What Is Encryption? – Internet Society

Posted on October 16, 2023 by admin

Personal security: Encryption backdoors can be opened by anyone who finds them, including cyber criminals who will work overtime to find and exploit them with devastating consequences for the personal security of billions of people, including:

Compromised personal privacy and security: End-to-end encrypted communications protect the identity of journalists, activists, protected witnesses, undercover police, and many others who rely on secure and confidential communications. Vulnerable communications put these people at risk.

Putting vulnerable populations at risk: End-to-end encryption has helped protect vulnerable individuals, including victims of abuse and LGBTQ+ people who use encryption to communicate confidentially and to seek help without fear of retribution. Victim advocates use encryption to confidentially discuss relocation plans with survivors of domestic abuse.

Jeopardizing banking and financial information: By weakening encryption, personal banking information, credit card data, and other sensitive financial information is easier for cyber criminals to access and exploit.

Compromising the private identities of billions of people: Weakening encryption exposes information like health records, personal identification data, and other important data that makes it easier for cyber criminals to steal the identities of billions of people.

National security:Encryption backdoors could create new opportunities for bad actors, including hostile governments, terrorist organizations, and international crime rings, to access and exploit government officials confidential communications, and penetrate and attack confidential computer systems and databases. This could cause wide-scale, systemic disruptions to economies, infrastructure, and national security including:

Compromising government data: Government breaches are frequent, such as the colossal breaches at the United States Office of Personnel Management, the Indian governments Aadhaar database, and the sensitive information of European Union elected officials. Authorities arent able to keep encryption backdoors safe from hackers and criminals, putting confidential data and critical infrastructure like banks and the power grid at risk.

Undermining financial and economic security: By making personal information and bank data less secure, encryption backdoors could unintentionally facilitate identity theft and financial fraud with devastating consequences for individuals, businesses, and the nations economic stability.

Jeopardizing life-sustaining infrastructure: Introducing vulnerabilities into critical infrastructure systems like electrical power grids via the secure communications systems used by its operators could allow bad actors to hijack the grid and deny power to thousands, leading to widespread public fear, economic harm, physical injury, and even deaths. Other critical public services that rely on encryption to keep citizens safe include elections, hospitals, and transportation.

Compromising military operations: Encryption supports important government entities that rely on encryption to safeguard nation states.

The rest is here:
What Is Encryption? - Internet Society

How to Encrypt Files, Folders and Drives on Windows | TechSpot

Posted on May 3, 2023 by admin

One of the best ways to protect your privacy is to encrypt important information on your computer. Whether you need to send personal information to someone, or simply want to make sure that no one who gets access to your computer can see stuff you would rather keep private, encryption is the way to go.

Editor's Note:Guest author Heinrich Long is a writer at Restore Privacy, a blog dedicated to inform about best online privacy practices, secure your electronic devices, unblock restricted content and defeat censorship.

As a Windows 10 user, you have numerous options for encrypting information. In this guide we will show you ways to encrypt individual files, file folders, and even entire disk drives. Each approach has its own benefits and drawbacks, so we'll cover those, too. That way, you'll have a better sense of which type of encryption you will need for various situations. Before we go further, here are a couple of points to keep in mind:

Now let's talk about when to use the three types of encryption that you can use:

As the name implies, individual file encryption refers to encrypting one file at a time. Each file has its own password or key.

Individual file encryption is great for files you plan to share or store in the cloud. Windows 10 users can encrypt individual files using a tool like 7-zip. You can also encrypt individual Microsoft Office files from within their apps, although this is better suited to casual person use than protection against serious adversaries.

Next up is folder level encryption. This approach involves encrypting everything that is stored in a folder. Passwords or keys are assigned to the folder, not individual files.

Folder encryption is a great organizational tool. For example, you could create a different encrypted folder for each member of your family. Give Sally only the password for her folder, and Jimmy only the password for his, and each can have their own private space on the same device.

Note that storing a file in an encrypted folder doesn't prevent you from also encrypting files individually.

Hard drive or disk encryption protects the entire drive at once. To use a device with an encrypted hard drive you would need to enter the password or key when you logged on, or nothing on the disk would be accessible.

This kind of encryption is a good first line of defense in case of theft. If someone stole your laptop, or ripped the drives out of one of your servers, they would need to defeat the hard drive encryption to get any data at all.

