We live in an age where information is worth its bits in gold. Every day, millions of valuable information like credit card numbers, bank account passwords, and even private information about ourselves are passed through the internet. And cloud software that runs on SaaS like construction management software, construction management software with punch list, Google apps among the hundreds of them, have sensitive data that are exchanged back and forth. With all the information that can potentially be hijacked by an unscrupulous hacker, most of the people seem to be ok with conducting their business online. And when asked why, people would usually say, well, it’s encrypted, that’s why it’s safe. But, what is encryption? And how does it keep data safe? Let’s find out.
If you’re a fan of spy movies, there will always be a scene where a spy would send a secret message to someone, that if in the wrong hands will just be gibberish, but to the person that has the cipher (or code breaker) the real message will be revealed. In fact, the Germans used this very concept to send messages to and from their Navy using what they call an Enigma machine. The Germans changed the settings on the machine every day, but it wasn’t long before the Allied forces managed to crack the code with the help of Polish cryptographers. In essence, this is what encryption is- jumbling the letters so that real message can only be read by someone who has the encryption code.
Of course, nowadays, modern-day encryption methods are so much more complicated than the ones that were used during WWII. The computers reshuffle the messages that require a lot of computing power to interpret. Ciphers are now known today as algorithms which serve as a guide for encryption. Decryption is key is needed to interpret the message.
Let’s go thru very quickly through the four most secure encryption algorithms that are being used today.
- AES. AES (Advanced Encryption Standard) is symmetric encryption that is considered to be the most secure of all the encryption algorithms that even the United States Government uses it to protect its classified information. The AES is a block cipher (which means it encrypts data in blocks) that uses three keys: 128-bit for most of the encryption and 192- bit, and 156-bit for the heavy duty ones. It utilizes a 128-bit block size and it encrypts the blocks in rounds.
- Triple Des. Triple DES was primarily designed to replace the original DES. This kind of encryption uses three single keys in 56 bits each. DES encrypts the 56-bit keys three times making it a 168-bit key. But since it encodes data in shorter block lengths, it’s easier to hack and is slower because it encodes the data three times.
- RSA. RSA is an algorithm that’s been named after its creators – Ron Rivest, Adi Shamir, and Len Adelman. RSA is public-key encryption and is the algorithm used to encrypt data that’s sent over the internet. RSA uses an asymmetric algorithm because it uses a public key to encrypt the message and a private key to decrypt it.
- Twofish.Twofish is a brainchild of Bruce Schneier who is also the inventor of its previous incarnation-Blowfish. Twofish is unpatented and open source encryption that uses the symmetric cipher in 128-bit, 192-bit, and 156-bit keys. Twofish encrypts data in sets of 128 bits in rounds of 16, no matter how big the key size.
Let’s Talk About HTTPS and SSL, What’s The Difference?
When you are on your bank’s page, or when you are shopping online, and you are on the payment page, you might have noticed that instead of the standard HTTP:// (website name), it would be httpS:// ( often with a padlock icon before it), the added S at the end of the Hyper Text Transfer Protocol (HTTP) means Secure.
An HTTPS page uses either SSL ( Secure Sockets Layer) or TLS ( Transport Layer Security). Both of these uses a protocol that is called ‘asymmetric’ Public Key Infrastructure System (PKI). This kind of system utilizes two ‘keys’ to encrypt data. These keys are called a ‘public key’ and a ‘private key’. Any data that has been encrypted with the public key (which is distributed to everybody) can only be decrypted by a private key (which in the case of a website remains permanently hidden and secure inside the web server)
Okay, so, when you are on secure site running an HTTPS connection, the website will send its SSL certificate to your browser. The public key that’s needed to start the secure connection is contained in this SSL. Your browser and the website will then start what is known as the ‘SSL handshake’ This ‘handshake’ will include the initiation of shared secrets needed to create a one of a kind secure connection between you and the website. When everything goes well, you will see a padlock icon in the browser’s address bar.
Is Our Data Safe Online?
Unfortunately, there is no simple yes or no answer to this question, but yes, most of the time, data is safe online. But, of course, always be vigilant when giving out your sensitive data online. At the very least make sure to use a secure internet connection when you want to access your bank, pay your bills or put any sensitive information online. Just being conscious of small things can go a long way in protecting your data online.