With an escalation in hackings over the past decade, breaches in our private data are ubiquitous meaning now, more than ever, encryption is key.

Encryption prevents unauthorised access to your data, from emails to WhatsApp messages and bank details, by keeping communication secure between the parties involved. How Google's AI taught itself to create its own encryption

This is done by 'scrambling' the information sent from one person to another into a lengthy code making it unreadable for anybody else attempting to access it.

When the data is encrypted, the sender and the receiver are the only people that can decrypt the scrambled info back to a readable condition. This is achieved via keys, which grant only the users involved access to modify the data to make it unreadable and then readable again.

On messaging app Whatsapp, for example, every message sent has its own unique lock and key and only the sender and receiver have access to these keys. This prevents prying eyes from seeing the information in messages. For the rest of the world, and even Whatsapp itself, the relayed information is unintelligible gibberish because no-one else has the key to decrypt the content. This is referred to as end-to-end encryption.

Put more simply, imagine encryption to be like translating your information into a language only you and your recipient know, and more importantly which a cybercriminal cant translate.

Most popular apps make use of encryption to retain user safety, whether thats for storing data, or for data in transit.

Tony Anscombe, senior security evangelist from Avast told WIRED that encryption in apps is imperative as it makes using safer, but at the same time, those that dont practise common sense can still fall victim to hacking.

Many apps offer encryption of data, however if a user doesnt lock the app with a password or PIN, then anyone who gets hold of the device has access to your apps and will be able to see the unencrypted data, Anscombe explained. That said, many operating systems offer encryption of everything stored on the device. This helps combat theft of the device to access the data.

When implemented properly, encrypted data could take a hacker billions of years to crack based on sheer brute force attacks. This is because encryption codes use complex mathematical algorithms and long numerical sequences that are difficult to decrypt.

A brute force attack is a method used by a hacker to try as many combinations of passwords or encryption keys until the correct one is found. It is usually carried out using software to scan through the combinations.

However, there are different types of encryption, each with varying levels of effectiveness. This is measured in bits. The higher the number of bits an encryption, the harder it is - in theory - for a hacker to crack it.

A low-bit key is one with fewer combinations, so would be fairly easy to crack for a hacker with dedicated computer resources. The larger the key, the harder this becomes, exponentially. For example, a 5-bit key has 32 possible combinations, a 6-bit key has 64 combinations, a 7-bit key has 128 combinations, and so forth. A 10-bit key has a thousand combinations, a 20-bit key has a million combinations, a 30-bit key has a billion combinations. The quantum clock is ticking on encryption and your data is under threat

The more complex the encryption, the more difficult it becomes for a cybercriminal to reverse engineer the encryption key and access the data. This doesnt mean the codes are uncrackable, but that the time taken to find the right combination would be far too long to ever be feasible in one lifetime, even with the help of powerful supercomputers.

Let's say a hacker has a computer that can test a billion keys per second, trying to brute force all combinations. That means they can break a 30-bit key in just one second. At that speed, though, it will take you a billion seconds (or 34 years) to break a 60-bit key because every 30 bits added makes it a billion times more difficult. A spy agency like the NSA can crack 60-bit keys using supercomputers, but a 90-bit key is a billion times more difficult to crack, and a 120-bit key would be a further billion times more difficult to crack than that.

Considering most Android, Apple and Windows apps have at least 128-bit Advanced Encryption Standard (AES) - the standard US Government encryption algorithm for data encryption - you can imagine that a 128-bit key, which has more than 300,000,000,000,000,000,000,000,000,000,000,000 key combinations, is exceptionally safe. Same goes for 192 or 256-bit AES encryption keys that the US Government requires for highly sensitive data.

Bharat Mistry, cybersecurity consultant at Trend Micro puts this into perspective. It would take fifty supercomputers an estimated 3.4 x 1,038 years to break the commonly used 256-bit encryption key, he told WIRED. As you can imagine, most hackers will be hard pressed to find time for that.

