In simple terms, encryption is a secret pass phrase that is applied to the contents of your files to ensure that they are completely unreadable without the means to do so along with that encryption key. Mozy encrypts your files on your computer before they are sent over the Internet to the Mozy cloud. Your files remain encrypted when stored in the Mozy cloud and can only be read if you have both the encryption key and the means to read the encrypted file.

When you install Mozy software, you might be able to select the type of encryption key you want to use for your backups. Whether you can choose and exactly which types of encryption keys are available depends on the type of account you have. MozyHome accounts can choose either the Mozy default encryption key or a personal encryption key. If you use MozyPro or MozyEnterprise, your administrator can determine the encryption key types that you can choose from or whether you can choose at all. That encryption is permanently associated with all files sent to the Mozy cloud from that computer.

You can change the encryption key type after you install the Mozy software. Doing this requires deleting the computer from the account and re-activating the software. If users are permitted to activate the software, a user can re-launch the setup wizard through the software and reactivate. Otherwise, you must uninstall the software, then reinstall and reactivate. The Mozy software then uploads all the files again to ensure that the stored files match the current encryption key.

The type of encryption key that is used determines whether some tasks are seamless and simple or whether extra steps are required. The Mozy default encryption key yields the least complicated experiences. A personal or corporate encryption key requires an extra set of steps for certain tasks. For example, if a personal encryption key is used, that key must be supplied to access files from the Mozy cloud when you use the Mozy mobile app. If a personal or corporate key is used, when you download files from the Mozy cloud using a web browser that you must then also use the Mozy decryption utility to supply that key. If a KMS key is used, you must use the backup software or Restore Manager to download and decrypt files.

With a few exceptions, most features of Mozy are available regardless of which type of encryption key is used.

If you use MozyPro or MozyEnterprise, some features might have been disabled by your administrator. For example, some organizations choose not to permit their users to access their files online.

Mozy separately stores the key. This option lets Mozy automatically decrypt your files when you download or restore them. This is the least complicated, most seamless experience for users, imposing no restrictions on any Mozy features.

To ensure you can download and restore your files, you must either remember your key indefinitely, or you can save it and store it separately. If you choose to save it, a plain text file is saved to the location you choose. The file contains only the characters you entered when creating your key. To ensure you can always provide your key, it is best not to save it only on your computer, which could fail, or only anywhere else which you could easily lose or damage, such as a USB stick.

When you download and restore files, you must supply this key to decrypt those files. Mozy does not have access to your personal encryption key and cannot decrypt files for you. This means that if you lose your key, Mozy cannot help you decrypt your files. Even under force of law, Mozy cannot decrypt your files if you choose to use a personal encryption key. When you reinstall the Mozy software or install it on a replacement computer, you must supply this same key to ensure continued access to files you have previously backed up.

If you choose to use a personal encryption key and you also use the Mozy mobile app, you must provide your personal key to view and download files from the Mozy mobile app. For more information, see Provide Personal Encryption Key in the Mozy Mobile App.

If you choose to use a personal encryption key with Mozy Sync, each instance of the sync software you install must use exactly that same key.

If you use a personal encryption key, several Mozy features are affected.

If you use a corporate encryption key, several Mozy features are affected.

If you use KMS encryption keys, several Mozy features are affected.

If you have a MozyHome account, you can use the same type of encryption key, or the exact same personal encryption key, when you install each instance of the backup software. Or, you can choose to install each instance of the backup software with a different type of encryption key, or a different personal encryption key. You can install Mozy Sync with the same encryption key as the backup software or a different one; however, all your instances of Mozy Sync must use the exact same encryption key. In making these choices during installation, you can choose to create the simplest experience possible when downloading or restoring files. Or, you can choose to be responsible for managing the most secure experience, which can also be the most complex.

If you have a MozyPro or MozyEnterprise account, you might not be able to choose which type of encryption to use. Or, your administrator specifies which types you can choose from. If you can choose, the same considerations that are described for a MozyHome account apply to you as well. As always, if you use Mozy Sync, each installed instance must use not only the same type of encryption, but the exact same key.

With this scheme, you never need to remember or supply an encryption key to use any Mozy features.

With this scheme, you must always be able to provide each key as necessary to use certain Mozy features, particularly when restoring or downloading files, or when installing any Mozy software when you replace any computer.

More:
Mozy Encryption

Documents (or other items) attached to objects, such as Service Requests, in ServicePRO can be encrypted. Encrypting attachments ensures that only those authorized to review the information in the attachment, can do so. Encryption Settings for your Help Desk are managed here.

From the Configuration tab, click on the Encryption option.

The following window appears:

Encryption Settings

Trustees

A trustee is a privileged user who can decrypt any file in ServicePRO with the aid of another trustee.

Enforce Encryption

By checking the boxes beside objects here, users who attach items to these objects will be required to encrypt them.

Select the objects, if any, that your help desk requires encryption.

Passphrase Indicate the minimum number of characters required for encryption passphrases. Obviously, the longer the passphrase, the more secure your encrypted files will be. Users will be required to enter this passphrase for each encrypted file they are authorized to open.Setting an Encryption Passphrase Before you can encrypt a file or be selected as a trustee, a passphrase must be set. To increase security, the passphrase is in addition to the password required to log in to ServicePRO.

User Options - Setting an Encryption Passphrase

Encrypting Attached Files When encryption setup has been completed, file attachment encryption can take place.

