Möchten Sie diesen Beitrag in Deutsch zu lesen? Lesen Sie die Deutsch-Version hier.
While security is an afterthought for many PC users, it’s a major priority for businesses of any size. It has to be when the Ponemon Institute tells us that security breaches are costing companies millions every year.
Even if you don’t have millions to lose, protecting what you do have should be a high priority.
There are several forms of security technology available, but encryption is one that everyday computer users should know about.
How Encryption Works
Encryption is an interesting piece of technology that works by scrambling data so it is unreadable by unintended parties. Let’s take a look at how it works with the email-friendly software PGP (or GPG for you open source people).
Say I want to send you a private message, so I encrypt it using either one of these programs. Here’s the message:
wUwDPglyJu9LOnkBAf4vxSpQgQZltcz7LWwEquhdm5kSQIkQlZtfxtSTsmaw
q6gVH8SimlC3W6TDOhhL2FdgvdIC7sDv7G1Z7pCNzFLp0lgB9ACm8r5RZOBi
N5ske9cBVjlVfgmQ9VpFzSwzLLODhCU7/2THg2iDrW3NGQZfz3SSWviwCe7G
mNIvp5jEkGPCGcla4Fgdp/xuyewPk6NDlBewftLtHJVf
=PAb3
Once encrypted, the message literally becomes a jumbled mess of random characters. But, equipped with the secret passcode I text you, you can decrypt it and find the original message.
Come on over for hot dogs and soda!
Whether it’s in transit like our hot dog party email or resting on your hard drive, encryption works to keep prying eyes out of your business – even if they happen to somehow gain access to your network or system. If you want to learn more about how encryption helps protect business data, you can read our article on how encryption aids cloud security.
The technology comes in many forms, with key size and strength generally being the biggest differences in one variety from the next.
1. Triple DES
Triple DES was designed to replace the original Data Encryption Standard (DES) algorithm, which hackers eventually learned to defeat with relative ease. At one time, Triple DES was the recommended standard and the most widely used symmetric algorithm in the industry.
Triple DES uses three individual keys with 56 bits each. The total key length adds up to 168 bits, but experts would argue that 112-bits in key strength is more like it.
Despite slowly being phased out, Triple DES still manages to make a dependable hardware encryption solution for financial services and other industries.
2. RSA
RSA is a public-key encryption algorithm and the standard for encrypting data sent over the internet. It also happens to be one of the methods used in our PGP and GPG programs.
Unlike Triple DES, RSA is considered an asymmetric algorithm due to its use of a pair of keys. You’ve got your public key, which is what we use to encrypt our message, and a private key to decrypt it. The result of RSA encryption is a huge batch of mumbo jumbo that takes attackers quite a bit of time and processing power to break.
3. Blowfish
Blowfish is yet another algorithm designed to replace DES. This symmetric cipher splits messages into blocks of 64 bits and encrypts them individually.
Blowfish is known for both its tremendous speed and overall effectiveness as many claim that it has never been defeated. Meanwhile, vendors have taken full advantage of its free availability in the public domain.
Blowfish can be found in software categories ranging from e-commerce platforms for securing payments to password management tools, where it used to protect passwords. It’s definitely one of the more flexible encryption methods available.
4. Twofish
Computer security expert Bruce Schneier is the mastermind behind Blowfish and its successor Twofish. Keys used in this algorithm may be up to 256 bits in length and as a symmetric technique, only one key is needed.
Twofish is regarded as one of the fastest of its kind, and ideal for use in both hardware and software environments. Like Blowfish, Twofish is freely available to anyone who wants to use it. As a result, you’ll find it bundled in encryption programs such as PhotoEncrypt, GPG, and the popular open source software TrueCrypt.
5. AES
The Advanced Encryption Standard (AES) is the algorithm trusted as the standard by the U.S. Government and numerous organizations.
