What is Encryption?

Data Encryption

Encryption refers to the coding of information in order to keep it secret. Encryption is accomplished by transforming the string of characters comprising the information to produce a new string that is a coded form of the information. This is called a cryptogram or ciphertext and may be safely stored or transmitted. At a later time, it can be deciphered by reversing the encrypting process to recover the original information, which is called plaintext.

Data encryption has been used to send secret military and political messages from the days of Julius Caesar to the present. Recent applications include the, electronic funds transfer, electronic mail, database security, and many other situations in which the transmission of secret data is crucial.

What is Encryption?

Encryption is a formula used to turn data into a secret code. Each algorithm uses a string of bits known as a “key” to perform the calculations. The larger a key is (the more bits in the key), the greater the number of potential combinations that can be created, thus making it harder to break the code and unscramble the contents

Cryptography

Cryptography is the practice of encoding data so that it can only be decoded by specific individuals. A system for encrypting and decrypting data is a cryptosystem. These usually involve an algorithm for combining the original data ("plaintext") with one or more “keys” - numbers or strings of characters known only to the sender and/or recipient. The resulting output is known as “ciphertext”.

The security of a cryptosystem usually relies on the secrecy of the keys rather than the supposed secrecy of the algorithm. A strong cryptosystem has a large range of possible keys so that it is not possible to just try all possible keys. A strong cryptosystem will produce ciphertext which appears random to all standard statistical tests and can resist all known methods for breaking codes.

What is a “key”?

A key is the input to the encryption and decryption methods (or algorithms, in the case of computer security) that guides the specific substitutions and transpositions the encryption and decryption methods perform.10 While the same encryption method may be used to secure a wide array of data, each instance of that method being applied with a different key makes that encrypted data unique.

In implementing a cryptosystem, the user generates a key by creating, and continuing to use, a password, passphrase, or passcode. In these cryptosystems, each user has a unique password, or key, but shares the encryption and decryption methods among all users. Alternatively, the system could generate a key for the user. This second technique is common in securing website connections.

Depending on the implementation of the cryptosystem, the key may be the password (or passphrase or passcode). Or, it could be an element necessary to generate the key used in the cryptosystem, as is the case with the iPhone. In the iPhone’s cryptosystem, the user generated passcode is combined with the phone’s unique identifier to create the key each time the passcode is entered. In this system, the key is not stored on the device.

The secrecy of the key is a crucial element that ensures a cryptosystem is secure. An adversary may intercept the ciphertext and know the encryption standard in use on that system. However, the key will remain a secret, and as a result, so too will the ciphertext.

Another way of thinking about the importance of the key is that those who have access to the key have access to the data. Expanding on this concept, whoever is able to discover the key, can discover the data. That is why the secrecy of a key is so critical to the overall security of a cryptosystem.

It is because the key is so critical to a cryptosystem that keys and data are kept and transmitted separately in secure cryptosystems. If a key was sent along with a ciphertext, an adversary who intercepts that communication would have all elements necessary to decrypt the message.

A key allows the encrypted secret code to be decrypted or allows plaintext (data that can be read by anyone) to be encrypted. There are typically two types used with data encryption--secret keys and public keys.

THERE ARE TWO MAIN TYPES OF ENCRYPTION

        1)      Asymmetric encryption (public-key encryption).

        2)      Symmetric encryption.

        1)      Asymmetric encryption (public-key encryption).

Asymmetrical encryption is also known as public key cryptography, which is a relatively new method, compared to symmetric encryption. Asymmetric encryption uses two keys to encrypt a plain text. Secret keys are exchanged over the Internet or a large network. It ensures that malicious persons do not misuse the keys. It is important to note that anyone with a secret key can decrypt the message and this is why asymmetrical encryption uses two related keys to boosting security. A public key is made freely available to anyone who might want to send you a message. The second private key is kept a secret so that you can only know.

A message that is encrypted using a public key can only be decrypted using a private key, while also, a message encrypted using a private key can be decrypted using a public key. Security of the public key is not required because it is publicly available and can be passed over the internet. Asymmetric key has a far better power in ensuring the security of information transmitted during communication.

The longer the “key”, the more computing required to crack the code. For example, using the now industry standard 128-bit encryption key, it would be 4.7 sextillion (4,700,000,000,000,000,000,000) times more difficult than cracking a 56-bit encryption key. Given the current power of computers, a 56-bit key is no longer considered secure whereas a 128-bit key is.

  

         2)      Symmetric encryption

Symmetric encryption is a type of encryption where only one key (a secret key) is used to both encrypt and decrypt electronic information. The entities communicating via symmetric encryption must exchange the key so that it can be used in the decryption process. This encryption method differs from asymmetric encryption where a pair of keys, one public and one private, is used to encrypt and decrypt messages.

By using symmetric encryption algorithms, data is converted to a form that cannot be understood by anyone who does not possess the secret key to decrypt it. Once the intended recipient who possesses the key has the message, the algorithm reverses its action so that the message is returned to its original and understandable form. The secret key that the sender and recipient both use could be a specific password/code or it can be random string of letters or numbers that have been generated by a secure random number generator (RNG).

THERE ARE TWO TYPES OF SYMMETRIC ENCRYPTION ALGORITHMS

           1)      Block algorithms.

            Set lengths of bits are encrypted in blocks of electronic data with the use of a specific secret key. As the data is being encrypted, the system holds the data in its memory as it waits for complete blocks.

          2)      Stream algorithms.

           Data is encrypted as it streams instead of being retained in the system’s memory.

How does encryption work?

For computer systems, encryption works by applying a cryptosystem to the message, or block of data, that the user seeks to encrypt. A cryptosystem is a five-element system which includes a set of plaintexts, keys, encryption methods, decryption methods, and ciphertexts.

In some cryptosystems, the key that encrypts the message and decrypts the message is the same these systems are known as symmetric. In other cryptosystems, one key would encrypt a message while it will take another key to decrypt the message these systems are known as asymmetric.

What is a “hash”?

A hash is separate from but related to encryption. A hash uses similar mathematical functions as an encryption method to produce a string of characters as an output. This output can only occur one way, so a hash value may be derived from a message, but knowing the hash value will not allow one to know the message.

Hash values are used to validate the integrity of a message. If the hash value for a message changes, then the message itself is altered. This allows a user to determine whether or not they will trust the message.

One may encrypt a message and hash a message, or only do one or the other. Although they use similar mathematical functions, they are not required to be used in tandem. The encryption is a way of achieving confidentiality, while the hash is a way of achieving integrity.