That doesnt mean all encryption is of the highest standard as it is still prone to human error. Poorly developed encryption is not hackerproof; if it is hard and complex to develop, mistakes in the coding can easily lead to users believing they are secure when they're not. For example, homegrown encryption methods have rarely been vetted to the extent supported standards have.

If a hacker has the right level of time and resources, its difficult to say that any encryption is completely immune, Mistry explained.

Shutterstock

The challenge in keeping encryption as tight as possible is therefore checking it is properly implemented and kept secure over time.

Human error, insider attacks and poor implementations are the challenges that IT teams have to face in developing increasingly sophisticated encryption technology.

The biggest problem with encryption is that the key itself needs to be shared between the sender and the recipients, added Mistry. Although this is hard to locate within the information, it could still pose a potential problem.

Security research is currently focused on techniques that do not require the key to shipped or sent to all parties, otherwise known as zero knowledge proof protocol. It isnt widely used now, but we expect it to grow. For the more distant future, some researchers are even looking at ways to hide data within DNA.

Read more:
What is encryption? WIRED explains how apps keep our private data safe - Wired.co.uk

WhatsApp proved itself to be the most YOLO-crypto company of 2016 when it turned on end-to-end encryption by default last April for its more than 1billion users. (Facebook, WhatsApps parent company, took a more cautious approach when it added opt-in encryption to Messenger.) But WhatsApps all-in approach has come at a cost the companys executives werearrested and its service wastemporarily shut down in Brazil when local courts demanded that WhatsApp turn over the contents of encrypted messages.

Rolling out end-to-end encryptionraised not just political concerns, but practical ones. If WhatsApp couldnt read the contents of its users messages anymore, how would it detect and fight spam on the platform? WhatsApp could have become a haven for scammers pushingpills and get-rich-quick schemes, which would have driven users off the platform and harmed its business even more than short-term court-ordered shutdowns.

Instead, WhatsApp developed approaches to detecting spam that dont rely on content at all, says WhatsApp engineer Matt Jones. Instead of looking at message content, WhatsApp analyzes behavior for indications that a user might be spamming. The approach is working surprisingly well. Jones says that WhatsApp slashed spam by 75 percent after launching end-to-end encryption.

If you have well-instrumented behavioral features, its totally possible to detect spam without any access to message content in an end-to-end encrypted world, Jones said at the USENIX Enigma security conference yesterday.

Some of WhatsApps behavioral detection systems will sound familiar to anti-spam experts. For instance, WhatsApp looks at how many messages a user is sending and will flag as spam if the user is sending an unusually high number of messages per minute, a common anti-spam strategy. But WhatsApp also uses a number of other signals to determine the probability that a message contains spam.

The simplest approach is to look at the reputation of the things an actor is using, Jones explained.WhatsApp examines data related to the internet service provider (ISP), the phone number, and the phone network being used, and compares that to previous spam reports. If the ISP data or the phone prefix (the first several digits of a phone number) have been previously associated with spammers, its likely that messages associated with that data are still spam. WhatsApp will also take notice if, for example, a phone with a Canadian country code connects via a cell network in Thailand and assess the probability that the user is a spammer or a traveller on vacation.

Once a spammer is reported, WhatsApp will also go back and look at the spammers actions on the platform for clues about why he wasnt caught, then feed that information into its model. Every message they sent before was an opportunity to prevent spam that we failed to take, Jones said.

WhatsApp bans users based on these probabilistic models, and if the company makes a mistake, users can appeal the ban. Jones said that WhatsApp has also cut back on mistaken bans through its enhanced spam detection. We cut spam by three quarters and the number of incorrect bans by half, he said.

The goal is to drive up the cost for attackers, Jones added. Eventually were going to catch all spammers. If you send spam, youre going to be reported and if youre reported, youre going to be banned.

However, this approach relies heavily on the analysis of metadata (the non-content information associated with transmitting a message), and WhatsApp has been criticized for hanging on to users metadata and sharing it with Facebook. End-to-end encryption only guarantees the privacy of message content, not metadata, but many non-technical users might not understand the difference and maybe surprised to learn how WhatsApp collects and analyzes their information.

