What Is Encryption And How Does Encryption Work
Data encryption involves turning text or other data into an unreadable code so that only a person with access to a secret key can decrypt and read it. It’s one of the best and most popular ways to guarantee data security today. In fact, many of the sites, apps, and devices you use every day probably use encryption in one way or another, without you even noticing it.
What is Encryption?
So, what is encryption? The term “encryption” derives from the Greek word “kryptos”, which means secret or hidden. When it comes to computing, that involves translating text or other data from a format that can be read into an encoded one so that it can only be interpreted by someone who has the “key” to decrypt it.
Encryption is used wherever people need to protect sensitive data or are concerned about privacy and anonymity online. It’s a crucial element of data security, particularly when you need to transfer data across a network, confident that it’s protected for the entire length of its journey.
On the internet, information transferred between servers and browsers is often encrypted, too. That includes sensitive personal and financial information such as card details and passwords. It’s also possible to encrypt entire devices, servers, and computers, as we’ll explain later in this guide.
What is Data Encryption – A Brief History of Encryption
The earliest known use of encryption was in Ancient Egypt over 4000 years ago, when a scribe used a different set of hieroglyphics in an inscription to conceal its true meaning.
Over the centuries, as more and more parts of the world adopted written forms of communication, people from many different cultures developed ways to convert their messages into secret codes to protect them from prying eyes until they reached their final destination.
Typically, this was done in one of two ways: through transposition, where letters or words are put into a different order, or substitution, where a different symbol, character, number, etc., was put in place of an individual letter to hide its meaning.
For example, the Romans made use of a monoalphabetic cipher called the Caesar Shift Cipher, where you agree on a number and then shift all the letters in the sentence along the alphabet by that number. If the agreed number was 5, “We strike at dawn” would become “BJ XYWNJ FY IFBS”. As long as you knew the number – the code – you’d be able to work backwards and decipher the message.
These are pretty easy to crack, though, and by the Middle Ages people had come up with more complicated alternatives, starting with polyalphabetic substitution, which uses several different substitution alphabets in a single message. This helps to thwart “frequency analysis” – i.e. when you figure out the pattern based on how often certain letters come up and attach these commonly occurring letters like vowels, s and t.
By the 20th century, these systems had become extremely complicated. Have you heard of the Enigma Code? This was an extraordinarily sophisticated polyalphabetic substitution cipher created by the Germans during WW2, using an electromechanical rotor cipher machine. It was eventually cracked by a team of maths geniuses led by Alan Turing, but it took the UK’s top brains nearly six months to do it.
Until just a few decades ago, encryption systems always used a “symmetric key” to encrypt and decrypt a message, meaning that both the author and the recipient had to have access the same key to make sense of it. This is a problem, though: how do you get the key to the other person securely, without this being intercepted, too?
Whitfield Diffie and Martin Hellman were the first to figure out a solution in 1976 when they revealed a “dual-key” or “public key” approach to securely distributing keys. This led on to asymmetric algorithms and modern-day, public-key cryptography. We won’t go deep into technical details of how that works here, but I’ll explain how public keys function later in this guide.
Who Uses Encryption?
Until Diffie and Hellman’s breakthrough, only governments and very powerful corporations had access to encryption technology. The Diffie-Hellman key exchange and RSA algorithms coincided with the advent of personal computers, though, and today encryption is used by everyone, to protect data as it moves between servers and browsers, to secure data on personal devices, and to keep out private eyes through financial, messaging and other common types of app.
Apart from phones, tablets, computers and flash drives, many other connected devices deploy encryption as standard, whether they connect to the internet or to other networks that could potentially be hacked.
SIM Cards, modems, and set-top boxes are typically encrypted, often with protocols like SSH, SSL or S/MIME. The Payment Card Industry Data Security Standard (PCI DSS) demands that merchants encrypt data from customer cards during storage and transmission. ATMs encrypt data, too.
Even small devices like car fobs need to be encrypted so that hackers can’t intercept the information sent by the fob and picked up by the car, in order to take control for themselves.