You can still apply folder level encryption and individual file encryption to an encrypted disk.

Before we dive into the details of file encryption, we need to make an important note on passwords. You need to be using a good password manager, along with good password hygiene.

Why is that? Well, if you lose or forget the password for accessing your encrypted files, then they'll probably be gone for good. A good password manager is critical. We've reviewed many options, including 1Password, LastPass, and many more.

See our guide on the best password managers for the top recommendations and step-by-step information for good password management. Now that we've hit the basics, it is time for some specifics. Let's start with...

Your options for encrypting files and folders on Windows 10 devices depend on which version of Windows 10 you have. Windows 10 Pro and Enterprise users have a built-in encryption tool called the Encrypting File System (EFS). Any Windows 10 user, including those with the Home edition, can also use third-party apps such as 7-zip for file and folder encryption.

Beyond these options, Microsoft Office apps have a basic file locking / encryption feature built in, as does Adobe Acrobat. We'll round out our coverage of Windows 10 encryption by taking a look at these.

The Encrypting File System (EFS) is built into the Professional and Enterprise versions of Windows 10. It is treated as an Advanced feature of the Windows File Explorer. This makes a lot of sense, since used carelessly, EFS can leave you with files you can never access again.

EFS does all its encryption work in the background, including automatically creating a File Encryption Key (FEK), and encrypting that key so only the account that encrypted the file can decrypt it. All this happens automatically and transparently.

Aside from a lock symbol that appears in the File Explorer next to a file or folder that is encrypted, there is no easy way to tell that a file or folder is encrypted with EFS.

Unfortunately, EFS has some quirks that make it a less than ideal choice for many uses. Knowing what these are will help you decide whether EFS is the answer to your Windows 10 file encryption needs:

If these quirks haven't scared you away, here's how to encrypt files and folders with EFS:

That is all you need to do, from now on, the encrypted file or folder will appear encrypted to anyone other than the user account that encrypted the item in the first place.

7-zip is a freeware file compression program that can also encrypt files and folders using AES-256 encryption, which is the industry standard for most encrypted systems. If you plan to use 7-zip to encrypt files or folders you should know that the process creates an encrypted copy of the file or folder. The original, unencrypted file or folder is unchanged.

If you are creating the encrypted item because you plan to send it somewhere, or store it in the cloud or something like that, this is fine. But if your goal is to protect the files and folders on your own device, this isn't ideal.

In the rest of this section, we'll first look at how to encrypt files and folders with 7-zip. After that we'll talk about what else you need to do if your goal is to protect the files and folders on your own device. The following instructions assume you already have 7-zip installed on your system. If not, you can download it here.

The result of encrypting something with 7-zip the way we did here is a zipped archive that is AES-256 encrypted. This archive appears in the same folder as the file or folder that you encrypted, alongside the original file or folder. What this means to you depends on what you plan to do with the encrypted file or folder.

If you created the archive to share copies of the file or folder, this is fine. Just send the archive to the recipient. Assuming they have 7-zip or a similar program on their system (and you securely conveyed the password to them somehow), they will be able to unzip the archive, then double-click the file to enter the password in a dialog box like this one:

Once they do that, the operating system should open the file in whatever app is appropriate, and the recipient can view it, or save it, or do whatever is necessary with it. Note that they will still have the encrypted files on their system as well.

If you created the archive to protect the files or folders on your system, you should skip down to the section titled, "Eliminate any possible unencrypted copies of the file" once you are done encrypting files and follow the instructions there to make sure no unencrypted copies of things are lying around where some snoop can find them.

Some applications now have options to encrypt the types of files they themselves use. For example, Microsoft Word can encrypt Word files, and Adobe Acrobat can encrypt PDF files. We'll demonstrate this below.

Let's use Microsoft Word to show how it is done by encrypting a simple Word document.

From now on, the only way to view this document will be by entering the password when prompted from within a Microsoft Office application that supports the unencrypted file type. But please see the next section to eliminate any possible unencrypted copies of the file on your computer.

If you use 7-zip or Microsoft Office to encrypt files, it is likely that Windows 10 still has one or more temporary copies of the unencrypted files stashed on the disk. To be safe, you will want to delete all temporary files once you are done encrypting things.

When it comes to disk encryption on Windows 10, BitLocker Device Encryption is the tool that Microsoft provides. Built into Windows 10 Pro and Enterprise, BitLocker Device Encryption does exactly what it sounds like - it encrypts all the storage devices in your system.