Open Whisper Systems, the maker ofthe encrypted chat app Signal and the Signal Protocol (on which WhatsApps encryption is based) recently released its first subpoena and its response. The documents showed that OWS doesnt keep metadata on its users all that the company could hand over was the account creation date and the last log-in time.

Harvesting metadata is a trade-off. As OWS grows, it may find itself struggling with a spam problem. And WhatsApp will have to balance users expectations of privacy with their demand for a spam-free experience. Jones told TechCrunch that its a balance he thinks about often. He said the company has chosen to dump certain categories of metadata that proved unhelpful for spam prevention so as not to unnecessarily retain user info.

Some firms are hesitant to implement end-to-end encryption because they worry it will prevent them from fighting spam or rolling out new features, but the spam-prevention success that Jones described might encourage other communications companies to take the encryption plunge.

See the original post:
How WhatsApp is fighting spam after its encryption rollout ... - TechCrunch

WhatsApp has been solely fighting spam on its own for years. Even after its end to end encryption update, WhatsApp is giving a tough fight to spam. Now, this feature ensures that no one except the recipient, not even WhatsApp can read the recipients messages. If so, then how do they plan on spam detection? Apparently, they have the answer, and WhatsApp has been doing this for the longest time.

Suppose someone is sending you a forwarded message about a cheap weight loss promotion and they do so by spamming you endlessly. Then there is a friend of yours who keeps sending you good morning texts. Without reading the two messages how will WhatsApp figure out which one is spam and which one is not?

Further so, how will it stop the spam messages without reading it in the first place? In reality, we actually havent seen this as a big problem, says WhatsApp software engineer Matt Jones. We actually reduced spam by about 75 percent from around the time that we launched end-to-end encryption.

He explained that Spam detection is done by noticing suspicious behavior users indulge in. For example, it will see how long ago the user registered on the app. It will also see how many messages it has sent out in the last 30 seconds. So it can quickly identify if a person was sending out floods of messages to others. These are telltale signs of spam and its a smart move to determine potential threats.

Also Read: WhatsApp Real-Time Location Sharing Being Tested in Beta Version

After so many spam detections and blockages, WhatsApp is trying to identify a pattern. Is there a particular mobile provider or data provider whose services are used? It will examine the network and check out if it has routinely blocked out numbers from a particular target or not.

WhatsApp has a key advantage over other providers in fighting spam. It registers the mobile number, and therefore it has access to the network providers details as well.

If we make things expensive for [the spammers], their business model wont work, Jones said.

During Spam detection, the regular users can also be targeted because WhatsApp will detect unusual behavior like a US number suddenly sending connecting to an Indian network. This will set off alarms, and if WhatsApp suspects you are the spammer, it will immediately block you instead of deleting your spam messages.

So a lot of innocent users could come under the radar and face extreme measures. However, the legitimate users can file an appeal immediately. Meanwhile, WhatsApp is working on making spam detection more error-free.

Now with video calling feature intact, there is just one thing that WhatsApp seems to lack

February 6, 2017

It turns out that the WhatsApp update rumors were true after-all! Worlds number one messag

February 6, 2017

We are always looking for a secure messaging app not realizing that safety is complicated.

February 6, 2017

Load More Related Articles

Read the original:
WhatsApp Spam Detection Works Even After Encryption - Tech News Inc

Federal employees worried that President Donald Trump will gut their agencies are creating new email addresses, signing up for encrypted messaging apps and looking for other, protected ways to push back against the new administrations agenda.

Whether inside the Environmental Protection Agency, within the Foreign Service, on the edges of the Labor Department or beyond, employees are using new technology as well as more old-fashioned approaches such as private face-to-face meetings to organize letters, talk strategy, or contact media outlets and other groups to express their dissent.

Story Continued Below

The goal is to get their message across while not violating any rules covering workplace communications, which can be monitored by the government and could potentially get them fired.

