What Is Encryption?
- Short Definition
- Encryption is the process of encoding plaintext (ordinary text) into ciphertext (non-understandable text) by the use of cryptographic algorithms.
- Extended Definition
Data can be kept secure with encryption, which encodes information into a secret code. This is done by transforming the data into an unrecognizable form, called ciphertext, which can only be deciphered using a specific digital key. It does not matter if data is stored on computer servers in a physical space or in the cloud, this technology ensures data is secured while in transit, at rest, or during processing.
Encryption is the process of encoding plaintext (ordinary text) into cipher text (non-understandable text) by the use of cryptographic algorithms. In order to convert the cipher text back to plaintext, one must possess the correct decryption key or password. This key or password is created by an algorithm and consists of an immense number of cryptographic characters, making it impossible to guess the correct password through attempting every combination available, or what is known as brute force attack. For example, Julius Caesar commonly used a type of substitution cipher known as the Caesar cipher, where one letter would be replaced by another letter a certain number of places away from the original letter.
Types of Encryption
Symmetric encryption, also known as a shared key or private key algorithm, is one of the most common types of encoding algorithms used. With this type of algorithm, a single key is used both for encryption and decryption, and is used by both sending and receiving parties. It is generally considered to be less expensive to produce, and does not take as much computing power to encrypt and decrypt as asymmetric algorithms, meaning that the decoding of data is quicker. The main downside to this algorithm is that if an unauthorized person is able to obtain the key, they will be able to access and decrypt any messages or data sent between the parties. As a result, the key must be transferred using a different cryptographic key, leading to a chain of dependencies.
The other common type of algorithm is asymmetric encryption or public-key cryptography, where two different keys are used to both encrypt and decrypt data. There is a public key which is shared among all the parties for encryption, and anyone with access to this can send encrypted messages. The second key, the private key, is only available to the individual or party receiving the message, and is used to decrypt the message. This form of encryption is often considered more expensive to produce, and can take more computing power to decrypt, as the public encryption keys are usually very long, ranging from 1,024 to 2,048 bits. As a result, it is typically not suitable for sending large packets of data.
Most Popular Encoding Algorithms
Data Encryption Standard (DES): Developed in 1970s, adopted by US in 1977, key size of 56 bits, influencing cryptography advancements.
Triple DES (3DES): Evolution of DES, key size increased, considered insecure, deprecated by NIST in 2023.
Advanced Encryption Standard (AES): Adopted by US in 2001, blocks of 128 bits with 128, 192, or 256-bit keys.
Twofish: Fastest symmetric encryption, used in PGP, key sizes up to 256 bits.
RSA: Asymmetric encryption using prime numbers, public key created by factoring two prime numbers, large key sizes of 2,048 or 4,096 bits.
Elliptic Curve Cryptography (ECC): Asymmetric encoding using elliptic curves, 256-bit provides comparable security to 3,072-bit RSA public key, used for digital signatures and symmetric encryption.
End-to-End Encryption and VPNs
A closer look at the various kinds of encoding reveals why so many users of virtual private networks (VPNs) are drawn to and benefit from strong end-to-end encryption, even if some might not prioritize it.
End-to-end encryption is an essential component for developing a secure connection that prevents third-party users from reading data. It restricts the visibility of data being transferred to the recipient. Most VPNs incorporate asymmetric encryption to establish new symmetric encoding keys at the beginning of each session. This type of encryption safeguards the information from any server that sits between you and the VPN, like your Internet Service Provider or a possible hacker controlling an illegal hotspot. Unfortunately, the data transmitted between the VPN server and the web page being visited is not encrypted, except if the site operates HTTPS.
For more definitions, check out our dedicated Definitions list.