Encryption is one of the most essential parts of any security strategy. Data that's stored in readable 'plaintext' format is a tempting target for hackers, whether it’s at rest in a business' data center, or in motion when it’s being transferred from one user or system to another.
Encrypting this data to make it unreadable helps protect companies so that, even if they do fall victim to a breach, their most precious data is not compromised. But there are a large number of standards and technologies used for encryption, and some are more secure than others. So how do firms ensure their information is protected, while at the same time allowing people who do have authorization to read it easily?
When sending data securely - whether this is via email, file transfer or a cloud sharing service - there are two key types of encryption that you need to be aware of, symmetric and asymmetric. There is also a third method of protecting data, known as hashing, which is often talked about alongside these two, though it has some key differences.
The symmetric encryption method uses a single key both to encrypt and decrypt the data. This makes the operation simpler and allows data to be encrypted and decrypted very quickly. However, if this type of encryption is deployed, it is imperative that the key itself is kept secure; if it is compromised, it is easy for a hacker to read the data.
Therefore, symmetric encryption is more useful in narrow circumstances where the sender and the recipient of data can share the key without risk of interception, such as meeting face-to-face. Ensuring keys are changed frequently is also important.
The second major encryption method is asymmetric encryption, also sometimes known as public key encryption. In this case, a different key is used to encrypt and decrypt data. These two keys are commonly known as the public key, which is able to be shared widely, and the private key, which is known only to one individual. While either one can be used to encrypt data, it can then only be decrypted by the other key.
This is considered much more secure than symmetric encryption, as there is no need to share the decryption key. It also makes key management much simpler. With symmetric encryption, a user must generate a new key for every contact to ensure security. However, with asymmetric encryption, there is no need for this, as the public key can be shared and used by anyone to encrypt data without compromising security.
Asymmetric encryption also allows a higher level of verification to ascertain the sender or recipient's identity, avoiding the risk of a hacker spoofing an email address, for example. This is done through a digital signing system, with trusted third parties such as Certificate Authorities providing assurances the owner of a key is who they claim to be.
Hashing involves replacing the contents or summary of a file with a fixed-length value based on a mathematical formula. It's often considered an encryption method, but this isn't entirely accurate, as there are a few important differences. A key feature of hashing is that the data is not intended to be decrypted, so the process should ideally be irreversible. Instead, it is used as a verification method.
The most familiar form of this is password hashing. Any good server won't store its users' passwords in plaintext, where a hacker can easily read them. Instead, it will use a specific formula to hash them. Then, when the user types their password, the same formula is used on the text they enter and compared to the stored hash.
As the process is repeatable, if the same input (the password) was used, the same output (the hash) will be returned. This therefore allows data such as passwords to be verified without ever storing the actual password.
The key types of encryption algorithms
While all encryption protocols fall into one of the above categories, they're not all equal. Some offer much stronger protections than others, while some may offer some compromise on security in order to increase usability. Here are some of the most common:
Developed to replace the original Data Encryption Standard (DES) - one of the first modern encryption tools - Triple DES is a symmetric standard, using three 56-bit encryption keys. It's slowly being phased out in favor of more secure tools, but is still common.
A public key encryption algorithm, this is one of the most commonly-used tools for sending encrypted data over the internet. It's used in key protocols like PGP and is regarded as very tough to break.
Advanced Encryption Standard (AES) is the algorithm trusted by organizations including the US government. A successor to DES, it offers 128-bit keys, as well as even tougher 192 and 256-bit keys for the most secure encryption. It's considered impervious to all but the biggest brute force attacks and is widely seen as a de facto standard for protecting data.