For Beginners: What You Need to Know About Encryption on The Internet

Chances are you’ve already noticed it: Encryption is popping up literally everywhere on the internet. Most services now even use encryption as a selling point. Why is encryption so rampant now? What does encryption do for you? What can it protect you against? And, most importantly, what do you (as a consumer) need to know about encryption on the Internet to make effective use of it? All these questions will be addressed as we explore the subject of cryptography in computer sciences.

So, What Is Encryption, And Why Is Everyone Offering it Now?

Encryption, as Hollywood movies suggest, is a practice in cryptography by which a piece of data is obfuscated (manipulated) in a mathematically-predictable manner that can make it very difficult to recover its contents. Have you ever written in code, substituting letters? It’s kind of like that, but much more complex. The mathematical equations used to encrypt (and decrypt/decode) things are called cryptographic algorithms.

about encryption-totient

As to the question of why everyone is now starting to offer it like candy in their services, it’s because hackers are getting smarter and sneakier. They’re compromising databases left and right. To protect you from database intrusions and brute force attacks, they mathematically jumble up all your personal data, making it difficult (if not completely impossible) for an individual or group of individuals to steal your data from that database. Encryption basically protects you from intrusion. If a hacker manages to break into a database and take your passwords, it would be reading something like “8EA2B7CA516745BFEAFC49904B496089” instead of “rubber_ducky.”

One more thing: The jumbled-up text at the end of every algorithm (the “result”) is known as a ciphertext. The decrypted equivalent is known as plaintext. These are very important words to remember when discussing cryptography.

How Does a Cryptographic Algorithm Work?

Well, that depends on the type of algorithm:

about encryption-symmetric

Symmetric algorithms use a key to encrypt and decrypt data. The key is basically the “x” that will solve for “y” in the mathematical algorithm. The length of the key and some other properties of the algorithm determine its “difficulty.” The more difficult an algorithm is, the more difficult it is to crack it. A difficult algorithm requires immense amounts of computing power to crack, which is usually out of reach from run-of-the-mill hackers. More sophisticated attacks might use computer clusters to decipher your data. Even then, some symmetric algorithms might thwart these attacks.

about encryption asymmetric

Asymmetric (public key) algorithms split the key into two pieces: a public one (usually stored in the server) and a private one (usually stored in your computer by software). Asymmetric algorithms get their strength from this particular technique, since a hacker will not be able to read the contents of your data even if he gets his hands on the public key (it’s only half the key). Some services (like SmartSignin‘s single sign-on) actually allow you to create your own key and keep it, so that even their own employees cannot access your data. Others simply manage keys in an automated and streamlined manner, which presents a few disadvantages, albeit not as many as symmetric algorithms do.

What You Need to Know.

No algorithm is created equally. All of them have some flaw or another that will be discovered in the future, so it’s difficult to know what services you should rely on. Your safest bet is to use your Google-fu to get to the bottom of each algorithm. If you find that some service is using an algorithm that you’re not familiar with, just search for “x algorithm broken.” If you find an actual proof-of-concept (like this one with the MD5 algorithm used in tons of forums) or several news stories saying that it’s no longer safe, then you should steer away from ever creating an account on the site.

Want to Know More?

There’s always something to talk about when it comes to cryptography. It’s an overwhelmingly enormous subject filled with misinformation in many directions. If you have a question about cryptography, leave a comment below!

3 comments

  1. Very informative good to know for those of us who are not so computer savvy but need to use the computer thanks for the info

  2. no algorithm is safe, all of them can be “hacked” – it is just a matter of time and resource at the hacker’s end

  3. The nation’s current events have more & more folks interested in this topic; the ongoing public discussion over @ IETF.org (one simply needs to join the free mailing list to follow what the experts’ thoughts are on the subject) about trying to get more of us to use crypto (and specifically the discussion on the merits of GPG/PGP vs. S/MIME) may be of interest, as also may be the recently-issued statement from ISOC (IETF’s institutional home): “Internet Society Responds to Reports of the U.S. Government’s Circumvention of Encryption Technology”, or the Electronic Frontier Foundation’s recent “…major victory in one of…” (their) “…Freedom of Information Act lawsuits…” (resulting in) “…the Justice Department…” (conceding) “…that it will release hundreds of pages of documents, including FISA {Foreign Intelligence Surveillance Court} court opinions, related to the government’s secret interpretation of Section 215 of the Patriot Act. The NSA has relied upon this law for years to mass collect the phone records of millions of innocent Americans.” There’s also the brief EFF has filed on behalf of Rep. Jim Sensenbrenner (R-WI), the author of the original USA PATRIOT Act, in a case brought by the American Civil Liberties Union against the NSA, that argues “…Congress never intended this law to permit the NSA’s collection of the records of every telephone call made to, from and within the United States.” – an assertion that surely even the most casual of observers might well agree with, whether having actually read the provisions of Public Law 107-56 (the Patriot Act of 2001), or not. In today’s world – especially given Google’s admission that none of their GMail users has any legitimate expectation of privacy in information he/she voluntarily turns over to third parties – all forms of electronic communication are basically the same, since they’re all handled by the same basic mechanisms (i.e, computers and the ever-expanding databases that support them); what is a concern with one form surely applies to any other. There’s a lot going on since the NSA story broke, and it would appear that more and more folks are taking a new stance in this regard (IMHO, far better than the lacksadaiscal, “head-in-the-sand” approach so many of us have embraced heretofore)…

Comments are closed.