Unlike encryption, this does not require changing the entire text.
    • Hashing, or using an algorithm to turn plain text into a binary value.

    All such methods have their advantages and disadvantages vis-à-vis encryption.

    The ultimate alternative to security encryption for online data is using private dedicated lines to transmit data.

  • slide 10 of 11

    What is the Future of Encryption?

    As cyber attacks increase and network security becomes an even more pressing concern, encryption will become even more popular. The development of quantum computers may make the current encryption standards obsolete, but just as technology updates itself continuously, encryption standards will also develop. With time, the process will become simpler, user friendly, seamless and less expensive.

    Any technology remains complex, and initially in the control of a competent few. With time, developments make the technology available to masses, until it becomes a simple and common tool. Encryption is poised to go the same way, with the increasing complexity in encryption standards poised to accompany a simpler and seamless user interface and integration, and in all probability integrated with web browsers and other applications.

  • slide 11 of 11

    References

    • Seagate. "128-Bit Versus 256-Bit AES Encryption." http://www.seagate.com/staticfiles/docs/pdf/whitepaper/tp596_128-bit_versus_256_bit.pdf. Retrieved July 24, 2011.
    • Fossen, Jason. “How to choose the best encryption software for your organization.” http://www.sans.org/windows-security/2009/08/17/how-to-choose-the-best-drive-encryption-product/. Retrieved July 24, 2011.

    Image Credit:

    1. flickr.com/Chris Dlugosz
    2. freedigitalphotos.net/renjith krishnan
    3. flickr.com/Ryan Somma