Encryption...keeping your information safe everyday

What exactly is encryption?

A simple definition of encryption is simply a security system for the electronic world, usually the Internet. It is essentially the process of transforming information, mathematically, into information that can't be read by those who don't have the right key to "unlock" it. Nowadays with the internet becoming a standard among all businesses, the informations shared among them is increasingly important. Encryption is a necessity to ensure safe communications.

Encryption: The Basics

While you may not realize it, if you use the Internet, you deal with encryption everyday. Every password you input to access information (ie. email, shopping sites, news sites) probably uses encryption. Encrypting your information scrambles it so that if someone were to intercept your information, he or she would be unable to read it. This becomes especially important when data passes through shared systems or networks where multiple people may have access to the information. If the data is not encrypted, people will have access to sensitive information and also have the ability to possibly modify the information.

The Encryption Process

When data is encrypted, a computational process uses a key to convert what to us looks like plain text into cipher text with numbers and strings of characters. This newly encrypted text is now only viewable if the viewer has the correct corresponding key. If they have this key, then the cipher text is decrypted back into readable plain text. The strength of an encryption system depends not only on the strength of the algorithm that governs it, but also on how carefully the keys used to encode and decode the information are developed and cared for The more bits, or pieces, a key has, the harder it is to break it. Thus 128-bit encryption is better and more complex than 64-bit encryption.

"Keys" to the Information

Keys used in encryption fall into either Public or Private keys. With Private keys, the person that sends and the person that receives the information that is encrypted uses the same key to decrypt the information. Only the people that create and the people that receive the information know this key and thus are the only ones who can read and make changes to it. Public keys are more widely used and are composed of two parts that make up the key, a private and a public part. These two parts are mathematically related and depend on one another. The information that is encrypted with one key part can only be decrypted using the other exclusive key part.

This can get a little confusing so let me explain the two part key in a little more detail. Public keys are mostly used for transmitting data between web browsers and web servers for services that require personal authentication as well as secured email. For personal authentication, the server will send you some information and then your browser will use your private part of the key to encrypt that data. The server has the other public part of your key and if it successfully decrypts the data they sent you in the first place, you are successfully authenticated. In email this works a little differently is relatively similar. If you send an encrypted message to someone, You encrypt that message using the recipient's public key part. This will ensure that only the recipient can decrypt it. Once he or she receives the message, they will use their private key part to decrypt it.

Certificates and Digital Signatures

Certificates are digital documents that are digitally signed by trusted third parties, "digital" notaries, and connect your website and your public key. These certificates contain your name (company, user, something unique), length of time that the certificate is valid, your public key, and the purpose of your key (ie. encrypting data). Many websites will use certificates to validate their web server to your browser. Most web browsers come iwht a list of Certificate Authorities they trust and thus a large range of websites you can be safe accessing due to their certificates with these authorities.

Digital signatures are used for sensitive documents and files people share with one another. These documents received need to be from the person you're expecting it from and also can't be tampered with in any way. Digital signatures apply an algorithim to a digital document and come up with a number unique to the bits and pieces in it called a message digest. Using public keys, the recipient will receive the digital document and the digital signature and be able to compare the two. If the document is altered in any way then the message digest will change and thus you know that the document isn't the same as the creator intended.

The 5 Important Facts about Encryption

Encryption is used in most of your internet authentications (online purchases, account information, email)
Encryption uses a mathematical process to turn your information into cipher text that must be decyphered before it can be read again
Encryption uses keys to encrypt and decrypt information
Keys can be either private or public keys (public keys have 2 parts, a public and private part)
Many websites must obtain digital certificates that use public keys and must pass a certain security level in your browser before you can view it on your screen

Back to the Assignments Page

Back to the INLS 80 Home Page