Why Would You Need Encryption?
Without encryption, it’s pretty easy for other people can see what you’re up to. Unauthorized third parties and malicious actors can disrupt or steal your sensitive data. Governments or anyone interested in spying on or blackmailing you can read your private communication.
Encryption and the Internet of Things (IoT)
As the world shifts towards more and more connected “smart” products, more of our personal data is flying around than ever. Worldwide, technology spend on IoT-enabled devices is growing at an astonishing rate, expected to hit $1.2 trillion by 2023.
While this brings many exciting benefits, it also means that everything from our lighting systems to our toasters represent potential weak spots where hackers could get into the network to steal data.
We entrust sensitive information to all kinds of apps, websites, and devices. Malware that enters a network through one channel can quickly spread to the systems that run every other part of our lives. It’s a growing problem: malware targeted at the IoT tripled in the first half of 2018.
This makes robust, effective encryption crucial – for everyone.
How Does Encryption Work?
Today’s encryption algorithms often go beyond simply concealing a message from prying eyes. They also ensure that the origin of a message can be authenticated, that it has maintained its integrity by not being interfered with in any way, and that the sender of the message can’t deny sending it.
These are just some of the reasons that public key-based algorithms are used to underpin blockchain technology, for example – creating a secure public record of transactions that can’t be hacked or altered, while protecting the anonymity of those that make the transactions in the first place.
Let’s take a closer look at some of the most popular types of encryption work today.
Plaintext, or unencrypted data, is encrypted using an encryption algorithm based on a particular key, which creates a ciphertext. This can only be decrypted using the correct key.
Remember the Roman system above, where knowing the number key told you how many letters to move along in the alphabet? That involved one calculation – or, in modern encryption terminology, one “bit”. The more bits, the more complex calculations are involved in encrypting the data. This string of bits is collectively called the key.
The more bits involved in the key, the harder it will be to decode. Today, most algorithms use a method called “block cipher” which combines randomly generated algorithms with symmetric keys to encrypt each fixed block. Essentially, the algorithm breaks down the plaintext or data into smaller blocks and then applies the calculation block by block.
Each of these are typically 64, 128 or 256 bits long, so you can imagine how much times more secure they are than the Ancient Roman equivalent!
Encryption Key Algorithms
There are two types of commonly used encryption algorithms: symmetric and asymmetric.
This type of encryption uses a single key, sometimes called a “secret key” or “shared secret”. Like traditional encryption methods, in order to decode the ciphertext, both parties need to have the key – the text can’t be decrypted without it.
The Advanced Encryption Standard (AES) which we’ll come back to in a moment, is the most popular (and extremely effective) example of a symmetric-key cipher.
The trouble with this system is that you need to have shared the key with the recipient before they can open it. That means you need to have had a face-to-face meeting or communicated through secure channels, which isn’t always possible.
This is where asymmetric key algorithms come in.
While symmetric-key ciphers are the most efficient way to encrypt data and create keys at scale, you still need a way to share your secret key with the recipient so that they can decode the message.
For that, you need asymmetric cryptography, or “public keys”.
Here, you have two different keys, a public one and a private one, that are mathematically linked. You can share the public key with whoever you like so long as you keep the private one – well, private. The person with the public key can access a limited amount of the data.
The great thing about this is that you don’t have to worry about all your data becoming compromised if someone was to get hold of the key “pair”. A cybercriminal that discovered the other half of the key pair would be able to view just that slice of information you were sharing at that moment. They wouldn’t be able to get into all the encrypted data you had sent. This adds another layer of security.
There are some downsides, though. Processing these algorithms is complex and slower as a result, and you need to go through authentication with the public key every time you send a message. Plus, if you use the private key you’ll never be able to decode the ciphertext. Even so, it’s an extremely effective approach to encryption.
The most popular type of asymmetric encryption algorithm is the one created by the RSA that we talked about above.