At the EPA, a small group of career employees numbering less than a dozen so far are using an encrypted messaging app to discuss what to do if Trumps political appointees undermine their agencys mission to protect public health and the environment, flout the law, or delete valuable scientific data that the agency has been collecting for years, sources told POLITICO.

Fearing for their jobs, the employees began communicating incognito using the app Signal shortly after Trumps inauguration. Signal, like WhatsApp and other mobile phone software, encrypts all communications, making it more difficult for hackers to gain access to them.

One EPA employee even got a new, more secure cellphone, and another joked about getting a burner phone.

I have no idea where this is going to go. I think were all just taking it one day at a time and respond in a way that seems appropriate and right, said one of the EPA employees involved in the clandestine effort, who, like others quoted in this story, was granted anonymity to talk about the sensitive discussions.

The employee added that the goal is to create a network across the agency of people who will raise red flags if Trumps appointees do anything unlawful.

The White House did not immediately respond to a request for comment.

While many workers across the federal government are still in wait-and-see mode, the first two weeks of the Trump administration with its flurry of executive orders that have in some cases upended lives have sent a sobering message to others who believe they must act now.

In recent days, career employees at the State Department gathered nearly 1,000 signatures for whats known as a Dissent Channel memo, in which they express their anger over a Trump executive order that bars immigrants from seven Muslim-majority countries and halts refugee admissions to the country. The number of signatures was extraordinarily high, even though the letter was submitted after White House spokesman Sean Spicer essentially warned the dissenting diplomats they were risking their jobs.

The executive order on immigration and refugees caused widespread panic at airports, spurring protests and outrage around the world.

It also led to what has been the most high-profile act of defiance yet from a Trump administration official: Acting Attorney General Sally Yates on Monday ordered the Department of Justices lawyers not to defend the order in court. Yates was fired that same night.

Current and former employees of the Labor Department, meanwhile, are using their private email accounts to send around a link to a letter asking senators to oppose the nomination of Andrew Puzder for secretary of their agency. The employees may sign on to the letter using Google Docs. The letter will not be submitted to the Senate HELP Committee, and the signatures will not be made public, unless 200 current employees sign on.

A federal worker familiar with the letters circulation said that its being signed by hundreds of current and former DOL employees.

According to a draft of the letter obtained by POLITICO, the employees write that they have "serious concerns" about the fast-food magnates willingness to protect the rights of workers given some of his past comments and actions.

The draft of the letter criticizes Puzder's comments about women, and cites his restaurants advertisements, some of which feature women in bikinis eating burgers. Puzder has defended the ads.

"One of us once heard a colleague ask, quite seriously, whether it would violate workplace rules of civility and prohibitions against sexual harassment to view Mr. Puzders ads on a government computer," the letter says. "We think the question is a good one."

The federal employees interviewed for this story stressed that they see themselves as nonpartisan stewards of the government. But several also said they believe they have a duty to speak out if they feel a policy is undermining their mission.

Drafts of the Dissent Channel memo signed by the State Department employees insist, for instance, that instead of protecting U.S. national security through his new executive order on refugees and immigrants, Trump is endangering the United States by bolstering the terrorists narrative that the West hates Muslims.

I think we all have to look within ourselves and say Where is that line that I will not cross? one Foreign Service officer said.

Since Trump was elected in November, many State Department employees have also met quietly for other reasons. Groups of Muslims who work at Foggy Bottom, for instance, have held meetings to discuss fears that they could be subject to witch hunts and see their careers stall under the new administration. A few of Trumps top aides have spoken out against radical Islamism in such harsh terms that some Muslims believe the aides are opposed to the religion of Islam as a whole.

Steven Aftergood, who directs the Project on Government Secrecy at the Federation of American Scientists, indicated that its too soon to say whether theres a broad trend of bureaucratic resistance to Trump taking hold.

"Quite a few federal employees seem to be looking for constructive ways to express discontent," he said. "Meanwhile, tension is still growing, not subsiding."

EPA employees are uniquely concerned about their future, having faced barbs from Trump advisers who have toyed with cutting the agency's staff by two-thirds and from other Republicans who want to eliminate the agency altogether. So career staffers are discussing the best way to alert the public to whats happening behind the scenes.