Encrypting Attached Files

Decrypting Attached Files

Trustee Decryption On occasion, it might be necessary to decrypt a file when none of the selected users for whom the file was encrypted are available for example, when an employee leaves the company.

Decrypting files in this situation is called Trustee Decryption and requires a minimum of two trustees.

NOTE:If you have specified that a minimum of 3 trustees are required to decrypt the file, then your form will feature with three frames, requiring 3 trustees to enter their information.

Forgotten Passphrases If you forget your passphrase, you can create a new one with the assistance of two trustees.

Changing Trustees To change a trustee, you must have the assistance of another trustee.

Tips and Best Practices Ensure that you have at least three trustees who will not lose or forget their passwords. If an attachment is encrypted, the file will not be recoverable if you do not have the appropriate number of trustees to decrypt the file.

Follow this link:
Encryption - servicepro.wiki

In 2018, you'd be forgiven for assuming that any sensitive app encrypts its connection from your phone to the cloud, so that the stranger two tables away at the coffee shop can't pull your secrets off the local Wi-Fi. That goes double for apps as personal as online dating services. But if you assumed that basic privacy protection for the world's most popular dating app, you'd be mistaken: As one application security company has found, Tinder's mobile apps still lack the standard encryption necessary to keep your photos, swipes, and matches hidden from snoops.

On Tuesday, researchers at Tel Aviv-based app security firm Checkmarx demonstrated that Tinder still lacks basic HTTPS encryption for photos. Just by being on the same Wi-Fi network as any user of Tinder's iOS or Android app, the researchers could see any photo the user did, or even inject their own images into his or her photo stream. And while other data in Tinder's apps are HTTPS-encrypted, Checkmarx found that they still leaked enough information to tell encrypted commands apart, allowing a hacker on the same network to watch every swipe left, swipe right, or match on the target's phone nearly as easily as if they were looking over the target's shoulder. The researchers suggest that lack of protection could enable anything from simple voyeuristic nosiness to blackmail schemes.

"We can simulate exactly what the user sees on his or her screen," says Erez Yalon, Checkmarx's manager of application security research. "You know everything: What theyre doing, what their sexual preferences are, a lot of information."

To demonstrate Tinder's vulnerabilities, Checkmarx built a piece of proof-of-concept software they call TinderDrift. Run it on a laptop connected to any Wi-Fi network where other connected users are tindering, and it automatically reconstructs their entire session.

[#video: https://www.youtube.com/embed/ZBTL1bmJ9o8

The central vulnerability TinderDrift exploits is Tinder's surprising lack of HTTPS encryption. The app instead transmits pictures to and from the phone over unprotected HTTP, making it relatively easy to intercept by anyone on the network. But the researchers used a few additional tricks to pull information out of the data Tinder does encrypt.

They found that different events in the app produced different patterns of bytes that were still recognizable, even in their encrypted form. Tinder represents a swipe left to reject a potential date, for instance, in 278 bytes. A swipe right is represented as 374 bytes, and a match rings up at 581. Combining that trick with its intercepted photos, TinderDrift can even label photos as approved, rejected, or matched in real time. "It's the combination of two simple vulnerabilities that create a major privacy issue," Yalon says. (Fortunately, the researchers say their technique doesn't expose messages Tinder users send to each other after they've matched.)

Checkmarx says it notified Tinder about its findings in November, but the company has yet to fix the problems.

'You know everything: What theyre doing, what their sexual preferences are, a lot of information.'

Erez Yalon, Checkmarx

In a statement to WIRED, a Tinder spokesperson wrote that "like every other technology company, we are constantly improving our defenses in the battle against malicious hackers," and pointed out that Tinder profile photos are public to begin with. (Though user interactions with those photos, like swipes and matches, are not.) The spokesperson added that the web-based version of Tinder is in fact HTTPS-encrypted, with plans to offer those protections more broadly. "We are working towards encrypting images on our app experience as well," the spokesperson said. "However, we do not go into any further detail on the specific security tools we use, or enhancements we may implement to avoid tipping off would be hackers."

For years, HTTPS has been a standard protection for just about any app or website that cares about your privacy. The dangers of skipping HTTPS protections were illustrated as early as 2010, when a proof-of-concept Firefox add-on called Firesheep, which allowed anyone to siphon unencrypted traffic off their local network, circulated online. Practically every major tech firm has since implemented HTTPSexcept, apparently, Tinder. While encryption can in some cases add to performance costs, modern servers and phones can easily handle that overhead, the Checkmarx researchers argue. "There's really no excuse for using HTTP these days," says Yalon.

Read more from the original source:
Tinder's Lack of Encryption Lets Strangers Spy on Your ...

Optical encryption market is expected to grow at a moderate rate during the forecast period 2019-2025. Optical encryption is a medium to secure in-flight data in the network transport layer. It is carried over optical waves across fiber-optic cables. With an increasing number of data leaks and high-profile breaches, cybersecurity is a major concern. For instance, according to the Executive Officer of the President of the US, the US economy has incurred the loss due to malicious cyber activity costing between $57 billion to $109 billion in 2016. Three Ukrainian energy distribution companies were targeted for cyber-attacks in December 2015. This resulted in electricity outages for nearly 225,000 customers across Western Ukraines Ivano-Frankivsk region. The attackers achieved unauthorized access into the corporate network of a regional electricity distribution company. About twenty-three 35kV and seven 110 kV substations were disconnected for three hours. This became possible due to the theft of credentials from corporate networks. The attackers were trying to theft credentials from 6 months before and finally succeed. Such kinds of cybersecurity threats are expected to encourage the demand for optical encryption technologies. Optical encryption provides benefits such as providing no information about underlying services and adding no latency. This enables to provide an exceptionally secure connection to the infrastructure by protecting data from theft. Other crucial factors that are contributing to the growth of the market include rising investment in smart city projects and advances in optical encryption techniques.

