Encryption

Encryption refers to algorithmic schemes that encode plain text into non-readable form or hypertext, providing privacy. The receiver of the encrypted text uses a “key” to decrypt the message, returning it to its original plain text form. The key is the trigger mechanism to the algorithm.

Until the advent of the Internet, encryption was rarely used by the public, but was largely a military tool. Today, with online marketing, banking, healthcare and other services, even the average householder is aware of encryption.

Web browsers will encrypt text automatically when connected to a secure server, evidenced by an address beginning with https. The server decrypts the text upon its arrival, but as the information travels between computers, interception of the transmission will not be fruitful to anyone “listening in.” They would only see unreadable gibberish.

There are many types of encryption and not all of it is reliable. The same computer power that yields strong encryption can be used to break weak encryption schemes. Initially, 64-bit encryption was thought to be quite strong, but today 128-bit encryption is the standard, and this will undoubtedly change again in the future.

Though browsers automatically encrypt information when connected to a secure website, many people choose to use encryption in their email correspondence as well. This can easily be accomplished with encryption programs that feature plug-ins or interfaces for popular email clients.

The most longstanding of these is called PGP (Pretty Good Privacy), a humble name for very strong military-grade encryption program. PGP allows one to not only encrypt email messages, but personal files and folders as well.

Encryption can also be applied to an entire volume or drive. To use the drive, it is “mounted” using a special decryption key. In this state the drive can be used and read normally.

When finished, the drive is dismounted and returns to an encrypted state, unreadable by interlopers, Trojan horses, spyware or snoops. Some people choose to keep financial programs or other sensitive data on encrypted drives.

Encryption schemes are categorized as being symmetric or asymmetric. Symmetric key algorithms such as Blowfish, AES and DES, work with a single, prearranged key that is shared between sender and receiver. This key both encrypts and decrypts text. In asymmetric encryption schemes, such as RSA and Diffie-Hellman, the scheme creates a “key pair” for the user: a public key and a private key.

The public key can be published online for senders to use to encrypt text that will be sent to the owner of the public key. Once encrypted, the cyphertext cannot be decrypted except by the one who holds the private key of that key pair. This algorithm is based around the two keys working in conjunction with each other. Asymmetric encryption is considered one step more secure than symmetric encryption, because the decryption key can be kept private.

Strong encryption makes data private, but not necessarily secure. To be secure, the recipient of the data -- often a server -- must be positively identified as being the approved party. This is usually accomplished online using digital signatures or certificates.

As more people realize the open nature of the Internet, email and instant messaging, encryption will undoubtedly become more popular. Without encryption, information passed on the Internet is not only available for virtually anyone to snag and read, but is often stored for years on servers that can change hands or become compromised in any number of ways. For all of these reasons encryption is a goal worth pursuing.

Encryption is the transformation of data into a form which is unreadable by anyone without a secret decryption key. Its purpose is to ensure privacy by keeping the information hidden from anyone for whom it was not intended, including those who can see the encrypted data.

Encryption may be used to make stored data private (e.g., data that is stored on a potentially vulnerable hard disk), or to allow a non-secure communications channel to serve as a private communications channel. Encryption is sometimes described as the process of converting plain text into cipher text.

Prevents any non-authorized party from reading or changing data. The level of protection provided by encryption is determined by an encryption algorithm. In a brute-force attack, the strength is measured by the number of possible keys and the key size. For example, a Triple-Data Encryption Standard system (3 DES) uses 112-bit or 168-bit keys and, based on currently available processing power, is virtually immune to brute-force attacks.

Business to Business VPNs (Extranets) share sensitive data with multiple organizations, so demand the highest level of security. This requires public key encryption and/or secure key exchange, both of which are designed to eliminate the risk of the key becoming known to an unauthorized party.

Encryption Systems

The Computer encryption is based on the science of cryptography, which has been used throughout history. Before the digital age, the biggest users of cryptography were governments, particularly for military purposes. The existence of coded messages has been verified as far back as the Roman Empire.

But most forms of cryptography in use these days rely on computers, simply because a human-based code is too easy for a computer to crack.

Most computer encryption systems belong in one of two categories:

Symmetric-key encryption
Public-key encryption

Crypto," to use the all-purpose abbreviation for cryptography, cryptoanalysis, and cryptology, is cool. Just plain cool. My biggest regret in life is that I never took a math class past Algebra II, so I really don't know jack about the mathematical foundations of intense crypto systems. But boy, do I respect those who do.

If you're a person who finds crypto textbooks really boring yet wants to understand this whole crypto bit in the broad sense, go read Neal Stephenson's Cryptonomicon. Sure, it's more than 900 pages of quasi-fiction, but it manages to tell a fascinating story while giving an incredible amount of insight into modern cryptography.

In this tutorial, you'll learn something or another about the common, Web-based uses for the following basic encryption techniques

Asymmetric key-based algorithms. This method uses one key to encrypt data and a different key to decrypt the same data. You have likely heard of this technique; it is sometimes called public key/private key encryption, or something to that effect.

Symmetric key-based algorithms, or block-and-stream ciphers. Using these cipher types, your data is separated into chunks, and those chunks are encrypted and decrypted based on a specific key.

Stream ciphers are used more predominantly than block ciphers, as the chunks are encrypted on a bit-by-bit basis This process is much smaller and faster than encrypting larger (block) chunks of data.
Hashing, or creating a digital summary of a string or file. This is the most common way to store passwords on a system, as the passwords aren't really what's stored, just a hash that can't be decrypted.

If your head's already spinning, stick with me — it does get better. The following sections will show you the why and how of real-life data encryption in a Web environment, using PHP and various other tools such as the mcrypt and mhash libraries.