Im suddenly spending my days comparing the importance of the oath I took when I started my career service and the code that I have as an American, an EPA employee said.

EPA employees have started reaching out to former Obama administration political appointees, who they hope will help them spread the word about any possible improper conduct at the agency.

Its probably much safer to have those folks act as the conduit and to act as the gathering point rather than somebody in the agency, the employee said. Youre putting your career and your livelihood and your paycheck at risk every time you talk to somebody.

Organizations such as the Government Accountability Project, which advocates for whistleblowers, have been busy as federal employees fret about what their new bosses may ask them to do.

Weve had a significant number of federal employees who have contacted us in recent weeks, said Louis Clark, the nonprofits CEO. It has to be the largest influx of people trying to reach us that weve seen.

The largest group of callers? The people who want to know what to do if theyre asked to violate the law, Clark said.

Jeff Ruch, executive director of Public Employees for Environmental Responsibility, said EPA employees are in perhaps the deepest pit of despair among his groups membership.

He said his group has been fielding calls on everything from what triggers a reduction in the federal workforce to how long they can carry health insurance benefits if they are pushed out.

Asked how EPA employees are feeling, Ruch said, In the broadest sense, scared and depressed.

Rachael Bade contributed to this report.

See the original post:
Federal workers turn to encryption to thwart Trump - Politico

Our editorial staff evaluates products and services independently, but Top Ten Reviews may earn money when you click on links. Learn More

Send and Receive Secure Emails

Email security and encryption software does more than just encrypt emails. Depending on the solution, you can send compliant email transmissions, thwart data loss, secure proprietary information and instill client confidence. In addition, imposed encryption points range from one-click options to enforced policy-based encryption methods. Although many industries in the past required faxing of sensitive information, nowadays many email encryption services provide compliant encrypted email options that are even more secure than traditional faxing and much more convenient.

Beyond email security, secure email software also provides tools to help with compliance, legal inquiries and tracking. The best email security software provides an administration console, compliance reports, sortable email logs, email trackers, email expiration dating, and archiving technology. Many are also compatible with all email types, DLP filters, security software and mobile email.

To learn more about what email security services can offer check out our top rated products. See HP SecureMail, if you are looking to integrate email encryption with your established business applications. For exceptional ease of use from admin to recipient, see DataMotion. If you are looking for DLP tools combined with email encryption, see Proofpoint. To learn more about email encryption, see our articles on email encryption software.

The first consideration with email security software is the encryption point. Small businesses may trust employees to decide which emails need to be encrypted. In this situation, a desktop or cloud-based solution will work. Other companies may benefit from removing the decision from the employee by using policy-based filters. This encrypts emails after they leave the employee's desktop at the point where they pass through the mail server, gateway, appliance or web portal, based on your company's policy filters.

Other considerations include the integrations and compatibilities you require, such as Outlook plugins, mobile phone emailing, email protocols and archiving methods. You will also want to select a solution that provides the encryption methods your business and clients require. Most services support OpenPGP and S/MIME encryption methods and provide access to other types of email security, such as AES and certificates if requested. Another consideration is the recipient experience. You want to look for a secure email solution that provides a simple and quick way for your customers and recipients to access secure messages.

Here are the criteria we used to compare email encryption software:

Security If your company is bound by compliance or regulatory requirements, you need to ensure that the email encryption service you use can satisfy your security standards. All email encryption software secures emails. However, most secure email services offer a range of security options, such as user-initiated and policy-based encryption. Some will even block email from sending messages that contain non-sharable information. If the service stores your email data and interactions for your company, they should take precautions to secure their data center(s). We compared a wide range of security features and rated highest those that not only encrypt email, but also those that provide additional layers of security.

Recipient Experience While security is critical, you do not want it to inconvenience your customers. We looked for encryption software with features that make the recipients' experience hassle free. The encryption programs that are simplest to use do not require your customers to download software or maneuver through a complicated process to receive secure messages. We rated highest the software that also allows recipients to send secure return emails and easily request passwords without your administrator having to manage the request.

