So, What Is Encryption, And Why Is Everyone Offering it Now?
Encryption, as Hollywood movies suggest, is a practice in cryptography by which a piece of data is obfuscated (manipulated) in a mathematically-predictable manner that can make it very difficult to recover its contents. Have you ever written in code, substituting letters? It’s kind of like that, but much more complex. The mathematical equations used to encrypt (and decrypt/decode) things are called cryptographic algorithms.
As to the question of why everyone is now starting to offer it like candy in their services, it’s because hackers are getting smarter and sneakier. They’re compromising databases left and right. To protect you from database intrusions and brute force attacks, they mathematically jumble up all your personal data, making it difficult (if not completely impossible) for an individual or group of individuals to steal your data from that database. Encryption basically protects you from intrusion. If a hacker manages to break into a database and take your passwords, it would be reading something like “8EA2B7CA516745BFEAFC49904B496089” instead of “rubber_ducky.” One more thing: The jumbled-up text at the end of every algorithm (the “result”) is known as a ciphertext. The decrypted equivalent is known as plaintext. These are very important words to remember when discussing cryptography.
How Does a Cryptographic Algorithm Work?
Well, that depends on the type of algorithm:
Symmetric algorithms use a key to encrypt and decrypt data. The key is basically the “x” that will solve for “y” in the mathematical algorithm. The length of the key and some other properties of the algorithm determine its “difficulty.” The more difficult an algorithm is, the more difficult it is to crack it. A difficult algorithm requires immense amounts of computing power to crack, which is usually out of reach from run-of-the-mill hackers. More sophisticated attacks might use computer clusters to decipher your data. Even then, some symmetric algorithms might thwart these attacks.
Asymmetric (public key) algorithms split the key into two pieces: a public one (usually stored in the server) and a private one (usually stored in your computer by software). Asymmetric algorithms get their strength from this particular technique, since a hacker will not be able to read the contents of your data even if he gets his hands on the public key (it’s only half the key). Some services (like SmartSignin‘s single sign-on) actually allow you to create your own key and keep it, so that even their own employees cannot access your data. Others simply manage keys in an automated and streamlined manner, which presents a few disadvantages, albeit not as many as symmetric algorithms do.
What You Need to Know.
No algorithm is created equally. All of them have some flaw or another that will be discovered in the future, so it’s difficult to know what services you should rely on. Your safest bet is to use your Google-fu to get to the bottom of each algorithm. If you find that some service is using an algorithm that you’re not familiar with, just search for “x algorithm broken.” If you find an actual proof-of-concept (like this one with the MD5 algorithm used in tons of forums) or several news stories saying that it’s no longer safe, then you should steer away from ever creating an account on the site.
Want to Know More?
There’s always something to talk about when it comes to cryptography. It’s an overwhelmingly enormous subject filled with misinformation in many directions. If you have a question about cryptography, leave a comment below!