In its original form encryption was first used by the ancient Egyptians, Mayans, then the Greeks and Romans in wartime and politics. They used it as a security practice to encode messages that can deceive the enemy. In its modern day application it is basically the method of turning plaintext information into unintelligible format (cipher), using different algorithms. This way, even if unauthorized parties manage to access the encrypted data, all they find is nothing but streams of unintelligent, alphanumerical characters.
What is encryption used for?
Encryption has widely been used to protect data in numerous areas, such as e-commerce, online banking, cloud storage, online communication and so forth.
How does an encrypted message may look like?
A simple example of a cipher can be, for instance, the replacing of the letters in a message with the ones one forward in the alphabet. So if your original message read "Meet you at the cafe tonight" the encrypted message reads as follows: "Nffu zpv bu uif dbgf upojhiu".
What is the encryption algorithm?
The encryption algorithm is the chain of calculations that determine what ways the input plain text will be transformed into the output ciphertext. In the simple example above there was only one calculation carried out, which moved each letter of the message one forward in the alphabet. Of course, advanced encryption software programs can generate extremely complicated algorithms to achieve complex ciphers. Encryption algorithms fall into two basic categories: symmetric, or asymmetric key algorithms. You can find their description further below.
The role of the encryption key (password)
To control the algorithm and the process of encryption/decryption, a key (password) is used. It is basically either a random binary key or a passphrase. It determines the exact pattern the algorithm uses to turn plaintext into ciphertext. To guarantee the secrecy of the key plays crucial role in protecting the privacy of the message because the key may initiate the process of encryption, decryption, or both. If a hacker manages to obtain the key, just by itself, even the most complex algorithm will fail to prevent the encrypted data from being decrypted, because algorithms are publicly known. So if the password is cracked by a hacker, he can use it to decrypt the encrypted confidential data with it. In order to reduce chances of the key getting hacked, it is highly recommended to create one which is a combination of letters, numbers and special characters, so is to frequently change the key. The key also has to have a particular size so that it can be considered safe. Using a virtual keyboard when entering the password is a must to protect it against keylogger malware that might be present on the PC. There are two fundamental ways of secure communication based on encryption algorithms and the significance of the key in both are explained right below.
Symmetric key algorithms and communication based on them
Algorithms in this category use the same key for encrypting plaintext and decrypting ciphertext. The preparation for symmetric key based communication is as follows: The sender and the receiver need to securely exchange a secret key (password) prior to sending messages (for instance, in a private meeting, or via a phone call), and agree that the same key will be used for protecting all messages between them afterwards. Using symmetric key algorithms makes it easy for both parties to maintain secure communication once the secret key got exchanged in the beginning, because, unlike in the case of asymmetric algorithms, parties do not need to verify each time a communication is about to take place that it was indeed them who sent a message using a particular key. Symmetric key algorithms are also faster, consume less computer resources that asymmetric ones do and can handle large amount of data that's why they are used for general encryption. One of the disadvantages of this method is that if unauthorized parties manage to obtain the key from either the sender or the receiver, either during the time when it is being exchanged, or afterwards, they can easily decrypt any message sent between the original parties. Another noteworthy downside is the difficulty of maintaining and managing separate keys for each partner one communicates with. Our encryption suite, east-tec InvisibleSecrets, offers solutions for both problems. Its Secure Password Transfer feature guarantees protected password exchange between two computers and its Password Manager makes it easy to handle multiple passwords safely.
Asymmetric key algorithms and their usage
As opposed to symmetric key algorithms, asymmetric key algorithms use a key-pair (two randomly generated numeric strings) to control the encryption of plaintext and the decryption of ciphertext. The key used for encryption is a public-key, that is, the sender can encrypt a message with a key that was not secretly shared with the receiver in advance, but is available in specific directories for anyone to use. The other key of the pair, the private or secret key, is generated by complex mathematical processes and is linked to its public key pair. In other words, if a message, or file was encrypted with a public key, only its private key pair can decrypt it.
One of the inherent advantages of using asymmetric key algorithms for secure communication is that the sender and receiver do not need to exchange a secret key prior to sending secret messages, this way greatly decreasing the risk of the key getting hacked. This type of communication also allows the use of digital signatures which makes it easy to detect if a message got accessed in transit by unauthorized parties, because a digitally signed message can only be modified if the signature was first invalidated. Downside issues include the necessity of public key authentication each time a message is to be sent; then there is the scenario of private-key loss, when decryption of the encrypted message becomes impossible. Asymmetric algorithms are much slower and resource consuming than symmetric ones so they aren't well suited for general communication purposes that involve computing large amounts of data. However, they offer a great way to protect small amount of data, such as the key (password) which needs to be securely exchanged. Most encryption software programs employ both symmetric and asymmetric algorithms where symmetric ones handle the bulk of the message and asymmetric ones protect the key.
