Encryption plays an important role in technology. It is utilized by many protocols and programs that are available today. To put it simply, encryption is just very sophisticated math. The strength of encryption has improved vastly compared to the past. Presently, the algorithms that are used are very well designed and incredibly efficient. Encryption is useful for securing data as well as keeping anonymity and upholding privacy. In addition to the benefits and features encryption provides, there are also some drawbacks, performance issues, and security risks that come into play.
In today's world filled with technology and communications, there is a high demand for security and privacy. Encryption can be a great solution to fulfilling these requirements granted it is used correctly for the situation at hand. The main purpose of encryption is to take some variation of data that can be read or manipulated and obfuscate it so that it cannot be altered or stolen. The data at its unencrypted state is referred to as plaintext whereas the data in its encrypted form is referred to as ciphertext. In order to encrypt and decrypt data, the use of keys is necessary. Keys are basically a set of random numbers of a specified length that aid in locking and unlocking data. The keys are applied to the plaintext following a certain set of mathematical instructions. This is referred to as the encryption algorithm. In addition to protecting data on computer systems encryption is also commonly used to protect information and data in transit. A few cases where data is transmitted are networks (like the Internet), cell phones, and Bluetooth devices.
One of the most important aspects of encryption along with using a strong algorithm is using a key that is effectively long enough to make a brute force approach practically impossible. The key space of a key is the number of combinations allowed by the number of bits in that particular key to the power of two. For example, a key that is 4 bits in length would have a key space of 2^4. Each bit that is added to the key doubles the key space so you can see that it is important to use a long key. The larger a key is the longer it will take for a brute force approach to eventually obtain that key. Any cryptographic algorithm can be brute forced so the goal is not to figure out how to prevent brute force attacks but rather to make the attack take an unrealistic amount of time to execute. Theoretically, it would take more than 149 trillion years to brute force a 128-bit encryption key if your computer was processing about 72 quadrillion computations per second. A common misconception is to base an algorithm's strength solely on the key's length as there are other methods of encryption that use very long keys but may have known structural weaknesses in their algorithms or protocols used.
There are two types of encryption; symmetric and asymmetric. Symmetric encryption uses the same key to encrypt and decrypt data where asymmetric encryption uses two keys to encrypt and decrypt data. Asymmetric encryption is commonly referred to as public key encryption where the two keys used are called the public key and the private key. The private key is to be kept by an individual person and not be shared with anyone else. The public key is put somewhere publicly accessible to be used in conjunction with the private key. Optionally, you can specify a passphrase when using asymmetric encryption which helps to further secure your keys from unauthorized use. Using a passphrase will prompt for a password every time you or somebody else uses the key. The password is chosen by the owner of the key pair and is integrated at the time of creating the keys.
In basic terms, a protocol is a set of rules that determine how data is transmitted and what format it should be in. There are numerous protocols in use that are cryptographically secure, meaning the data is sent over the protocol at an encrypted state to prevent eavesdropping. A few examples of cryptographic protocols are secure shell (SSH), transport layer security (TLS), secure sockets layer (SSL), and secure file transfer protocol (SFTP). The advantage of using protocols that are cryptographically secure versus protocols that do not secure data is that any data in transit cannot be manipulated or deciphered by any one person. Even if the data was obtained through various other man-in-the-middle attacks such as packet sniffing or address resolution protocol poisoning, the attacker that obtained the data would need to go to great lengths to decrypt the encrypted data that he or she received. On the other hand, if a protocol employing no kind of encryption whatsoever was being used and someone was able to obtain the data in transit, it could be stolen for other uses, manipulated to receive more sensitive data, or even used for more serious attacks. A few examples of unencrypted protocols are hypertext transfer protocol (HTTP), file transfer protocol (FTP), telnet, and simple mail transfer protocol (SMTP).
In addition to protocols that use encryption, countless pieces of software and products use encryption as part of their operation. Software such as TrueCrypt, Skype, and OpenVPN use encryption but each piece of software implements it in a different way. TrueCrypt is used for encrypting entire file systems and securing data stored on physical media such as hard drives and flash drives. Skype is a popular application used for communication but uses encryption to secure the data stream between the subjects using the software. OpenVPN is a free and an open source piece of software that provides virtual private network (VPN) technologies. It can use many different kinds of encryption available today through the use of the OpenSSL library.
Encryption is an excellent option to secure data and prevent privacy and identity issues but there are also a few pitfalls that are introduced when encryption comes into play. For one, if you're using asymmetric encryption (also known as public key encryption) you run the risk of someone obtaining your private key. An important factor in asymmetric encryption is keeping your own private key safe. This can be accomplished in many ways such as setting permissions on the key, hiding the key from plain view, and even setting a passphrase for the key so that nobody can use the key freely if they are able to obtain it. Secondly, if you lose your private key or happen to accidentally delete it, you'll need to generate a new public and private key to be used. The only problem is that you might not be able to decrypt the data in question because it is encrypted using the previous pair of keys. The solution is not as simple as plugging in a new key pair and getting your data back. Finally, if you're using asymmetric encryption to login to remote servers or to create a virtual private network, you may lock yourself out of that service if you lose your key. A common practice to avoid these problems is to keep a physical backup of the keys and store them in a safe place. It may even be a good idea to enclose the keys in an encrypted archive format.