The global optical encryption market is segmented on the basis of the encryption layer and vertical. Based on the encryption layer, the market is further classified into layer 1, layer 2 and layer 3. Additionally, on the basis of vertical, the market is further classified into military and defense, government, BFSI (Banking, financial services, and insurance), healthcare, retail, transportation, telecom & IT, and others. There has been a significant demand for optical encryption in BFSI to protect information of their customers. BFSI industry is susceptible to a breach of data. Hence, it requires upgrading transaction and processing technologies. In addition, the industry requires end-to-end security solutions for optimizing operations against external and internal threats. Due to services, including mobile banking, smart banking, and internet banking, the payment security transmitted over the network is a prime object for BFSI organizations. This, in turn, increases the demand for optical encryption solutions to control and secure sensitive data of customers by encrypting data, files, and emails, as well as offers financial security.

Geographically, the global optical encryption market is segmented into four major regions, such as North America, Europe, Asia-Pacific, and rest of the world (RoW). The factors that are encouraging the demand for optical encryption market in North America include well-developed IT infrastructure and significant cyber-attacks in the region. However, Asia-Pacific is anticipated to witness considerable growth in the market due to the increasing number of smart city projects and rising adoption of cloud-based services. The major players in the market include Cisco Systems, Inc., Infinera Corp., Ciena Corp., ECI Telecom Ltd., and Huawei Technologies Co., Ltd. The crucial strategies adopted by these companies include merger and acquisitions, product launches and collaborations to expand market share globally. As an instance, in October 2018, Infinera Corp. acquired Coriant, Inc., a global supplier of open network solutions. It offers solutions for major global network operators. The acquisition will enable Infinera Corp. to position as one of the major providers of vertically integrated optical network equipment across the globe. This will enable the company to deliver a strong portfolio of end-to-end and advanced packet optical network solutions for internet content providers and communication service providers.

Research Methodology:

The market study of the optical encryption market is incorporated by extensive primary and secondary research conducted by the research team at OMR. Secondary research has been conducted to refine the available data to breakdown the market in various segments, derive total market size, market forecast, and growth rate. Different approaches have been worked on to derive the market value and market growth rate. Our team collects facts and data related to the market from different geography to provide a better regional outlook. In the report, the country-level analysis is provided by analyzing various regional players, regional tax laws and policies, consumer behavior and macro-economic factors. Numbers extracted from Secondary research have been authenticated by conducting proper primary research. It includes tracking down key people from the industry and interviewing them to validate the data. This enables our analyst to derive the closest possible figures without any major deviations in the actual number. Our analysts try to contact as many executives, managers, key opinion leaders, and industry experts. Primary research brings authenticity in our reports.

Secondary Sources Include

The report is intended for government and private companies for overall market analysis and competitive analysis. The report provides in-depth analysis on market size, intended quality of the service preferred by consumers. The report will serve as a source for 360-degree analysis of the market thoroughly integrating different models.

Market Segmentation

The Report Covers

Read more:
Optical Encryption Market Size, Share, Trends and Forecast ...

Only available in select Commercial Editions

MySQL Enterprise Transparent Data Encryption (TDE) protects your critical data byenabling data-at-rest encryption in the database. It protects the privacy of your information,prevents data breaches and helps meet regulatory requirements including:

MySQL Enterprise Transparent Data Encryption (TDE)

MySQL Enterprise TDE enables data-at-rest encryption by encrypting the physicalfiles of the database. Data is encrypted automatically, in real time, prior to writingto storage and decrypted when read from storage. As a result, hackers and malicious usersare unable to read sensitive data from tablespace files, database backups or disks. MySQLEnterprise TDE uses industry standard AES algorithms.

MySQL Enterprise TDE uses a two-tier encryption key architecture, consisting of a masterencryption key and tablespace keys providing easy key management and rotation. Tablespace keysare managed automatically over secure protocols while the master encryption key is stored ina centralized key management solution such as:

Oasis KMIP protocol implementations:

MySQL Enterprise TDE also supports HTTPS based APIs for Key Management such as:

MySQL enforces clear separation of keys from encrypted data using these centralized keymanagement solutions automate key rotation and storing historical keys.

Database table encryption and decryption occurs without any additional coding, data type or schema modifications. Also, users and applications continue to access data transparently, without changes. MySQL Enterprise TDE gives developers and DBAs the flexibility to encrypt/decrypt existing MySQL tables that have not already been encrypted.

MySQL Enterprise TDE leverages database caching to achieve high performance and requires zero downtime to implement.

Continue reading here:
MySQL Enterprise Transparent Data Encryption (TDE)

Encryption is the method by which information is converted into secret code that hides the information's true meaning. The science of encrypting and decrypting information is called cryptography.

In computing, unencrypted data is also known asplaintext, and encrypted data is called ciphertext. The formulas used to encode and decode messages are called encryption algorithms or ciphers.

