Hackers and whistleblowers have made encryption a common term.
But most people can’t define it, let alone explain the use of encryption software or its underlying concepts.
You don’t necessarily need to know each individual encryption algorithm or how to decrypt ciphertext to take advantage of encryption. But everyone should know the general types of encryption and use cases, at least so you’re aware of potential vulnerabilities.
So what is encryption really?
Encryption is a way to transform data in such a way that only approved parties can decrypt it and then transform it into something comprehensible to humans.
Encryption, as a general concept, is the conversion or masking of information to prevent unauthorized parties from accessing it.
The altered information is referred to as ciphertext, which can be thought of as basically “digital gibberish." The information is unintelligible and essentially impossible to use for anyone without the encryption key.
An encryption key is an indicator or identifier used to turn ciphertext into your desired output. Keys are kind of like passwords, but they’re virtually impossible to decipher without expert computational resources and decryption experience.
Authorized recipients, on the other hand, are in possession of the key. They can easily identify themselves and gain access to the sensitive data, messages or files. Depending on the data you want to encrypt, solutions can become more complex, but the focal point of encryption solutions is securing information.
Information security is more important than ever. Companies are rapidly adopting data security software and identity management software to improve the security of both personal and professional information.
Many industries require encryption for the storage of sensitive information, such as medical records or business transactions. Government regulations like GDPR and the the California Consumer Privacy Act have forced businesses to improve their protection of personal information under penalty of law.
Encryption has become a staple in the technology world as a fortifying tool for accessing privileged information. Web application firewalls, or encrypted database software, will protect both end-user data and the sensitive business information a company wants kept secure.
There are a few different types of encryption algorithms that encrypt information and facilitate the encryption process. Asymmetric, symmetric and hashing formulas are the common methods to enable encryption, with a few variations existing.
While cryptography has existed in human society since the ancient Greeks and Egyptians, modern cryptography emerged during World War II. This implementation of keys was generated using computers.
Symmetric algorithms are used to implement private key encryption. In this situation, the encryption key is typically the same as the decryption key. The two communicating parties are in sole possession of the keys, keeping the secret between them.
These algorithms are common examples of symmetric encryption algorithms and are commonly used today:
AES — Advanced Encryption Standard, or AES, is a specification for encryption designated by the U.S. National Institute of Standards and Technology (NIST) in 2001. AES can be implemented in a variety of ways and is available through a number of partitioning, password management and file encryption tools.
It relies on keys made up of 16-byte plaintext blocks to generate keys of 128, 192 and 256 bits. To put that into perspective, it would take years for even dozens of supercomputers to guess the key.
Triple DES — Triple DES, or 3DES, is a cipher that utilizes Data Encryption Standard. It was the accepted encryption standard until AES became effective.
Despite the replacement of 3DES, some industries continue to use it frequently. For example, OpenSSL, an open-source library and toolkit for internet security protocols, relies on 3DES implementation.
Twofish — Twofish was a finalist to become the Advanced Encryption Standard, falling short to the current standard (referred to as the Rijndael prior to winning).
Asymmetric encryption, or public key encryption, is similar to symmetric methods, but utilizes unique keys to both encrypt and decipher information. It was first detailed nearly 40 years ago in a secret British government document.
These encryption tools emerged after people realized it’s dangerous to utilize duplicate keys and share them online. These provide a private key for the owner to use and keep to themselves.
A user can send information using your public key, but only you can open it using the private key. This is a stark contrast to the symmetric model where the same key is used in both situations.
RSA — RSA is one of the first cryptosystems of this kind. It was classified under British intelligence, but made public in the late 1970s. It’s considered relatively slow, but its strength lies in the inefficiency of calculating large prime numbers.
The system creates and publishes a public key made of two big prime numbers. Only individuals with knowledge of those original prime numbers can decipher the encrypted data.
ElGamal — ElGamal, another example of asymmetric encryption algorithms, emerged in the mid-1980s as an alternative to RSA. Like RSA, it’s slower than most symmetric models, but provides additional security by asymmetrically generating keys previously used for symmetric encryption.
ElGamal is based on the Diffie–Hellman key exchange, which is a method of securely exchanging keys. It was one of the first cryptographic systems that ensured no two parties know both the encryption and decryption keys of their counterpart.
Hashing creates unique signatures to identify parties accessing information and track any changes they make. Technically, hashing is not encryption. But for many practical purposes, the application of hashing can be used for similar purposes.
For the average user, applications with encryption features are more commonly used. These are a few technologies that frequently implement encryption into their base-level feature sets.
Data encryption – Databases, data warehouses and backup servers are the most commonly encrypted types of software you will come across. Stored files are always a target because they can be the easiest to locate.
Data warehouses and backup systems often include enormous amounts of data that would be disastrous to lose. As a result, IT professionals are often quick to secure those files through encryption technology.
File encryption – File encryption software helps to securely encrypt files and folders that are stored locally or within a cloud application. Strong file encryption will prevent hackers from actually accessing or altering sensitive data.
Many free file encryption software solutions exist for personal use but typically won’t scale to suit the needs of a larger business. Encrypted databases, storage clouds and hard drives are often more fitting.
Encrypted messaging – Email encryption and secure messaging apps turn communications into ciphertext, the encrypted form of information, which is far less valuable to hackers.
The receiving party may need an encryption key or verification tool to prove their identity and access communications files. These tools are often used by health care, human resources or government professionals who need to facilitate the secure transfer of sensitive information.
Endpoint encryption – Full-disk encryption and hard drive encryption are two common examples of endpoint encryption solutions. If someone’s laptop is stolen, but their hard drive or hard drives were encrypted, it would be extremely difficult for someone to gain access to locally stored files without an encryption key.
Some endpoint protection and encryption tools also facilitate disk partitioning, which creates separately encrypted components and increased security through multiple layers of cipher text.
These are a handful of common features to look for when considering the adoption of encryption tools – these capabilities are detailed below:
|Email Encryption||Encrypts the content of emails and their attachments.|
|Messaging Encryption||Encrypts messages being sent via text or within an application.|
|File Transfer Encryption||Protects data within or as it leaves your secure or local network.|
|Data Encryption||Provides a level of encryption of data in transit, protecting sensitive data while it lives in the backup application.|
|Document Encryption||Provides a level of encryption for text documents.|
|Full-Disk Encryption||Encrypts an entire device to secure data in case it is lost or stolen.|
|Authentication||Allows administrators to set multi-factor authentication requirements including tokens, keys or text messaging.|
|Policy Enforcement||Abilities to set standards for database security and risk management.|
|Access Management||Allows administrators to set user access privileges to permit approved parties to access sensitive data.|
|Backup||Stores data remotely, on-premise or in cloud databases in case of recovery during disaster.|
|Recovery||Decrypts datasets or files or allows users access to a backup database for reintegration.|
|File Management||Allows administrators to set levels of encryption for file types. Allows administrators to decide which files to encrypt.|
Are you a security professional interested in free security tools? Check out our list of the 6 best free encryption software to consider in 2019.
As an analyst at G2, Aaron’s research is focused on cloud, application, and network security technologies. As the cybersecurity market continues to explode, Aaron maintains the growing market on G2.com, adding 90+ categories of security technology (and emerging technologies that are added regularly). His exposure to both security vendors and data from security buyers provides a unique perspective that fuels G2’s research reports and content, including pieces focused on trends, market analysis, and acquisitions. In his free time, Aaron enjoys film photography, graphic design, and lizards.
Subscribe to keep your fingers on the tech pulse.