Chances are you’ve already noticed it: Encryption is popping up literally everywhere on the internet. Most services now even use encryption as a selling point. Why is encryption so rampant now? What does encryption do for you? What can it protect you against? And, most importantly, what do you (as a consumer) need to know about encryption on the Internet to make effective use of it? All these questions will be addressed as we explore the subject of cryptography in computer sciences.
So, What Is Encryption, And Why Is Everyone Offering it Now?
Encryption, as Hollywood movies suggest, is a practice in cryptography by which a piece of data is obfuscated (manipulated) in a mathematically-predictable manner that can make it very difficult to recover its contents. Have you ever written in code, substituting letters? It’s kind of like that, but much more complex. The mathematical equations used to encrypt (and decrypt/decode) things are called cryptographic algorithms.
One more thing: The jumbled-up text at the end of every algorithm (the “result”) is known as a ciphertext. The decrypted equivalent is known as plaintext. These are very important words to remember when discussing cryptography.
How Does a Cryptographic Algorithm Work?
Well, that depends on the type of algorithm:
Symmetric algorithms use a key to encrypt and decrypt data. The key is basically the “x” that will solve for “y” in the mathematical algorithm. The length of the key and some other properties of the algorithm determine its “difficulty.” The more difficult an algorithm is, the more difficult it is to crack it. A difficult algorithm requires immense amounts of computing power to crack, which is usually out of reach from run-of-the-mill hackers. More sophisticated attacks might use computer clusters to decipher your data. Even then, some symmetric algorithms might thwart these attacks.
Asymmetric (public key) algorithms split the key into two pieces: a public one (usually stored in the server) and a private one (usually stored in your computer by software). Asymmetric algorithms get their strength from this particular technique, since a hacker will not be able to read the contents of your data even if he gets his hands on the public key (it’s only half the key). Some services (like SmartSignin‘s single sign-on) actually allow you to create your own key and keep it, so that even their own employees cannot access your data. Others simply manage keys in an automated and streamlined manner, which presents a few disadvantages, albeit not as many as symmetric algorithms do.
What You Need to Know.
No algorithm is created equally. All of them have some flaw or another that will be discovered in the future, so it’s difficult to know what services you should rely on. Your safest bet is to use your Google-fu to get to the bottom of each algorithm. If you find that some service is using an algorithm that you’re not familiar with, just search for “x algorithm broken.” If you find an actual proof-of-concept (like this one with the MD5 algorithm used in tons of forums) or several news stories saying that it’s no longer safe, then you should steer away from ever creating an account on the site.
Want to Know More?
There’s always something to talk about when it comes to cryptography. It’s an overwhelmingly enormous subject filled with misinformation in many directions. If you have a question about cryptography, leave a comment below!