To be effective, a cipher includes a variable as part of the algorithm. The variable, which is called a key, is what makes a cipher's output unique. When an encrypted message is intercepted by an unauthorized entity, the intruder has to guess which cipher the sender used to encrypt the message, as well as what keys were used as variables. The time it takes to guess this information is what makes encryption such a valuable security tool.

At the beginning of the encryption process, the sender must decide what cipher will best disguise the meaning of the message and what variable to use as a key to make the encoded message unique. The most widely used types of ciphers fall into two categories: symmetric and asymmetric.

Symmetric ciphers, also referred to as secret key encryption, use a single key. The key is sometimes referred to as a shared secret because the sender or computing system doing the encryption must share the secret key with all entities authorized to decrypt the message. Symmetric key encryption is usually much faster than asymmetric encryption. The most widely used symmetric key cipher is the Advanced Encryption Standard (AES), which was designed to protect government-classified information.

Asymmetric ciphers, also known as public key encryption, use two different -- but logically linked -- keys. This type of cryptography often uses prime numbers to create keys since it is computationally difficult to factor large prime numbers and reverse-engineer the encryption. The Rivest-Shamir-Adleman (RSA) encryption algorithm is currently the most widely used public key algorithm. With RSA, the public or the private key can be used to encrypt a message; whichever key is not used for encryption becomes the decryption key.

Today, many cryptographic processes use a symmetric algorithm to encrypt data and an asymmetric algorithm to securely exchange the secret key.

Encryption plays an important role in securing many different types of information technology (IT) assets. It provides the following:

Encryption is commonly used to protect data in transit and data at rest. Every time someone uses an ATM or buys something online with a smartphone, encryption is used to protect the information being relayed. Businesses are increasingly relying on encryption to protect applications and sensitive information from reputational damage when there is a data breach.

There are three major components to any encryption system: the data, the encryption engine and the key management. In laptop encryption, all three components are running or stored in the same place: on the laptop.

In application architectures, however, the three components usually run or are stored in separate places to reduce the chance that compromise of any single component could result in compromise of the entire system.

The primary purpose of encryption is to protect the confidentiality of digital data stored on computer systems or transmitted over the internet or any other computer network.

This video from the Khan Academy explains how256-bit encryption works.

In addition to security, the adoption of encryption is often driven by the need to meet compliance regulations. A number of organizations and standards bodies either recommend or require sensitive data to be encrypted in order to prevent unauthorized third parties or threat actors from accessing the data. For example, the Payment Card Industry Data Security Standard (PCI DSS) requires merchants to encrypt customers' payment card data when it is both stored at rest and transmitted across public networks.

Hash functions provide another type of encryption. Hashing is the transformation of a string of characters into a fixed-length value or key that represents the original string. When data is protected by a cryptographic hash function, even the slightest change to the message can be detected because it will make a big change to the resulting hash.

Hash functions are considered to be a type of one-way encryption because keys are not shared and the information required to reverse the encryption does not exist in the output. To be effective, a hash function should be computationally efficient (easy to calculate), deterministic (reliably produces the same result), preimage-resistant (output does not reveal anything about input) and collision-resistant (extremely unlikely that two instances will produce the same result).

Popular hashing algorithms include the Secure Hashing Algorithm (SHA-2 and SHA-3) and Message Digest Algorithm 5 (MD5).

Encryption, which encodes and disguises the message's content, is performed by the message sender. Decryption, which is the process of decoding an obscured message, is carried out by the message receiver.

The security provided by encryption is directly tied to the type of cipher used to encrypt the data -- the strength of the decryption keys required to return ciphertext to plaintext. In the United States, cryptographic algorithms approved by the Federal Information Processing Standards (FIPS) or National Institute of Standards and Technology (NIST) should be used whenever cryptographic services are required.

Encryption is an effective way to secure data, but the cryptographic keys must be carefully managed to ensure data remains protected, yet accessible when needed. Access to encryption keys should be monitored and limited to those individuals who absolutely need to use them.

Strategies for managing encryption keys throughout their lifecycle and protecting them from theft, loss or misuse should begin with an audit to establish a benchmark for how the organization configures, controls, monitors and manages access to its keys.

Key management software can help centralize key management, as well as protect keys from unauthorized access, substitution or modification.

Key wrapping is a type of security feature found in some key management software suites that essentially encrypts an organization's encryption keys, either individually or in bulk. The process of decrypting keys that have been wrapped is called unwrapping. Key wrapping and unwrapping activities are usually carried out with symmetric encryption.

While encryption is designed to keep unauthorized entities from being able to understand the data they have acquired, in some situations, encryption can keep the data's owner from being able to access the data as well.

Key management is one of the biggest challenges of building an enterprise encryption strategy because the keys to decrypt the cipher text have to be living somewhere in the environment, and attackers often have a pretty good idea of where to look.

There are plenty of best practices for encryption key management. It's just that key management adds extra layers of complexity to the backup and restoration process. If a major disaster should strike, the process of retrieving the keys and adding them to a new backup server could increase the time that it takes to get started with the recovery operation.

Having a key management system in place isn't enough. Administrators must come up with a comprehensive plan for protecting the key management system. Typically, this means backing it up separately from everything else and storing those backups in a way that makes it easy to retrieve the keys in the event of a large-scale disaster.