The Advanced Encryption Standard (AES)
The fast progress computing saw in the last two decades made it necessary for governments to set improved encryption standards that are able to provide secure protection against advanced hacking techniques. The present day top-security standard, set by the U.S. National Institute of Standards And Technology, is the Advanced Encryption Standard (AES) based on the Rijndael algorithm. Both east-tec InvisibleSecrets and east-tec SafeBit employ that method among others. More info on different algorithms further below.
What does "block size" refer to?
The well-known and most used algorithms we are going to list below (which are also supported by our software products) fall into the category of block cipher algorithms. Block ciphers got a revealing name that describes how they work. They break the input text into blocks and process it block by block. Each block has a fixed size of bits, for instance 128. The full length of the input text gets split into the exact same sized blocks during the process of encryption and decryption.
What does "key size" refer to?
Security of symmetric key block cipher algorithms depends on the key length. The length is measured in bits and the size defined as "secure" in AES is 128, but 192 and 256 bits are also used for extra security. If the key is shorter than that, chances are that it can be hacked by brute force and used to decrypt the encrypted confidential data.
Overview of well-known algorithms
- Rijndael: A symmetric key block cipher with a maximum key size of 256 bits and block size of 128 bits. It is considered to be the safest algorithm to use and the AES is a version of Rijndael, the model developed by two Belgian cryptographers, Joan Daemen and Vincent Rijmen. In 2001 it was selected as the winner of the contest to replace the previous secure data encryption standard, DES.
- Twofish: A symmetric key block cipher with a maximum key size of 256 bits and block size of 128 bits. The algorithm developed by Bruce Schneier, John Kelsey, Doug Whiting, David Wagner, Chris Hall, and Niels Ferguson, was a finalist in the NIST contest, and has been known and used widely ever since in several encryption software programs.
- RC4 ™: A symmetric key stream cipher with a maximum key size of 1024 bits and block size of 64. It was developed by Ron Rivest and has an established place among widely used algorithms as a software stream cipher. TLS (Transport Layer Security) and WEP (Wired Equivalent Privacy) are based on it.
- Cast 128: A symmetric key block cipher with a maximum key size of 128 bits and block size of 64 bits. Its was developed by Carlisle Adams and Stafford Travers and been used in several encryption software products.
- Gost: A symmetric key block cipher with a maximum key size of 256 bits and block size of 64 bits. It was developed by the Soviet and Russian governments and used to be their secure encryption standard, just like the American Government had the DES (Data Encryption Standard). Since its release to the public in 1994 it has been a popular algorithm for secure encryption.
- Blowfish: A symmetric key block cipher with a maximum key size of 448 bits and block size of 64 bits. It was developed by Bruce Schneier in 1993 and has been one of the most popular algorithms in encryption software programs ever since. We could say it was one of the first algorithms that were designed to be used by the public for general encryption needs, breaking the tradition of algorithms designed for governmental or commercial purposes.
- Diamond 2: A symmetric key block cipher with a maximum key size of 128 bits and block size of 128 bits. A popular algorithm to be used in encryption software programs because it is easy to generate key for it and guarantees advanced security.
- Sapphire II: A symmetric key stream cipher with a maximum key size of 128 bits and block size of 64 bits. A fast, easy to use, portable and secure cipher developed by Michael Paul Johnson and is a popular cipher choice in encryption software products.
What ways can you use east-tec InvisibleSecrets for encryption?
east-tec InvisibleSecrets can be used for several encryption scenarios such as: file/folder encryption, password encryption, application encryption, and email encryption. In addition to these features, the software also lets you hide the very existence of any file. This method is called steganography, which is the process of disguising a file by making it look like something else than it really is. You can, for instance, hide a text file into an image file. Read more about this concept here.
What ways can I use east-tec SafeBit for encryption?
east-tec SafeBit was designed to cover for volume encryption needs. It lets you encrypt entire disks by creating virtual drives (safes) where all your data is kept encrypted at all times. The software employs on-the-fly encryption so there is no need to encrypt/decrypt data each time you mount/dismount the safe. For extra safe data handling you can upload your encrypted safe into your cloud storage space, or copy it onto external hard drives. east-tec SafeBit has further security features that include: turn your USB & Flash Cards into safe keys, and key logger protection. The software also provides an extra layer of protection over your antivirus by storing your confidential data in a closed, encrypted safe.