Inform/Encryption

From MozillaWiki
Jump to: navigation, search

What is encryption?

Encryption is the process of transforming data to make it unreadable to anyone who does not have a copy of the correct encryption 'key' (which is a small chunk of random data). The process of making it readable again is called decryption.

Explanation

There are two basic types of encryption - symmetric and asymmetric. In symmetric encryption, the key use to encrypt and the key used to decrypt are the same; decryption simply involves running the encryption process backwards. A mechanical safe is a good analogy for symmetric encryption. Anyone with a copy of the safe key can lock things in the safe, and anyone with the key can get things out again. Enigma is a historical example of a symmetric encryption scheme.

Asymmetric encryption, also known as "public key encryption" uses two keys instead of one. There is a public one, used for encryption, and a private one, used for decryption. The two keys are created as a pair. The relationship between the two involves complex mathematics which are outside our scope here, but the important thing is that it's not possible to work out what one key is if you only have the other one. A user will create a key pair and publish the public key, so anyone can send them encrypted messages. However, they will keep the private key secret, so only they can read the messages sent to them. This is like a locked mailbox with a slot - anyone can deposit mail, but only the mailbox owner can retrieve it.

Asymmetric encryption also introduces the concept of digital signatures - proofs of authorship or endorsement. This is done by using the keys the other way around. The private key is used to create signatures (so only the key owner can make them) but anyone can verify them using the public key. This is the modern, and more secure, equivalent of the impression of a signet ring in the wax seal attached to a document.

Some encryption systems are 'hybrid' - they use both asymmetric and symmetric encryption. They want the advantage of asymmetric encryption - the ability to publish a public key and have anyone communicate with them. However, the systems need to be fast and public key encryption is slow (computationally intensive). So, they use public key encryption to exchange a temporary symmetric key, and use that for the session, throwing it away securely afterwards. SSL, the most common encryption system used for securing transmissions on the Internet, does this.

Encryption can be used on data in transit over a network, or data at rest on a storage medium. When data in transit is encrypted, it secures the process of data transfer against eavesdroppers on the network. When data at rest is encrypted, it secures it against data theft e.g. via a server compromise. However, the data has to be decrypted to be used, viewed or searched.

The 'strength' of some encryption is a factor of the design of the cryptographic system, the length of the key (although numbers are not directly comparable across different mathematical types of cryptography), but the skill of the implementer in building the software.

Further Reading and Resources