For any cipher, the most basic method of attack is brute force -- trying each key until the right one is found. The length of the key determines the number of possible keys, hence the feasibility of this type of attack. Encryption strength is directly tied to key size, but as the key size increases, so too do the resources required to perform the computation.

Alternative methods of breaking encryptions include side-channel attacks, which don't attack the actual cipher but the physical side effects of its implementation. An error in system design or execution can enable such attacks to succeed.

Attackers may also attempt to break a targeted cipher through cryptanalysis, the process of attempting to find a weakness in the cipher that can be exploited with a complexity less than a brute-force attack. The challenge of successfully attacking a cipher is easier if the cipher itself is already flawed. For example, there have been suspicions that interference from the National Security Agency (NSA) weakened the DES algorithm, and following revelations from former NSA analyst and contractor Edward Snowden, many believe the NSA has attempted to subvert other cryptography standards and weaken encryption products.

Governments and law enforcement officials around the world, particularly in the Five Eyes (FVEY) intelligence alliance, continue to push for encryption backdoors, which they claim are necessary in the interests of national safety and security as criminals and terrorists increasingly communicate via encrypted online services.

According to the FVEY governments, the widening gap between the ability of law enforcement to lawfully access data and their ability to acquire and use the content of that data is "a pressing international concern" that requires "urgent, sustained attention and informed discussion."

Opponents of encryption backdoors have said repeatedly that government-mandated weaknesses in encryption systems put the privacy and security of everyone at risk because the same backdoors can be exploited by hackers.

Recently, law enforcement agencies, such as the Federal Bureau of Investigation (FBI), have criticized technology companies that offer E2EE, arguing that such encryption prevents law enforcement from accessing data and communications even with a warrant. The FBI has referred to this issue as "going dark," while the U.S. Department of Justice (DOJ) has proclaimed the need for "responsible encryption" that can be unlocked by technology companies under a court order.

Australia passed legislation that made it mandatory for visitors to provide passwords for all digital devices when crossing the border into Australia. The penalty for noncompliance is five years in jail.

By 2019, cybersecurity threats increasingly included encryption data on IoT and on mobile computing devices. While devices on IoT often are not targets themselves, they serve as attractive conduits for the distribution of malware. According to experts, attacks on IoT devices using malware modifications tripled in the first half of 2018 compared to the entirety of 2017.

Meanwhile, NIST has encouraged the creation of cryptographic algorithms suitable for use in constrained environments, including mobile devices. In a first round of judging in April 2019, NIST chose 56 lightweight cryptographic algorithms candidates to be considered for standardization. Further discussion on cryptographic standards for mobile devices is slated to be held in November 2019.

In February 2018, researchers at MIT unveiled a new chip, hardwired to perform public key encryption, which consumes only 1/400 as much power as software execution of the same protocols would. It also uses about 1/10 as much memory and executes 500 times faster.

Because public key encryption protocols in computer networks are executed by software, they require precious energy and memory space. This is a problem in IoT, where many different sensors embedded in products such as appliances and vehicles connect to online servers. The solid-state circuitry greatly alleviates that energy and memory consumption.

The word encryption comes from the Greek word kryptos, meaning hidden or secret. The use of encryption is nearly as old as the art of communication itself. As early as 1900 B.C., an Egyptian scribe used nonstandard hieroglyphs to hide the meaning of an inscription. In a time when most people couldn't read, simply writing a message was often enough, but encryption schemes soon developed to convert messages into unreadable groups of figures to protect the message's secrecy while it was carried from one place to another. The contents of a message were reordered (transposition) or replaced (substitution) with other characters, symbols, numbers or pictures in order to conceal its meaning.

In 700 B.C., the Spartans wrote sensitive messages on strips of leather wrapped around sticks. When the tape was unwound, the characters became meaningless, but with a stick of exactly the same diameter, the recipient could recreate (decipher) the message. Later, the Romans used what's known as the Caesar Shift Cipher, a monoalphabetic cipher in which each letter is shifted by an agreed number. So, for example, if the agreed number is three, then the message, "Be at the gates at six" would become "eh dw wkh jdwhv dw vla." At first glance, this may look difficult to decipher, but juxtaposing the start of the alphabet until the letters make sense doesn't take long. Also, the vowels and other commonly used letters, like t and s, can be quickly deduced using frequency analysis, and that information, in turn, can be used to decipher the rest of the message.

The Middle Ages saw the emergence of polyalphabetic substitution, which uses multiple substitution alphabets to limit the use of frequency analysis to crack a cipher. This method of encrypting messages remained popular despite many implementations that failed to adequately conceal when the substitution changed -- also known as key progression. Possibly the most famous implementation of a polyalphabetic substitution cipher is the Enigma electromechanical rotor cipher machine used by the Germans during World War II.

It was not until the mid-1970s that encryption took a major leap forward. Until this point, all encryption schemes used the same secret for encrypting and decrypting a message: a symmetric key.

Encryption was almost exclusively used only by governments and large enterprises until the late 1970s when the Diffie-Hellman key exchange and RSA algorithms were first published and the first PCs were introduced.

In 1976, Whitfield Diffie and Martin Hellman's paper, "New Directions in Cryptography," solved one of the fundamental problems of cryptography: how to securely distribute the encryption key to those who need it. This breakthrough was followed shortly afterward by RSA, an implementation of public key cryptography using asymmetric algorithms, which ushered in a new era of encryption. By the mid-1990s, both public key and private key encryption were being routinely deployed in web browsers and servers to protect sensitive data.