This sounds ideal, but there are some drawbacks to using BitLocker.

Happily for us, there is a great alternative available. Called VeraCrypt, it addresses all of the drawbacks we just saw:

VeraCrypt is Free, Open Source Software (FOSS), which we really like. Without getting into the OpenSource vs Proprietary software argument that plagues the computer world, from our perspective, FOSS software is generally considered more secure, and of course is free to use. Once VeraCrypt is installed, all you need to do is enter your VeraCrypt password whenever you start the computer.

Given all that, you know where we're going with this. In the following section we'll walk you through installing VeraCrypt on one of our lab machines. Ready?

While installing VeraCrypt is much simpler than the alternative, there is more to it than just launching an installer and pressing Okay a few times. And if you mess up, there is a chance you will lose files or even access to the entire disk drive.

We suggest you read through the instructions that follow before starting the process. If you are not confident you can complete the steps shown, or if you have a bad habit of losing important passwords, it is better to skip this type of encryption.

Here are the steps to install VeraCrypt on Windows 10:

Encrypting important information is one of the best things you can do to protect yourself from everyone who is trying so hard to get their hands on your personal information.

In this guide we covered techniques that Windows 10 users can use to encrypt individual files, folders, and entire drives on their Windows systems. While no one can guarantee that your data will be 100% safe against any and all attacks, the simple act of encrypting your most important data can make a big difference.

Masthead credit: eamesBot

Original post:
How to Encrypt Files, Folders and Drives on Windows | TechSpot

What Is Encryption, and How Does It Work? – How-To Geek

Posted on May 3, 2023 by admin

wk1003mike/Shutterstock.com

Youve probably seen the term encryption used around the internet. So what is it? It might be the most important technology we have. Most digital security measures,everything from safe browsing to secure email, depend on it. Without encryption, wed have no privacy.

If you write something down that is important, private, or sensitive you might worry that someone else is going to read it. If you need to give it to a messenger to take to another person, the risk of the wrong people reading that message increases. Encryption changes the composition of a message or data so that only people who know how to return it to its original form can read it. To anyone else, itll appear as gibberish or a meaningless collection of characters and symbols.

Since the earliest times, people have used different techniques of preventing anyone but the intended recipient from reading private messages. The ancient Greeks would wrap a strip of parchment in a tight spiral around a wooden rod called ascytale. They wrote their message along the length of the rod, over the wrapped parchment.

Uncoiled, the writing on the parchment made no sense. A messenger would deliver the parchment to the recipient who would read the message in private having first wrapped it around their own, matching, scytale. This is a form oftransposition cipher.

Its a primitive technique, but it has elements that youll find in modern encryption systems. Both the sender and the recipient must know in advance what the encryption scheme is, and how to use it. And they both need matching mechanisms to do so.

Another method used by the ancient Greeks used aPolybius square. This was a five-by-five or six-by-six grid of letters. A letter was referenced by its coordinates, like the game battleships. The first letter in the first row was coded as 11, the fourth letter on the second row would be written as 42, and so on.

Of course, there are many ways to fill the grid with letters. Unless you know the layout of the letters, decryption is difficult. This lets you set up a scheme with multiple squares with different layouts. You could create seven squares and use a different square for each day of the week, for example. Schemes that use multiple alphabets are calledpolyalphabetic ciphers.

A Polybius square is a form of code. A code substitutes other characters for letters, in this example, digits. Ciphers replace letters with other letters.

Julius Caesar gave his name toCaesars Cipher. This uses an offsetor rotationto select a letter a set distance from the letter youreenciphering. If you were using an offset of two, A would be written as C, and D would be written as F. The recipient has to know the correct offset to use to decipher the message by subtracting the offset from the letters theyve received.

A Caesars Cipher with an offset of 13known as rotation 13 or ROT13possesses a special quality. There are 26 letters in the standard English alphabet, and 13 divides into 26 exactly twice. With this offset, to decipher something you can put it through the enciphering process again. Enciphering twice returns you to the original text.

If you pick out the letters GEEK in the top alphabet and note the matching letters in the lower alphabet, youll get TRRX. If you do that again with TRRX in the top alphabet youll get the letters GEEK from the bottom alphabet.