Administration Tools Competitive email encryption software for small businesses and larger companies should supply a powerful, simple to use administration console. We compared services and the tools they offer for managing emails, creating reports, sorting emails, deploying software and configuring policies. The best software provides simple or even automatic deployment options and preconfigured policies that support common regulatory constraints.

Integrations & Compatibility Most companies do not run email encryption software independently. To be truly useful and efficient, it should function alongside popular business solutions such as Salesforce, GroupWise and security software. It also ought to work across platforms with all email types, regardless of the device type (PC, mobile phone or tablet). Top encryption tools also work in conjunction with content and internet filters, as well as eDiscovery and archiving methods. We rated highest the encryption software that is compatible with all popular platforms and commonly used business applications.

Unless you only need encryption software for one seat, you will want to do your share of research before contracting with an email encryption service. We suggest that you peruse our reviews, identify your top three candidates and then contact those companies for a customized quote. Their sales teams and account managers should be able to help you identify the best method for providing the type of email security that would work best for your company and its regulatory requirements.

Read the original here:
The Best Email Encryption Software of 2017 | Top Ten Reviews

This documentation is archived and is not being maintained.

Encryption is the process of translating plain text data (plaintext) into something that appears to be random and meaningless (ciphertext). Decryption is the process of converting ciphertext back to plaintext.

To encrypt more than a small amount of data, symmetric encryption is used. A symmetric key is used during both the encryption and decryption processes. To decrypt a particular piece of ciphertext, the key that was used to encrypt the data must be used.

The goal of every encryption algorithm is to make it as difficult as possible to decrypt the generated ciphertext without using the key. If a really good encryption algorithm is used, there is no technique significantly better than methodically trying every possible key. For such an algorithm, the longer the key, the more difficult it is to decrypt a piece of ciphertext without possessing the key.

It is difficult to determine the quality of an encryption algorithm. Algorithms that look promising sometimes turn out to be very easy to break, given the proper attack. When selecting an encryption algorithm, it is a good idea to choose one that has been in use for several years and has successfully resisted all attacks.

For more information, see Data Encryption and Decryption Functions.

Go here to see the original:
Data Encryption and Decryption (Windows)

XML Encryption, also known as XML-Enc, is a specification, governed by a W3C recommendation, that defines how to encrypt the contents of an XML element.

Although XML Encryption can be used to encrypt any kind of data, it is nonetheless known as "XML Encryption" because an XML element (either an EncryptedData or EncryptedKey element) contains or refers to the cipher text, keying information, and algorithms.

Both XML Signature and XML Encryption use the KeyInfo element, which appears as the child of a SignedInfo, EncryptedData, or EncryptedKey element and provides information to a recipient about what keying material to use in validating a signature or decrypting encrypted data.

The KeyInfo element is optional: it can be attached in the message, or be delivered through a secure channel.

XML Encryption is different from and unrelated to Transport Layer Security, which is used to send encrypted messages (including xml content, both encrypted and otherwise) over the internet.

It has been reported that this specification has severe security concerns.[1][2]

Originally posted here:
XML Encryption - Wikipedia

The United States government has demanded that Apple take an unprecedented step which threatens the security of our customers. We oppose this order, which has implications far beyond the legal case at hand.

This moment calls for public discussion, and we want our customers and people around the country to understand what is at stake.

Answers to your questions about privacy and security

Smartphones, led by iPhone, have become an essential part of our lives. People use them to store an incredible amount of personal information, from our private conversations to our photos, our music, our notes, our calendars and contacts, our financial information and health data, even where we have been and where we are going.

All that information needs to be protected from hackers and criminals who want to access it, steal it, and use it without our knowledge or permission. Customers expect Apple and othertechnology companies to do everything in our power to protect their personal information, and at Apple we are deeply committed to safeguarding their data.

Compromising the security of our personal information can ultimately put our personal safety at risk. That is why encryption has become so important to all of us.