Continue reading here:
What is Encryption? - Definition from WhatIs.com

Encryption refers to any process used to make sensitive data more secure and less likely to be intercepted by those unauthorized to view it.

There are several modern types of encryption used to protect sensitive electronic data, such as emails, files, folders and entire drives. It's very important to understand what kinds of encryption are most important for a particular need, and to not be lulled into a false sense of security by fancy-sounding process names.

There are many encryption programs that provide excellent security for very little money sometimes even for free.

For example, consider the folder-encryption options available to users of the Microsoft Windows operating system. Microsoft's encryption is generally strong, meaning that most users won't have to seek out additional methods of protecting their sensitive financial data, medical records and other sensitive files.

MORE: 17 Security and Privacy Apps and Plugins

Or, if you're worried about Microsoft's alleged relationship with the U.S. National Security Agency, try TrueCrypt, an open-source, free-to-use software solution.

The most dangerous pitfall of folder encryption is that there may be temporary versions of the sensitive files that are not encrypted.

Consider this: Most computer users regularly save their work to avoid catastrophic data loss due to a power outage, electrical storm or other unexpected event. Each time the user saves a file in progress, a temporary version of that file is created and stored in the aptly named "temp" folder, where it remains unencrypted.

Simply deleting temp files isn't enough protection, either. Someone who wants to access your data badly enough will likely be able to access those files using free or cheap data-recovery software.

All encryption techniques have weak spots. As these weaknesses are revealed and exploited, new methods of encrypting data are developed to provide additional layers of security for users.

One of the most common and bothersome weaknesses occurs when an encryption method, also called a cipher or an algorithm, that's supposed to generate seemingly random strings of gibberish instead produces outputs that have a discernible pattern. If the pattern gets noticed by interlopers, it may help them crack the encrypted data.

A similar issue involves encryption algorithms that generate predictable patterns of characters in response to repetitious, predictable input.

MORE: Email Encryption: Worth the Trouble?

If this problem is extensive enough, it can help digital intruders decipher at least part of the encrypted data, which may include financial information, government documents or other sensitive information. In many cases, even a partial data breach can be devastating.

Individuals and organizations that want to add protection to their encryption algorithms often insert extra lines of code to alter the outputs -- a practice known as "salting."

For example, one of the most common passwords used is simply "password." Malicious hackers know what "password" and other common passwords look like after they're run though common encryption algorithms.

But if an organization adds extra characters to each password during the encryption process, such as "password" plus "safe," the output will be something malicious hackers won't recognize as long as the extra characters are kept secret.

Encryption can also be used to verify the integrity of a file or piece of software. The raw binary data of a file or application is run through a special encryption algorithm to produce a "hash," a long number unique to that file.

Any alteration to the file, such as by a hacker inserting malicious code or by random data corruption, will produce a different hash. Computers and mobile devices compare a new piece of software's stated hash to its actual one before installing the software.

A similar process involves running a piece of software through a simple algorithm that produces a single short number, a "checksum." Altering the software in any way will likely produce a different checksum.

To guard against random, accidental corruption, many pieces of software include protection in the form of self-diagnostic checksum matches that the software performs each time it's launched.

Data encryption is important for everyone, not just big corporations and government officials. The topic can be intimidating for those without extensive computer experience, but thankfully, for most users, keeping sensitive data safe is a relatively straightforward process.

The key is to start early and regularly verify the effectiveness of the chosen security measures.

Follow us@tomsguide, onFacebookand onGoogle+.

More:
Encryption: What It Is, and How It Works for You | Tom's Guide

BitLocker is a tool built into Windows that lets you encrypt an entire hard drive for enhanced security. Heres how to set it up.

When TrueCrypt controversially closed up shop, they recommended their users transition away from TrueCrypt to using BitLocker or Veracrypt. BitLocker has been around in Windows long enough to be considered mature, and is anencryption product generally well-regarded by security pros. In this article, were going to talk about how you can set it up on your PC.

RELATED: Should You Upgrade to the Professional Edition of Windows 10?

Note: BitLocker Drive Encryption and BitLocker To Go require a Professional or Enterprise edition of Windows 8 or 10, or the Ultimate version of Windows 7. However, starting with Windows 8.1, the Home and Pro editions of Windows include a Device Encryption feature(a feature also included in Windows 10) that works similarly. We recommend Device Encryption if your computer supports it, BitLocker for Pro users who cant use Device Encryption, and VeraCrypt for people using a Home version of Windows where Device Encryption wont work.

Many guides out there talk about creating a BitLocker container that works much like the kind of encrypted container you can create with products like TrueCrypt or Veracrypt. Its a bit of a misnomer, but you can achieve a similar effect. BitLocker works by encrypting entire drives. That could be your system drive, a different physical drive, or a virtual hard drive (VHD) that exists as a file and is mounted in Windows.

RELATED: How to Create an Encrypted Container File With BitLocker on Windows

The difference is largely semantic. In other encryption products, you usually create an encrypted container, and then mount it as a drive in Windows when you need to use it. With BitLocker, you create a virtual hard drive, and then encrypt it. If youd like to use a container rather than, say, encrypt your existing system or storage drive, check out our guide to creating an encrypted container file with BitLocker.

For this article, were going to concentrate on enabling BitLocker for an existing physical drive.

