Protecting Your Data and How Different Types of Encryption Are Used
You’ve probably seen the term “encryption” or its variants thrown around. Encryption is an important security feature that can protect your computer data from being read by unscrupulous eyes.
Encryption reorganizes the data of a computer file to make it unreadable, so it serves as one of the most effective ways to protect your data. It basically turns data into a secret code, and you can only unlock the code if you have a secret key or password.
How does encryption work? Why should you use it? And how can you encrypt data on your own computer? Let’s delve into an overview of computer encryption.
What is encryption?
Think back to your middle school days. Did you ever pass notes in class? Maybe you were trying to ask out your secret crush. When the teacher has her back turned, you scribble a short note - Want to get ice cream after school? - and pass it down the row of desks.
Unfortunately, the class clown gets a little nosy. Rather than pass your note along, he decides to read it aloud for the class. Now everyone in homeroom knows you’ve got a big crush. The students all laugh and tease you, and your teacher scolds you for passing notes. The end result? You go home and tell your mom you need to change schools.
That embarrassing scene wouldn’t have happened if you had encrypted the contents of the note. For example, you could have shifted each letter of the alphabet by one, so the note would have spelled: Xbou up hfu jdf dsfbn bgufs tdippm? The class clown wouldn’t be able to make sense of that and would pass the note along. Once your crush receives it, you’d send a second note to your crush that reveals the cipher: shift by one letter.
This is the basic methodology of encryption. Encryption is when data is scrambled into gibberish so it can’t be read by unintended viewers. Only the recipient of the data is given the key for how to unscramble it [1].
Encryption has been used for thousands of years to conceal the contents of information that’s passed from one person to the next. The concept has been around for as long as humans have sought privacy [2].
Why is encryption important?
You send a lot of things over the internet. You send emails, for example, which may contain personal information, photos, or documents. You’re sending data even when you don’t know you’re sending data. For instance, when you log into your account on Facebook or YouTube, your computer is sending your password information across the internet to the website server. There are a million things for people to steal, and a million ways you can have your privacy violated.
Encryption is one of the best ways to protect all your data from getting stolen as it travels across the web. But encryption can also protect data that’s stored on your computer. If your laptop gets stolen, the thief will find it difficult, if not impossible, to open files that you’ve encrypted.
Types of encryption
Your computer data is encrypted in a similar way to how we encrypted our middle school note. But computers are obviously capable of much more advanced algorithms than shift by one. Let’s discuss how exactly digital encryption works.
There are two main types of encryption: symmetric encryption and public key encryption.
1. Symmetric encryption
Symmetric encryption came about in the 1970s. It works in the exact same way as our shift by one note.
Let’s say that you want to email a private document to one of your friends:
- You encrypt the document
- Your encryption key is shift by one
- Your friend receives the document
- Your friend receives the key
- Your friend uses the key to decrypt the document
That’s why it’s called “symmetric” encryption - each computer needs the shared key to encrypt/decrypt data [3].
Symmetric algorithms
Computer algorithms are far more complicated than shift by one. The original symmetric algorithm, known as the Data Encryption Standard (DES), uses a 56-bit key. A computer bit has a value of either 0 or 1. A 56-bit key means that there are 56 total digits and each digit is either 0 or 1. So, a 56-bit key has over 70,000,000,000,000,000 (70 quadrillion) possible key combinations [1].
That’s quite a bit more advanced than shift by one, right? But, believe it or not, modern computers can decipher that key with relative ease. Hackers locate encrypted files that are passing through the internet and launch “brute force attacks” against them. In a brute force attack, a hacker will launch a program that will attempt to decrypt the file using every possible key combination. Computers operate at lightning speeds, and it doesn’t take long for an advanced program to cycle through 70 quadrillion combinations.
The Data Encryption Standard was replaced by the Advanced Encryption Standard (AES). AES has been adopted by the U.S. government. It uses 128-bit, 192-bit, or 256-bit keys.
A 128-bit key can have more than 300,000,000,000,000,000,000,000,000,000,000,000,000 possible key combinations [1]. Not even a modern computer can cycle through that many combinations. It’s believed that AES encryptions will be unhackable for many years to come.
The problem with symmetric encryption
Symmetric encryption has a major flaw, though. If you’re sending an encrypted file to someone, you also need to give them the key so they can decrypt it. Transferring a key from one person to another puts the key at risk of being intercepted. All a hacker needs to do to decrypt a file is obtain the key.
It’s difficult to safely transfer a key over the internet. It’s much safer to transfer a key in person (for instance, you walk over to the person’s house and give them a flash drive that has the key on it). Symmetric encryption is useful for the U.S. government because key exchanges can be facilitated within single buildings and closed networks. But it’s inconvenient for the average Joe who’s trying to send an encrypted file over the internet.
2. Public key encryption (asymmetric encryption)
Public key encryption (also known as “asymmetric encryption”) eliminates the problem of having to share the key [4].
Prime numbers
To understand public key encryption, you might need a quick refresh on prime numbers. A prime number is a whole number greater than 1 whose only factors are 1 and itself.
Here’s a brief example, if you need it:
- 2: 1 x 2 = 2 (Prime Number)
- 4: 1 x 4 = 4 or 2 x 2 = 4 (Not a Prime Number)
- 41: 1 x 41 = 41 (Prime Number)
- 76: 1 x 76 = 76 or 2 x 38 = 76 (Not a Prime Number)
The public key algorithm only uses prime numbers. Why? Prime numbers are easy to multiply. But, given the product, it’s very difficult to determine which two numbers multiplied to get it.
