Lets review real quick. Passwords, check. Secure passwords, check. Preventing phishing, check. So by now you are secure right? Probably not completely. Here is a real quick question. Are you sending emails? Are you sending those emails via encrypted means? If no, then anyone can read your email. If you did not know, I will tell you now, emails are sent in clear text. That means that anyone who packet sniffs a network that your email is flying across, can read that email. Same is true for most instant messaging applications. Your messages are sent out in the open and anyone with the correct software can read them as if they were the one sending them.
So how do we fix this? Well, the answer is both simple and complicated (as it usually is with security), and the answer is data encryption. There are a lot of kinds of data encryption, some that you use without ever realizing it. For example, when you make a purchase from Amazon.com, when you enter your address and credit card information, you are doing that over an encrypted connection (https). We are going to go over some of the various kinds of encryption today and then next week, we will look at a couple of programs to help you encrypt your important data and communications.
Types of Encryption
The way that “Public Key” encryption works is simple in that there are 2 keys, a public and private key, for a person. They post the public version of their key on the internet somewhere and others can download it and add it to their key ring. If Person “A” encrypts a message with their PRIVATE key, then anyone with the public key can decrypt that message. Now, if Person “B” encrypts a message with Person “A’s” public key, then Person “A” can decrypt it with their private key. This is a very popular form of encryption, made such by PGP (which we will get into next week).
Unlike asymmetric encryption where the key to encrypt is different from the key to decrypt, in symmetric encryption the two keys are tied together in some way. It could be trivial or it could take multiple steps. Symmetric encryption is also known as secret-key, or shared secret. That means that all parties that can decrypt can also encrypt.
Which is Better?
Well, that is a question better left up to the purpose. Each one has a specific use but if I had to pick one, I would go with asymmetric. I like the idea of public/private keys. But this is personal opinion and they both do serve their own purposes just fine. There are systems that utilize both, and these are called “Hybrid” systems.
That is pretty much it for this week’s write up. Next week we will look at various programs that use some of these encryption types. Be sure to check back to learn how to encrypt your data.