RELATED: How to Use BitLocker Without a Trusted Platform Module (TPM)

To use BitLocker for a drive, all you really have to do is enable it, choose an unlock methodpassword, PIN, and so onand then set a few other options. Before we get into that, however, you should know that using BitLockers full-disk encryption on a system drive generally requires a computer with a Trusted Platform Module (TPM) on your PCs motherboard. This chip generates and store the encryption keys that BitLocker uses. If your PC doesnt have a TPM, you can use Group Policy to enable using BitLocker without a TPM. Its a bit less secure, but still more secure than not using encryption at all.

You can encrypt a non-system drive or removable drive without TPM and without having to enable the Group Policy setting.

On that note, you should also know that there are two types of BitLocker drive encryption you can enable:

In Windows 7 through 10, you really dont have to worry about making the selection yourself. Windows handles things behind the scenes, and the interface youll use to enable BitLocker doesnt look any different. If you end up unlocking an encrypted drive on Windows XP or Vista, youll see the BitLocker to Go branding, so we figured you should at least know about it.

So, with that out of the way, lets go over how this actually works.

The easiest way to enable BitLocker for a drive is to right-click the drive in a File Explorer window, and then choose the Turn on BitLocker command. If you dont see this option on your context menu, then you likely dont have a Pro or Enterprise edition of Windows and youll need to seek another encryption solution.

Its just that simple. The wizard that pops up walks you through selecting several options, which weve broken down into the sections that follow.

The first screen youll see in the BitLocker Drive Encryption wizard lets you choose how to unlock your drive. You can select several different ways of unlocking the drive.

If youre encrypting your system drive on a computer thatdoesnt have a TPM, you can unlock the drive with a password or a USB drive that functions as a key. Select your unlock method and follow the instructions for that method (enter a password or plug in your USB drive).

RELATED: How to Enable a Pre-Boot BitLocker PIN on Windows

If your computer does have a TPM, youll see additional options for unlocking your system drive. For example, you can configure automatic unlocking at startup (where your computer grabs the encryption keys from the TPM and automatically decrypts the drive). You could alsouse a PIN instead of a password, or even choose biometric options like a fingerprint.

If youre encrypting a non-system drive or removable drive, youll see only two options (whether you have a TPM or not). You can unlock the drive with a password or a smart card (or both).

BitLocker provides you with a recovery key that you can use to access your encrypted files should you ever lose your main keyfor example, if you forget your password or if the PC with TPM dies and you have to access the drive from another system.

You can save the key to your Microsoft account, a USB drive, a file, or even print it. These options are the same whether youre encrypting a system or non-system drive.

If you back up the recovery key to your Microsoft account, you can access the key later at https://onedrive.live.com/recoverykey. If you use another recovery method, be sure to keep this key safeif someone gains access to it, they could decrypt your drive and bypass encryption.

You can also back up your recovery key multiple ways if you want. Just click each option you want to use in turn, and then follow the directions. When youre done saving your recovery keys, click Next to move on.

Note: If youre encrypting a USB or other removable drive, you wont have the option of saving your recovery key to a USB drive. You can use any of the other three options.

BitLocker automatically encrypts new files as you add them, but you must choose what happens with the files currently on your drive. You can encrypt the entire driveincluding the free spaceor just encrypt the used disk files to speed up the process. These options are also the same whetheryoure encrypting a system or non-system drive.

RELATED: How to Recover a Deleted File: The Ultimate Guide

If youre setting up BitLocker on a new PC, encrypt the used disk space onlyits much faster. If youre setting BitLocker up on a PC youve been using for a while, you should encrypt the entire drive to ensure no one can recover deleted files.

When youve made your selection, click the Next button.

If youre using Windows 10, youll see an additional screen letting you choose an encryption method. If youre using Windows 7 or 8, skip ahead to the next step.

Windows 10 introduced a new encryption method named XTS-AES. It provides enhanced integrity and performance over the AES used in Windows 7 and 8. If you know the drive youre encrypting is only going to be used on Windows 10 PCs, go ahead and choose the New encryption mode option. If you think you might need to use the drive with an older version of Windows at some point (especially important if its a removable drive), choose the Compatible mode option.

Whichever option you choose (and again, these are the same for system and non-system drives), go ahead and click the Next button when youre done, and on the next screen, click the Start Encrypting button.

The encryption process can take anywhere from seconds to minutes or even longer, depending on the size of the drive, the amount of data youre encrypting, and whether you chose to encrypt free space.

If youre encrypting your system drive, youll be prompted to run a BitLocker system check and restart your system. Make sure the option is selected, click the Continue button, and then restart your PC when asked.After the PC boots back up for the first time, Windows encrypts the drive.

If youre encrypting a non-system or removable drive, Windows does not need to restart and encryption begins immediately.

Whatever type of drive youre encrypting, you can check the BitLocker Drive Encryption icon in the system tray to see its progress, and you can continue using your computer while drives are being encryptedit will just perform more slowly.

If your system drive is encrypted, unlocking it depends on the method you chose (and whether your PC has a TPM). If you do have a TPM and elected to have the drive unlocked automatically, you wont notice anything differentyoull just boot straight into Windows like always. If you chose another unlock method, Windows prompts you to unlock the drive (by typing your password, connecting your USB drive, or whatever).

RELATED: How to Recover Your Files From a BitLocker-Encrypted Drive

And if youve lost (or forgotten) your unlock method, press Escape on the prompt screen to enter your recovery key.