For example, let’s say that I give you two prime numbers: 13 and 17. You multiply those together and get 221. Easy, right?
But if I gave you the number 221, it would be much harder for you to determine that its two factors are 13 and 17. There’s no calculation to find the prime factors of a number. Mathematicians have been trying to discover the equation for decades, but with no success.
It’s not that difficult to find the prime factors of 221; that was just an example. But what if you factored two prime numbers that were absolutely massive: 9,990,454,951 and 9,990,454,949? The product would be 9.80919 x e19.
And, if I gave you the number 9.80919 x e19, how would you possibly know that its prime factors are 9,990,454,951 and 9,990,454,949?
There are some numbers that are so massive - even larger than the one above - that all the computers in the world working together would not have enough computing power to determine its prime factors. Modern computers just aren’t able to cycle through so many combinations of possible numbers.
Okay, now that we’ve brushed up on prime numbers, we can talk about how public key encryption works.
How public key encryption works
While symmetric encryption uses one shared key, public key encryption uses two different keys: a private key and a public key [5].
- Private key: composed of two extremely large prime numbers
- Public key: made from the product of those prime numbers
Let’s say that you want to email an encrypted document to your friend.
- Your friend emails you his or her public key
- You encrypt the document using your friend’s public key
- You email the encrypted document to your friend
- Your friend decrypts the document with his or her private key
It doesn’t matter if anyone online intercepts the public key. Remember, a hacker would need the two prime factors to decrypt the encrypted data. The public key has the product of those two factors. But the number is so massive that it’s nearly impossible to deduce what the two prime factors are.
The hacker needs the private key to decrypt the data. But the private key doesn’t need to be sent over the internet. The private key is kept safe on the user’s computer. Only the public key is exchanged on the internet, and again, it’s very difficult to decrypt the public key.
That’s the genius of public key encryption.
Encryption algorithms
We’ve already discussed Data Encryption Standard (DES) and Advanced Encryption Standard (AES). Let’s review a couple of the other commonly used encryption algorithms.
3DES encryption (Triple DES)
Triple DES (commonly known as 3DES) is an improvement over the original DES algorithm. Basically, it performs the DES algorithm three consecutive times during encryption and decryption. This makes it far more successful against brute force attacks than the original DES. However, it’s still much slower than AES [6].
RSA encryption
RSA was the first encryption algorithm based on public key cryptography. It’s still frequently used in public key protocols [4].
Encryption protocols
An encryption protocol is a security system that uses one or more of the encryption algorithms to secure your data. You can use encryption protocols at home to protect the data that you send online.
1. Transport Layer Security (TLS)
Transport Layer Security (formerly known as Secure Sockets Layer) is an encryption protocol that’s commonly used to secure data on the web. TLS is widely used in:
- Web browsing
- Instant messaging
Hypertext Transfer Protocol Secure (HTTPS) uses TLS. When you’re browsing the web, the URL will be fronted by either HTTP or HTTPS. Websites using HTTPS are generally safer, because the data being exchanged between your computer and the website server is being encrypted. Look at your address bar. You can see that you have an encrypted connection to the HP Store website via HTTPS [7].
2. VPN protocols
You can encrypt the data that you send across the web, but you can’t conceal who you’re communicating with. Anyone online can see which websites and which IP addresses your computer exchanges data with. If you don’t want anyone to see what you’re browsing, you can protect your internet privacy by using a virtual private network (VPN). A VPN masks your communication channels online.
Most virtual private networks use two protocols in tandem: Layer Two Tunneling Protocol (L2TP) and IPsec. These protocols work to encrypt and authenticate data on a VPN.
Read our Tech Takes® blog to learn more about how virtual private networks work.
3. Pretty Good Privacy (PGP)
Pretty Good Privacy (PGP) was developed by Phil Zimmerman in 1991. Zimmerman distributed his protocol online for free. You can use the commercial version, or you can browse the many OpenPGP applications available online. PGP programs can encrypt data for you.
4. Encrypt data on Windows 10
If you’re a Windows 10 user, you can encrypt individual files and folders using the built-in Encrypting File System (EFS). You can only use EFS on a computer that’s running Windows 10 Pro, Enterprise, or Education [8]. Most of our HP business laptops are equipped with Windows 10 Pro.
To use EFS:
- Right click on a file and folder you want to encrypt
- Click the “Properties” button
- Click the “Advanced” button
- Check the encryption box
You’ll be prompted to provide a password for the file, and that password will be your key. You’ll need it to open the file in the future, so make sure you write down the password and keep it somewhere safe.
The future of encryption
New encryption techniques are always being developed. Furthermore, cybersecurity experts (both professionals and amateurs) frequently test encryption protocols for weaknesses. There’s a collective effort by the cybersecurity community to develop faster and stronger encryption methods.
The biggest changes in encryption may someday come from the quantum computing realm. In theory, quantum computers can harness a far greater amount of computing power than current computers are capable of. They might be powerful enough to decipher public key encryptions.
Don’t panic, though. While quantum computers might be able to decipher all modern encryptions, they might also be capable of creating encryptions that are larger and more secure than what’s currently possible.
[1] HowStuffWorks.com; How Encryption Works
[2] Study.com; The History of Encryption
[3] Tatanka.com; How Encryption and Digital Signatures Work
[4] Gigantux; Types of Encryption
[6] ComputerHope.com; 3DES
[7] Symantec.com; What is SSL, TLS and HTTPS?
[8] WindowsCentral.com; How to use EFS encryption to encrypt individual files and folders on Windows 10