In programming terms, this simplifies matters because you only need to write an enciphering routine. Theres no need for a deciphering routine. This is why writing a ROT13 implementation is a common exercise for people learning to program. ROT13 is also commonly held up as anexample of very poor, low-grade encryption.

You can try it yourself with this online ROT13 engine. Try entering Alaska Nynfxn then putting the output back in as the input.

All of the examples weve covered here are easy to crack, but they do illustrate a common element that is shared amongst them all, and amongst all forms of encryption. Theres a set of rules to follow to convert your original data, called the plaintext, into the enciphered version, known as the ciphertext. That set of rules is an algorithm. And thats what encryption is.

Its algorithms for privacy.

Just like the person in ancient Greece, a person in the digital age who wishes to store or send private data faces challenges. What can you do to prevent unauthorized people from accessing the data? And what can be done to make it secure?

All of the old systems could be overcome with knowledge of the encryption system. Use the same diameter rod and the scytale message becomes readable. Caesars Cipher can be broken by trying different offsets on the first part of the message. You only have 25 to try, at the most.

Polybius squares pose more of a challenge because the layout of the letters within the square is unpredictable.If you know what the layout of the square is, it isnt even a challenge. If you have no idea of the layout of the square you can try to decipher the message by studying the ciphertext itself.Thats called cryptanalysis.

With a simple cipher, you can use aids like letter frequency tables to work out which ciphertext letter represents which plaintext letter.A secure encryption scheme needs to be secure no matter who knows about the mechanics of the scheme, and the ciphertext must withstand cryptanalysis attacks.

Robust digital schemes dont work on letters and characters one at a time as serial ciphers do. They work through the data a chunk at a time and are called block ciphers.

They manipulate the bitsall those ones and zeroesinside each block according to the rules of complicated mathematical transforms embedded inside the encryption algorithms.If an algorithm uses a block size of 128 bits itll work its way through the data in chunks of 128 bits. If the last chunk to be processed is smaller than 128 bits, it is padded to 128 bits.

There are many block encryption schemes available. The Advanced Encryption Standard (AES) is the official encryption standard of the U.S. government. Different encryption schemes use different algorithms and different block lengths and make use of different combinations of mathematical transforms.

RELATED: What Is "Military-Grade Encryption"?

That all sounds very thorough, but how do we prevent an unauthorized person from using the same encryption scheme to decrypt our encrypted data?

Well look at a special case first. Its possible to encrypt data using a one-way transform. This is the very antithesis of ROT13 because the resulting ciphertext cannot be reverted to plaintext. More accurately, it cant be decrypted within a practical timeframe. This type of encryption is used in hashing functions where a string of plaintext is hashed into a string of ciphertext, called the hash or hash string. All of the hash strings are the same length.

How is this useful? Well, a secure website wont store your password in plaintext. Your password is hashed and the hash string is stored. Your password is never retained. When you next log in and enter your password, it is hashed and the hash string is compared to the hash string that is stored in your account details. If they match, you can enter. If you enter an incorrect password the two hash strings wont match and you are not allowed in.

This lets the website use authentication without having to store the passwords in an exposed form. If they get hacked, none of the passwords are compromised. Hashing techniques may also add unique, random data called asalt to the passwords before they are hashed. This means all hashes are unique even if two or more users happen to have chosen the same password.

To prevent unauthorized people from decrypting data, a key is used that identifies who encrypted it and who can decrypt it. A key is a long sequence of bytes generated by a complex algorithm. They typically range in size from 128 bytes to 2048 bytes or more. The key is used by the encryption algorithm when it is encrypting the plaintext. The key size is independent of the block size.

To protect locally stored data, entire hard drives can be encrypted. The encryption is tied to the login identity of the user and the key is generated automatically and applied automatically. The user doesnt have any direct interaction with the key, and the key never needs to be sent to anyone else.

Because the key is tied to the login identity of the user, removing the hard drive from the computer and connecting it to another computer will not allow access to the data. This type of protection safeguards data that is static or at rest.

If your data must be transmitted you need to consider how you will safeguard your data in transit.

When you connect to a website and see a padlock symbol in the address bar, you know youre connected to a website that is secure, right? Well, sort of.What it actually means is that the connection between your computer and website is encrypted using SSL/TLS encryption.

Thats a good thing, but it doesnt verify the security of the rest of the website. The website might be storing passwords in plaintext and using a default admin password on the database. But at least if you see thepadlock, you know your communication with the website is encrypted.

