Article

# What is encryption?

Fabrizio Ferri-Benedetti

Published

Want to know why you should, how you can and how to do it right? Then read on!

### What is encryption?

To encrypt is to transform information to protect it from prying eyes. By applying encryption, a message is altered beyond recognition or appears incomprehensible, but the information isn’t lost and can later be retrieved.

Scrambling the alphabet and exchanging one letter for another is a classic example of encryption (source).

The method used to create and retrieve (decrypt) an encrypted message is a shared secret between the message sender and the recipient. The discipline of studying these mathematical methods is called cryptography.

When someone other than the recipient tries to decipher the message without knowledge of the technique used or the key required to decrypt, it’s known as a cryptographic or cryptanalytic attack. Its aim is to “break” the message encryption. If you think of an encrypted file like a trunk, the cryptanalyst is like a thief who forces the lock rather than using the key.

### Encrypt doesn’t mean to hide

Don’t confuse encryption, which is the alteration of a message, with concealment. Steganography is the discipline of concealing information through a variety of methods that are often used in conjunction with cryptographic techniques.

Steganography is hiding information within other pieces of information (source)

While the purpose of cryptographic techniques is to prevent the content of the message from being interpreted, the goal of steganography is to make the existence of the message unknown. An example is hiding a message within an image.

Since an encrypted message may attract unwanted attention, cryptographic techniques can be used in combination to hide a message.

### Encryption and computing: a good marriage

Cryptographic techniques have been used since ancient times to transmit information of strategic importance. Initially, these techniques were as simple as rotating letters using a scroll wrapped around a stick.

Reproduction of Roman scrolls, used in ancient times to encrypt messages

Later on, complex mechanical devices were used, such as the famous Enigma machine, which the Germans used successfully for years to transmit orders during World War II.

Closeup of Enigma machine rotor

During World War II, the ongoing need for better decryption techniques led to the development of the first computers, machines more powerful than the mechanical calculators previously used by cryptanalysts.

### Encryption software

Today, encryption is used in many different situations where it’s essential to keep secrets. In many such cases, encryption is present without you even knowing.

Cryptographic techniques are used in many scenarios:

• For web site authentication
• When voting in online elections
• To pay online with a credit card
• When receiving and sending emails
• When saving confidential documents
• To check the integrity of a file

In most cases, these techniques are automatically used by applications, and the only thing you have to worry about is remembering a password. In other cases, encryption is voluntary and depends on the security level you want to achieve.

### Encryption types

There are many encryption techniques available. Most of them can be classified into three main categories:

• Classic encryption
• Symmetric encryption or secret key
• Asymmetric encryption or public key

Classic encryption uses more or less complex alphabetic substitution methods. It’s very economical, but also vulnerable to attacks such as frequency analysis.

The secret message that appears in the story “The Gold-Bug

Symmetric encryption is the use of the same key to encrypt and decrypt an encrypted message. Until 1976, this was the only kind of encryption available for data protection in computing environments.

Steganography is hiding information within other pieces of information (source)

The fact that there is a shared secret between the transmitter and receiver is a vulnerability that has been resolved only for asymmetric encryption. Still, symmetric encryption is widely used and respected.

With asymmetric encryption, the shared secret problem is solved: Messages are encrypted with a public key, but only the designated recipient can decrypt them with your private key, which (in theory) no one else has.

Asymmetric encryption ensures confidentiality (top) and authenticity (below) – (source)

By not needing an initial key exchange, asymmetric encryption greatly reduces the chances of a successful cryptanalysis. Asymmetric encryption can also be used to sign documents and verify authorship.

PGP is a well-known example of an asymmetric encryption program.

In both types of encryption, the strength of a key is indicated by the bits or key length. A 3072-bit key is much more complex and difficult to break than a 128-bit key, but also requires more computing power.

### What is a cryptographic attack?

Cryptanalysis is investigating the weaknesses of encryption techniques. It’s a fascinating discipline, a combination of linguistics, mathematics, reverse engineering and espionage.

The techniques used for a cryptographic attack vary depending on the amount of information available about the encryption used and the protected data. Knowledge about the technology used and the content is helpful to the attacker.

Whatever attack is used, there are three resources that any attacker needs: time, prior information and computing resources. The complexity of current encryption systems sometimes requires very powerful computers.

Steganography is hiding information within other pieces of information (source).

A widely used type of attack is the brute force method, which uses all the power of a computer to guess a password. The longer the key, the longer it takes for the attacker to guess it… if they guess it at all.

### The downside to encryption

The advantages of encrypting data are clear: protecting privacy, identity, data integrity and security when sending information via open networks. But encryption also has its disadvantages.

The most obvious drawback is that once the key that’s used to encrypt the data is lost, you forever lose access to that data. It’s inconvenient, not to mention embarrassing, and happens often unless you choose easy to remember passwords – which in turn presents its own security risk.

Another drawback of encryption is that it’s slow, costly and inconvenient to use strong encryption techniques. These drawbacks have been minimized over the years, as computing power has increased, but it’s still a problem.

Relationship between length (strength) of an RSA key and decryption time (source)

Finally, the false sense of security that encryption creates can be a double-edged sword, especially if the techniques are applied lightly. Attacks via social engineering and phone-hacking can bypass even the most robust keys.

### What applications can be used to encrypt your data?

Encryption used to be only for governments and corporations. Now anyone can use the strongest encryption techniques on a personal computer or mobile phone.

The two protection scenarios in which you can apply encryption are as follows:encryption while in transit and local encryption. The former ensures the privacy of your data as it is transmitted over the network. The latter ensures the privacy of your local data.

Encryption of information in transit

• HotSpot Shield, a tunnel VPNconnection that protects your privacy
• BoxCryptor, which encrypts Dropbox files and other cloud content
• PGP, the most frequently used email encryption method (or GnuPG)
• TigerChat and other secure messaging apps
• Encryption of local information

• TrueCrypt, a utility that creates virtual encrypted drives
• FreeOTFE, an excellent alternative to TrueCrypt
• AxCrypt, an encryption suite for Windows
• SSE, a cipher suite for Android devices