For many years, we have used encryption to protect our customers personal data because we believe its the only way to keep their information safe. We have even put that data out of our own reach, because we believe the contents of your iPhone are none of our business.

We were shocked and outraged by the deadly act of terrorism in San Bernardino last December. We mourn the loss of life and want justice for all those whose lives were affected. The FBI asked us for help in the days following the attack, and we have worked hard to support the governments efforts to solve this horrible crime.We have no sympathy for terrorists.

When the FBI has requested data thats in our possession, we have provided it.Apple complies with valid subpoenas and search warrants, as we have in the San Bernardino case.We have also made Apple engineers available to advise the FBI, and weveoffered our best ideas on a number of investigative options at their disposal.

We have great respect for the professionals at the FBI, and we believe their intentions are good. Up to this point, we have done everything that is both within our power and within the law to help them. But now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone.

Specifically, the FBI wants us to make a new version of the iPhone operating system, circumventing several important security features, and install it on an iPhone recovered during the investigation. In the wrong hands, this software which does not exist today would have the potential to unlockanyiPhone in someones physical possession.

The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limitedto this case, there is no way to guarantee such control.

Some would argue that building a backdoor for just one iPhone is a simple, clean-cut solution. But it ignores both the basics of digital security and the significance of what the government is demanding in this case.

In todays digital world, the key to an encrypted system is a piece of information that unlocks the data, and it is only as secure as the protections around it. Once the information is known, or a way to bypass the code is revealed, the encryption can be defeated by anyone with that knowledge.

The government suggests this tool could only be used once, on one phone. But thats simply not true. Once created, the technique could be used over and over again, on any number of devices. In the physical world, it would be the equivalent of a master key, capable of opening hundreds of millions of locks from restaurants and banks to stores and homes. No reasonable person would find that acceptable.

The government is asking Apple to hack our own users and undermine decades ofsecurity advancements that protect our customers including tens of millions of American citizens from sophisticated hackers and cybercriminals. The same engineers who built strong encryption into the iPhone to protect our users would, ironically, be ordered to weaken those protections and make our users less safe.

We can find no precedent for an American company being forced to expose its customers to a greater risk of attack. For years, cryptologists and national security experts have been warning against weakening encryption. Doing so would hurt only the well-meaning and law-abiding citizens who rely on companies like Apple to protect their data. Criminals and bad actors will still encrypt, using tools that are readily available to them.

Rather than asking for legislative action through Congress, the FBI is proposing an unprecedented use of the All Writs Act of 1789 to justify an expansion of its authority.

The government would have us remove security features and add new capabilities to the operating system, allowing a passcode to be input electronically. This would make it easier to unlock an iPhone by brute force, trying thousands or millions of combinations with the speed of a modern computer.

The implications of the governments demands are chilling. If the government can use the All Writs Act to make it easier to unlock your iPhone, it would have the power to reach into anyones device to capture their data. The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phones microphone or camera without your knowledge.

Opposing this order is not something we take lightly. We feel we must speak up in the face of what we see as an overreach by the U.S. government.

We are challenging the FBIs demands with the deepest respect for American democracy and a love of our country. We believe it would be in the best interest of everyone to step back and consider the implications.

While we believe the FBIs intentions are good, it would be wrong for the government to force us to build a backdoor into our products. And ultimately, we fear that this demand would undermine the very freedoms and liberty our government is meant to protect.

See the article here:
Customer Letter - Apple

FileVault full-disk encryption(FileVault 2) usesXTS-AES-128 encryption with a 256-bit key tohelppreventunauthorizedaccess to the information on your startup disk.

Turn onFileVault

Reset password

Turn offFileVault

FileVault 2 is availablein OS X Lion or later.When FileVault is turned on, your Mac always requires that you log in with your account password.

If other users have accounts on your Mac, you might see a message that each user must type in their password before they will be able to unlock the disk. For each user, click the Enable User button and enter the user's password. User accounts that you add after turning on FileVault are automatically enabled.