This encryption is possible because your browser and the website use the same encryption scheme with multiple keys. At the start of a connection session your browser and the website exchange public keys. A public key can decrypt something that has been encrypted using a private key.

Your browser and the website exchange their public keys and then encrypt using their private keys. Because each end of the connection has the other ends public key, each end can decrypt the information they receive from the other end. The private keys need never be exposed.

Releasing a public key is safe. A public key cannot be used to fraudulently encrypt data. So although you receive a copy of a websites public key, you cant impersonate the genuine website because you dont have the private key. This raises the question of authenticity. How do you know the website is the genuine owner of the public and private key pair, and not a copycat site that somehow stole both keys from the genuine website?

Certificates are used to verify the identity of websites. These are issued by Certification Authorities once they have verified the identity of the applicant. The website sends the certificate as part of the handshake at the start of a connection session so that the web browser can validate the certificate.

It does this by contacting the Certificate Authority and decrypting some information on the certificate. This requires yet more keys. Your browser has public keys of major Certificate Authorities as part of its installation bundle. And there are yet more keys involved. As well as exchanging public keys, your browser and the website create unique session keys to further secure their communications.

Once your browser has verified the authenticity of the site and the strength of the encryption, it places the padlock in the address bar.

RELATED: How to Turn on "Enhanced Safe Browsing" in Google Chrome

The concept of public and private keys crops up again and again in encryption. A common method of securing emails in transit uses pairs of public and private keys. Public keys can be exchanged safely, private keys are not shared. Messages are encrypted using the senders private key. The recipient can use the senders public key to decrypt and read it. They can use their own private key to encrypt a reply.

OpenPGP is a well-known encryption scheme that follows this model, with a twist.

The senders email client generates a random key.This is used to encrypt the email message.The random key is then encrypted with the recipients public key.The encrypted message and the encrypted random key are sent to the recipient.The recipients email program uses their private key to decrypt the random key which is then used to decrypt the message.

The purpose of the extra step is to allow an email to be sent securely to multiple recipients. Your email client doesnt need to encrypt the entire email separately for every recipient, just the random key.

Of course, secure email systems also face the question of authenticity. You have to trust the public key that has been sent to you. Keys are tied to email addresses. Having the public key sent to you from the email address youll be conversing with is a good first step. Most email clients can show the email address associated with a public key.

Another method of checking the authenticity of a public key is to obtain it from a repository. The public keys uploaded to repositories are verified by the repository before theyre made public.

At least, encryption underpins our digital lives if were doing it right. Avoid unsecured remote connections of any type (whether remote working or buying online), use email clients capable of encrypting private messages, and use messenger apps with end-to-end encryption.

Lbhe cevinpl vf vzcbegnag, hfr gur nccebcevngr gbbyf gb fnsrthneq vg. As Caesar might have said.

RELATED: What Is End-to-End Encryption, and Why Does It Matter?

What Is Encryption? | Definition + How It Works | Norton

Posted on January 30, 2023 by admin

Encryption is an important privacy tool when you are sendingsensitive, confidential, or personal information across the Internet.

Encryption scrambles plain text into a type of secret code thathackers, cybercriminals, and other online snoops can't read, even if theyintercept it before it reaches its intended recipients. When the message doesget to its recipients, they have their own key to unscramble the informationback into plain, readable text.

Encryption, then, can help protect the data you send, receive andstore using a device. That can include text messages stored on your smartphone, running logs saved on your fitness watch, and banking information sent throughyour online account.

Encryption is a process that scrambles readable text so it canonly be read by the person who has the secret code, or decryption key. It helpsprovide data security for sensitive information.

Vast amounts of personal information are managed online and storedin thecloud or on servers with an ongoing connection to the web. Its nearlyimpossible to do business of any kind without your personal data ending up inan organizations networked computer system, which is why its important to knowhow to help keep that data private.

Encryption plays an essential role in this task.

Encryption takes plain text, like a text message or email, andscrambles it into an unreadable format called cipher text. This helpsprotect the confidentiality of digital data either stored on computer systemsor transmitted through a network like the Internet.

When the intended recipient accesses the message, the informationis translated back to its original form. This is called decryption.

To unlock the message, both the sender and the recipient have touse a secret encryption key a collection of algorithms that scramble andunscramble data back to a readable format.