Elliptical Curve Cryptography (ECC)
To avoid being decoded, public key cryptography relies on creating huge prime numbers that are very difficult to factor. A clever alternative is ECC, which uses elliptic curve equations to create keys that are much shorter but equally secure. This means they also take up a lot less space, making them a popular choice for IoT-enabled devices that have very little internal memory or storage.
End-to-End Encryption (E2EE)
This is used to secure data during rest and transit, all along the chain, so that any messages being sent between two parties can’t be viewed or interfered with by outside parties. WhatsApp and Signal both famously use E2EE and you can also secure your Facebook messages this way by setting up “Secret Conversations”.
The great thing about E2EE is that, unlike other types of encryption that have one key encrypted and the other key open, your message is encrypted from the moment it begins its journey. Only the person who sends and the person who receives can read it – not even your communication app or email provider can get into it, because it’s encrypted on their server before it ever begins its journey.
Cryptographic Hash Functions
This is a kind of one-sided encryption: it’s not easy to decrypt the ciphertext to discover the original meaning. It’s used for very specific security functions such as running data integrity checks or creating digital signatures, when the output needs to be encrypted but the recipient doesn’t need to see the source data.
Hash functions work by generating a “digital fingerprint” of a file, message or data block. This is called a hash value, or message digest. The final output is much smaller than the input, they’re fast to compute and designed to ensure that two different inputs could never create the same output.
Advanced Encryption Standard (AES)
This is the top security encryption standard as set and selected by the US government – and it’s near-impossible to break. A symmetric block cipher approach, the AES is today used across the globe for all kinds of data protection and encryption in software and on hardware devices.
There are three types of block ciphers used by AES: AES-128, which encrypts and decrypts data in a block size of 128 bits, AES-192, at 192 bits, and AES-256, at (you guessed it), 256 bits. Each of these blocks of plaintext then creates a block of ciphertext with its own corresponding key.
Secure Sockets Layer (SSL)
You may have noticed an ‘SSL’ badge or lock icon in the corner of your search bar as you browse the internet. At least, I hope you do, because this signifies that your connection is encrypted.
The SSL protocol is a type of encryption that ensures the connection between your browser and the web server is secure. The data you transmit can’t be intercepted.
You can’t see any of this taking place, but the web server is sending your browser a certificate that contains a public key. The browser cross-references this with a Certificate Authority to ensure the website really is the one they claim to be, rather than a fake page designed for phishing.
Using the public key, your browser then encrypts all the data you send back to the web server and the server uses its private key to decrypt it. As such, only the server you are trying to communicate with can decode the ciphertext and read your data – only they have the necessary private key. Your information can’t be hacked.
How Effective is Encryption?
The main way of cracking a cipher is through brute force attacks. That’s when someone tries every key they can until they find the right one.
Of course, if your key is very short or simple it wouldn’t take that long to test out every possible combination of letters and numbers until you get it right. If your key is longer or more complex, on the other hand, brute force attacks are practically impossible. The computing power this requires alone would be beyond just about anyone on earth because you’d have to race through so many enormous combinations in such a short period of time.
The more bits involved in the key, the harder it gets. The internet security company Seagate worked out that, even if all 7 billion people on the planet had 10 computers each and tested a billion key combinations every second, it would take (on average), 77,000,000,000,000,000,000,000,000 years just to crack a cipher encrypted with 128-bit AES. Considering that many companies are moving up to 256-bit AES, the chances of anyone cracking your encryption with brute force are extremely slim.
That said, people make mistakes – and that includes app designers and IT experts. It’s much more common for hackers to break in through side-channel attacks. These don’t try to hack the cipher itself, but rather look for bugs and vulnerabilities in its implementation or surrounding infrastructure.
Two highly disruptive, cache-based, side-channel attacks called Meltdown and Spectre were uncovered in 2017. These had caused widespread chaos and disruption before a flurry of patches were released in 2018.
There’s also the more general issue of legality. A lot of governments simply do not like the idea of people being able to communicate in perfect anonymity – and that includes countries like the US, where the FBI has heavily criticized many technology companies for offering EE2E. In the future, many companies may be coerced into weakening their encryption so that governments or law enforcement can uncover data about citizens more easily.