Although it is extremely efficient in 128-bit form, AES also uses keys of 192 and 256 bits for heavy duty encryption purposes.
AES is largely considered impervious to all attacks, with the exception of brute force, which attempts to decipher messages using all possible combinations in the 128, 192, or 256-bit cipher. Still, security experts believe that AES will eventually be hailed the de facto standard for encrypting data in the private sector.
The Future of Encryption
Cyber attacks are constantly evolving, so security specialists must stay busy in the lab concocting new schemes to keep them at bay. Expert observers are hopeful that a new method called Honey Encryption will deter hackers by serving up fake data for every incorrect guess of the key code. This unique approach not only slows attackers down, but potentially buries the correct key in a haystack of false hopes. Then there are emerging methods like quantum key distribution, which shares keys embedded in photons over fiber optic, that might have viability now and many years into the future as well.
Whether it’s protecting your email communications or stored data, some type of encryption should be included in your lineup of security tools. Successful attacks on victims like Target show that it’s not 100 percent bulletproof, but without it, you’re offering up convenient access to your data. Find some tools that give you a piece of mind and stick with ’em!
Some fun facts on encryption. Modern encryption is based entirely on mathematics, none of that sub-standard ‘this enigma machine looks pretty complicated’ style security, encryption systems guaranteed to produce data which is indistinguishable from random bits.
Encryption comes in broadly two flavours (symmetric, asymmetric), Any good security system likely uses both kinds, since they do different things, and each flavour has a few algorithms:
- DES, this symmetric cipher is the oldest, but variants of it are still in use today. Sadly it is known to be unsecure, even my smartphone could break the basic(56 bit) implementation of it
- AES, This symmetric cipher is the modern defacto. Almost all encrypted messages appear in this form. It is considered strong because its key is large (128,256,512 bits), it relies on a very unpredictable hashing algorithm (SHA-2/3) and its keys cannot be shrunk by sneaky means (where DSA’s can be shrunk effectively to 48 bits). That said modern supercomputers can potentially brute force attack small keys (possibly using the less secure SHA-1), hence only 256/512 variants are considered ‘safe’
- RSA, This asymmetric cipher is the most recognised and long standing. Being asymmetric, its keys are huge (1024-4096bits) but it relies on some tricky maths to keep safe. Researchers have recently been able to crack up to 768 bit keys effectively, with certain keys as large as 1024 being broken. Because keeping RSA secure requires having HUGE keys, this standard is on the way out.
- ECC, This asymmetric cipher is the new kid on the block. Again it relies on tricky maths for its security, but its keys are smaller. The largest instance broken to date is only 112bits. As a side note this is the standard bitcoin and the NSA themselves use.
“But what about security protocols?” i hear you ask.
A security system is essentially a combination of ciphers and actions. No system was safe only because it appeared to be random, it must also use its cryptographic tools to prevent baddies from having their way.
- Bitcoin is a secure protocol for anonymous cash exchange. It is ‘safe’ if and only if the vast majority of computing resources are working for the system’s benefit. Whilst bitcoin is clearly useful, no expert calls it safe since we cannot be sure precisely how many baddies are out there breaking it. Sadly some bitcoin nodes also have bugs
- .
- TLS/SSL is the security layer our websites use (https is just http built on top of it). It relies on a ‘chain of trust’ which connects the websites i visit to the trust authority. The news is full of bad links breaking the chain
- .
“So when are you going to answer the question?” i hear you ask.
Moral of the story is, security protocols/ciphers come and go. Security is an arms race where the enemy’s power is never fully known, so we stay as far ahead as we practically can. Neither the NSA nor the combined computing power of the whole planet has a hope of breaking a 512bit AES key within your or my lifetime, so they really don’t bother.
tldr: Security is not about sticking with whatever protocol you think the enemy will take longest to break. Keep up to date with the best ciphers/protocols (they change constantly) and make sure there’s a juicier prize with worse security you can point the attackers to.