An encryption key is a series of numbers used to encrypt anddecrypt data. Encryption keys are created with algorithms. Each key is randomand unique.

There are two main types of encryption systems: symmetricencryption and asymmetric encryption. Heres how theyre different.

An encryption algorithm is the set of rules, usually governing acomputer or other tech device such as a smart phone, that turns readable datainto scrambled cipher text.

The data scrambled by these algorithms look like randomized code.But the algorithms configure this scrambled data in a purposeful way so that itcan easily be turned back into a readable format by a decryption key.

There are several types of encryption, some stronger than others.Here are the most common examples of encryption.

Data Encryption Standard is considered a low-level encryptionstandard. The U.S. government established the standard in 1977. Because ofadvances in technology and decreases in the cost of hardware, DES isessentially obsolete for protecting sensitive data.

Triple DES runs DES encryption three times. It encrypts, decryptsand encrypts data thus, triple. It strengthens the original DES standard,which is now viewed by security experts as being too weak for sensitive data.

RSA takes its name from the familial initials of three computerscientists. It uses a strong and popular algorithm for encryption. RSA ispopular because of its key length and, therefore, widely used for secure datatransmission.

Advanced Encryption Standard is the U.S. government standard as of2002. AES is used worldwide.

TwoFish is considered one of the fastest encryption algorithms andis free for anyone to use. Its used in hardware and software.

Most legitimate websites use the encryption protection calledsecure sockets layer (SSL), which is a form of encrypting data that is sentto and from a website. This keeps attackers from accessing that data while itis in transit.

Want to make sure a site is using this technology? Look for thepadlock icon in the URL bar, and the s in the https://. If you see thesesigns, you'll know that you are conducting secure, encrypted transactionsonline.

Its a good idea to access sites using SSL when:

Why is encryption important? Here are three reasons:

Encryption helps protect your online privacy by turning personalinformation into for your eyes only messages intended only for the partiesthat need them and no one else.

You should make sure that your emails are being sent over anencrypted connection, or that you are encrypting each message.

Most email clients come with the option for encryption in theirSettings menu. If you check your email with a web browser, take a moment toensure that SSL encryption is available.

Cybercrime is a global business, often run by multinationaloutfits.

Many of the large-scale data breaches that you may have heardabout in the news demonstrate that cybercriminals are often out to stealpersonal information for financial gain.

The Health Insurance Portability and Accountability Act (HIPAA)requires healthcare providers to implement security features that help protectpatients sensitive health information online.

Institutions of higher learning must take similar steps under theFamily Education Rights and Privacy Act (FERPA) to protect student records.

Retailers must contend with the Fair Credit Practices Act (FCPA)and similar laws that help protect consumers.

Encryption helps businesses stay compliant with regulatoryrequirements and standards. It also helps protect the valuable data of theircustomers.

Encryption is designed to protect your data, but encryption canalso be used against you.

Targeted ransomware is a cybercrime that can impact organizations of all sizes,including government offices. Ransomware can also target individual computerusers.

How do ransomware attacks occur? Attackers deploy ransomware toencrypt the various devices, including computers and servers, of victims. Theattackers often demand a ransom before they will provide a key to decrypt theencrypted data. The goal is to persuade victims to pay out as a way to recoveraccess to their important files, data, video and images.

Ransomware attacks against government agencies can shut downservices, making it hard to get a permit, obtain a marriage license, or pay atax bill, for instance.

Ransomware attacks aimed at large organizations and governmentagencies tend to generate the biggest headlines. But ransomware attacks canalso happen to you.

Here are some tips to help protect your devices against ransomwareattacks and the risk of having your data encrypted andinaccessible.

Encryption is essential to help protect your sensitive personalinformation. But in the case of ransomware attacks, it can be used against you.Its smart to take steps to help you gain the benefits and avoid the harm.

Its important to encrypt the messages,files and data that you send whenever they are personal, sensitive orclassified. You dont want hackers intercepting your emails to your doctor ifyou are sending information about an illness. You dont want criminals toccess your financial information after you log into your online bank account.And you dont want scammers to snag that confidential report you are reviewingfor your employer. Its important to encrypt all this data to keep it secret.

There are several encryption methods that are consideredeffective. Advanced Encryption Standard, better known as AES, though, is apopular choice among those who want to protect their data and messages. Thisform of encryption has been the U.S. government standard as of 2002. AES isused worldwide.