Choose how you want to be able to unlock your disk and reset your password, in case you ever forget your password:

If you lose or forget both your account password and your FileVault recovery key, you won't be able to log in to your Mac or access the data on your startup disk.

When FileVault setup is complete, your Mac restarts and asks you to log in with your account password. Your password unlocks your disk and allows your Mac to finish starting up.FileVault requires that you log in every time your Mac starts up, and no account is permitted to log in automatically.

After your Mac starts up, encryption of your startup disk occurs in the background as you use your Mac. This takes time, and it happens only while your Mac is awake and plugged in to AC power. You can check progress in the FileVault section of Security & Privacy preferences. Any new files that you create are automatically encrypted as they're saved to your startup disk.

If you forget your account password or it doesn't work, you might be able toreset your password.

If you want to change the recovery key used to encrypt your startup disk, turn off FileVault in Security & Privacy preferences. You can then turn it on again to generate a new key and disable all older keys.

If you no longer want to encrypt your startup disk, you can turn off FileVault:

After your Mac starts up, decryption of your startup disk occurs in the background as you use your Mac. This takes time, and it happens only while your Mac is awake and plugged in to AC power. You can check progress in the FileVault section of Security & Privacy preferences.

* If you storeyour recovery key with Apple or your iCloud account, there's no guarantee that Apple will be able to give you the key if you lose or forget it. Notall languages and regions are serviced byAppleCareor iCloud, and not allAppleCare-serviced regionsoffer support in every language. If youset up your Mac for a languagethat AppleCare doesn't support, then turn on FileVault and store your key with Apple (OS X Mavericks only),your security questions and answers could be in a language that AppleCare doesn't support.

Published Date: Dec 9, 2016

Link:
Use FileVault to encrypt the startup disk on ... - Apple Support

Do you need to deal with data privacy challenges? Are you worried about meeting compliance regulations? HP Secure Encryption helps you accomplish this with data encryption keys to secure your sensitive data at rest. HP Secure Encryption is available for both local and remote deployments. Local Key Management mode provides a single server deployment. Remote Key Management mode allows for central management for enterprise-wide deployment. Both Local Key Management mode and Remote Key Management mode requires the HP Smart Storage Administrator (SSA) version 1.60.17.0 or later, Smart Array Px3x controllers or later, and Smart Array firmware version 1.50 or later. For Remote Key Management mode, the HP Enterprise Secure Key Manager (ESKM) 3.1 or later manages all the keys and will help you scale to over 25,000 servers and millions of keys.

Broad Encryption Coverage

HP Secure Encryption encrypts the data on both the attached bulk storage and cache module of the HP Smart Array Px3x controller. It supports any hard disk drive or Solid State Drive in the Smart Drive portfolio for HP ProLiant Gen8 Servers (or later) or supported storage enclosures.

High Availability and Scalability

HP Secure Encryption easily scales with your business from single server deployment to enterprise-wide deployment of over 25,000 servers via the HP Enterprise Secure Key Manager (ESKM) 3.1 or later. ESKM manages all the keys centrally and when deployed in a clustered configuration, it maximizes uptime.

Simplified Deployment and Management

The HP Smart Storage Administrator configures the cryptographic features of HP Secure Encryption associated with the HP Smart Array Px3x or later controllers. Although an activation key is not required to enable the features, a license is required per encrypted drive.

The ESKM manages all the keys across all HP Secure Encryption deployments.

Support compliance requirements like HIPAA and Sarbanes-Oxley

HP Secure Encryption helps enterprises comply with data privacy requirements associated with HIPAA and Sarbanes-Oxley Acts.

HP ESKM version 3.1 has achieved FIPS 140-2 Level-2 validation.

HP has applied for FIPS 140-2 Level-2 validation for the Smart Array Px3x family of Controllers and is currently listed on the NIST pending site.

HP has completed FIPS 140-2 Level 2 certification # 2735. HP has applied for FIPS 140-2 Level1 validation for the HP Smart Array Px4x family of controllers and is currently listed for FIPon the NIST pending site.

Follow this link:
HP Secure Encryption | HPE