If youve encrypted a non-system or removable drive, Windows prompts you to unlock the drive when you first access it after starting Windows (or when you connect it to your PC if its a removable drive). Type your password or insert your smart card, and the drive should unlock so you can use it.

In File Explorer, encrypted drives show a gold lock on the icon (on the left). That lock changes to gray and appears unlocked when you unlock the drive (on the right).

You can manage a locked drivechange the password, turn off BitLocker, back up your recovery key, or perform other actionsfrom the BitLocker control panel window. Right-click any encrypted drive, and then select Manage BitLocker to go directly to that page.

Like all encryption, BitLocker does add some overhead. Microsofts official BitLocker FAQ says that Generally it imposes a single-digit percentage performance overhead. If encryption is important to you because you have sensitive datafor example, a laptop full of business documentsthe enhanced security is well worth the performance trade-off.

See the original post:
How to Set Up BitLocker Encryption on Windows

Hashing and encrypting are two words that are often used interchangeably, but incorrectly so.

Do you understand the difference between the two, and the situations in which you should use one over the other? In today's post I investigate the key differences between hashing and encrypting, and when each one is appropriate.

A hash is a string or number generated from a string of text. The resulting string or number is a fixed length, and will vary widely with small variations in input. The best hashing algorithms are designed so that it's impossible to turn a hash back into its original string.

MD5 - MD5 is the most widely known hashing function. It produces a 16-byte hash value, usually expressed as a 32 digit headecimal number. Recently a few vulnerabilities have been discovered in MD5, and rainbow tables have been published which allow people to reverse MD5 hashes made without good salts.

SHA - There are three different SHA algorithms -- SHA-0, SHA-1, and SHA-2. SHA-0 is very rarely used, as it has contained an error which was fixed with SHA-1. SHA-1 is the most commonly used SHA algorithm, and produces a 20-byte hash value.

Hashing is an ideal way to store passwords, as hashes are inherently one-way in their nature. By storing passwords in hash format, it's very difficult for someone with access to the raw data to reverse it (assuming a strong hashing algorithm and appropriate salt has been used to generate it).

When storing a password, hash it with a salt, and then with any future login attempts, hash the password the user enters and compare it with the stored hash. If the two match up, then it's virtually certain that the user entering the password entered the right one.

Hashing is great for usage in any instance where you want to compare a value with a stored value, but can't store its plain representation for security reasons. Other use cases could be checking the last few digits of a credit card match up with user input or comparing the hash of a file you have with the hash of it stored in a database to make sure that they're both the same.

Encryption turns data into a series of unreadable characters, that aren't of a fixed length. The key difference between encryption and hashing is that encrypted strings can be reversed back into their original decrypted form if you have the right key.

There are two primary types of encryption, symmetric key encryption and public key encryption. In symmetric key encryption, the key to both encrypt and decrypt is exactly the same. This is what most people think of when they think of encryption.

Public key encryption by comparison has two different keys, one used to encrypt the string (the public key) and one used to decrypt it (the private key). The public key is is made available for anyone to use to encrypt messages, however only the intended recipient has access to the private key, and therefore the ability to decrypt messages.

Encryption should only ever be used over hashing when it is a necessity to decrypt the resulting message. For example, if you were trying to send secure messages to someone on the other side of the world, you would need to use encryption rather than hashing, as the message is no use to the receiver if they cannot decrypt it.

If the raw value doesn't need to be known for the application to work correctly, then hashing should always be used instead, as it is more secure.

If you have a usecase where you have determined that encryption is necessary, you then need to choose between symmetric and public key encryption. Symmetric encryption provides improved performance, and is simpler to use, however the key needs to be known by both the person/software/system encrypting and decrypting data.

If you were communicating with someone on the other side of the world, you'd need to find a secure way to send them the key before sharing your secure messages. If you already had a secure way to send someone an encryption key, then it stands to reason you would send your secure messages via that channel too, rather than using symmetric encryption in the first place.

Many people work around this shortcoming of symmetric encryption by initially sharing an encryption key with someone using public key encryption, then symmetric encryption from that point onwards -- eliminating the challenge of sharing the key securely.

View original post here:
What is The Difference Between Hashing and Encrypting

When we use the Internet, we're not always just clicking around and passively taking in information, such as reading news articles or blog posts -- a great deal of our time online involves sending others our own information. Ordering something over the Internet, whether it's a book, a CD or anything else from an online vendor, or signing up for an online account, requires entering in a good deal of sensitive personal information. A typical transaction might include not only our names, e-mail addresses and physical address and phone number, but also passwords and personal identification numbers (PINs).

The incredible growth of the Internet has excited businesses and consumers alike with its promise of changing the way we live and work. It's extremely easy to buy and sell goods all over the world while sitting in front of a laptop. But security is a major concern on the Internet, especially when you're using it to send sensitive information between parties.

Let's face it, there's a whole lot of information that we don't want other people to see, such as:

Information security is provided on computers and over the Internet by a variety of methods. A simple but straightforward security method is to only keep sensitive information on removable storage media like portable flash memory drives or external hard drives. But the most popular forms of security all rely on encryption, the process of encoding information in such a way that only the person (or computer) with the key can decode it.

In this article, you will learn about encryption and authentication. You will also learn about public-key and symmetric-key systems, as well as hash algorithms.

Follow this link:
How Encryption Works | HowStuffWorks