How Do You Encrypt Your Devices and Data?
Many laptops, phones, tablets and other devices walk you through the process of encrypting your data or offer detailed instructions on how to do it.
Here are a few tips to get you started.
Apple products use the AES standard, making them practically unbreakable if it’s implemented. iOS devices have included data encryption for a long time now and you can opt to switch it on for macOS, too.
Simply open System Preferences > Security & Privacy > FileVault. From there you can enable encryption.
Most new Android products are – at last – encrypted by default, but you’ll need to run Android 6.0 Marshmallow (or later). Just click the Security link in Settings.
Unfortunately, Windows machines lag behind when it comes to encryption. However, if you set up Windows 10 on your PC with a Microsoft Account, you may be able to enable something called “Device Encryption”
Go to Settings > About and check if there’s a Device Encryption tab.
If you don’t have this, and you’re willing to upgrade to Windows 10 Pro, you can enable BitLocker. Alternatively, look at free alternatives such as the open-source software VeraCrypt.
Popular Encrypted Sites and Apps
Many sites and apps now apply encryption as standard, which you can tell by seeing “HTTPS” rather than “HTTP” at the start of the address bar. That includes sites like Amazon, Gmail, and Facebook.
However, if you want to encrypt all your data, not only your connection to the server, here are some purpose-built apps you can use:
Probably the most famous and popular messaging app that offers end-to-end encryption, WhatsApp has irritated many governments around the world that object to impenetrable, anonymous communication methods. Since being bought by Facebook, though, many people are worried that user privacy could be under threat in the future.
Similar to WhatsApp, Wickr is an encrypted text message app that works on Android and iOS devices. The difference is that you can set a “self-destruct” timer for your messages to make sure they get deleted after a certain amount of time.
Telegram is an extremely secure messaging system that makes use of the MTProto protocol, 256-bit symmetric AES encryption, RSA 2048 encryption, and Diffie–Hellman secure key exchange. That’s a lot of protection for even the most paranoid of users. What’s more, you don’t even have to share your number with contacts – you can be discoverable only by display name if you prefer.
Another great option for end-to-end encrypted chatting, Viber also lets you “hide” personal and group chats which can only be opened using a PIN number, just in case someone manages to get into your phone.
With this app, which uses the open source security standard ZRTP, you can make and receive entirely encrypted phone calls, all from your normal number.
Silent Phone also encrypts your phone calls and messages with keys, as well as allowing you to make secure file transfers and conference calls. It’s extremely powerful and available as a subscription service.
A great app based on open-source code that’s designed to prevent man-in-the-middle attacks, where a hacker gets between you and the person or site you’re contacting and diverts the traffic to where they want it. With Simlar, both you and your contact can see a code on the screen to make sure you’re looking at the same thing.
A call encryption app for mobile devices as well as Linux and Windows computers. It’s business-focused and frequently used to secure calls between remote workers on company phone systems.
Another option that’s primarily focused at professionals, Pryvate secures all kinds of communications, including voice calls, conference calls, video chats, instant messenger, emails, online browsing and, unusually, financial transactions. Again, it’s highly secure, using RSA 4096-bit encryption, and you can set up messages to self-destruct and receive alerts if someone screenshots them.
An app that encrypts texts, calls, and files, offers an encrypted storage vault and allows you to send messages that self-destruct. You can even set up a clever feature that lets you create a decoy password should you ever be forced to share yours!
As we’ve seen, simply applying one layer of encryption is rarely enough. Hackers are crafty and people are always looking for weaknesses to exploit. It makes sense to use a multifaceted approach to ensure your security.
Start by securing your devices, but also ensure you have decent antivirus installed, including a firewall. Add a password to your home WiFi network to encrypt data moving through it. Whenever you connect to a public WiFi, make sure you do so through a VPN to protect your security and privacy. You can learn more about that here.
In short, remember that there are always cracks to be exploited, even when using AES-level encryption. When it comes to cybersecurity, it’s far better to be safe than sorry.