Original post:
What Is Encryption? | Definition + How It Works | Norton

What is PGP Encryption and How Does It Work? – Varonis

Posted on January 30, 2023 by admin

Pretty Good Privacy (PGP) is an encryption system used for both sending encrypted emails and encrypting sensitive files. Since its invention back in 1991, PGP has become the de facto standard for email security.

The popularity of PGP is based on two factors. The first is that the system was originally available as freeware, and so spread rapidly among users who wanted an extra level of security for their email messages. The second is that since PGP uses both symmetric encryption and public-key encryption, it allows users who have never met to send encrypted messages to each other without exchanging private encryption keys.

If you want to improve the security of your email messages, PGP offers a relatively easy and cost-effective way to do this. In this guide, well show you how.

PGP shares some features with other encryption systems you may have heard of, like Kerberos encryption (which is used to authenticate network users) and SSL encryption (which is used to secure websites).

At a basic level, PGP encryption uses a combination of two forms of encryption: symmetric key encryption, and public-key encryption.

In order to understand how PGP works, its useful to look at a diagram:

The mathematics behind encryption can get pretty complex (though you can take a look at the math if you like), so here well stick to the basic concepts. At the highest level, this is how PGP encryption works:

This might seem like a strange way to do things. Why would we encrypt the encryption key itself?

Well, the answer is pretty simple. Public key cryptography is much, much slower than symmetric encryption (where both the sender and recipient have the same key). Using symmetric encryption requires, though, that a sender share the encryption key with the recipient in plain text, and this would be insecure. So by encrypting the symmetric key using the (asymmetric) public-key system, PGP combines the efficiency of symmetric encryption with the security of public-key cryptography.

In practice, sending a message encrypted with PGP is simpler than the above explanation makes it sound. Lets take a look at ProtonMail as an example.

ProtonMail natively supports PGP, and all you have to do to encrypt your email is to select Sign Mail. You will see a padlock icon on the subject line of their emails. The email will look like this (the email addresses have been blurred for privacy reasons):

ProtonMail like most email clients that offer PGP hides all of the complexity of the encryption and decryption of the message. If you are communicating to users outside of ProtonMail, you need to send them your public key first.

And so, although the message was sent securely, the recipient does not have to worry about the complexities of how this was done.

There are, essentially, three main uses of PGP:

Of these three uses, the first sending secure email is by far the dominant application of PGP. But lets take a brief look at all three

As in the example above, most people use PGP to send encrypted emails. In the early years of PGP, it was mainly used by activists, journalists, and other people who deal with sensitive information. The PGP system was originally designed, in fact, by a peace and political activist named Phil Zimmermann, who recently joined Startpage, one of the most popular private search engines.

Today, the popularity of PGP has grown significantly. As more users have realized just how much information corporations and their governments are collecting on them, huge numbers of people now use the standard to keep their private information private.

A related use of PGP is that it can be used for email verification. If a journalist is unsure about the identity of a person sending them a message, for instance, they can use a Digital Signature alongside PGP to verify this.

Digital signatures work by using an algorithm to combine the senders key with the data they are sending. This generates a hash function, another algorithm that can convert a message to a block of data of fixed size. This is then encrypted using the senders private key.

The recipient of the message can then decrypt this data using the senders public key. If even one character of the message has been changed in transit, the recipient will know. This can indicate either the sender is not who they say they are, that they have tried to fake a Digital Signature, or that the message has been tampered with.

PGP is great for small tasks but to protect a network of data you need more. Varonis helps organizations secure their data across file servers, SaaS apps and source control systems. Find out more now.

A third use of PGP is to encrypt files. Because the algorithm used by PGP normally the RSA algorithm is essentially unbreakable, PGP offers a highly secure way of encrypting files at rest, especially when used alongside a Threat Detection and Response Solution. In fact, this algorithm is so secure that it has even been used in high-profile malware such as the CryptoLocker malware.

Back in 2010, Symantec acquired PGP Corp., which held the rights for the PGP system. Since then, Symantec has become the dominant vendor of PGP file-encryption software through such products as Symantec Encryption Desktop and Symantec Encryption Desktop Storage. This software offers PGP encryption for all your files, whilst also hiding the complexities of encryption and decryption processes.

Whether you need to use PGP encryption will depend on how secure you want your communications (or files) to be. As with any privacy or security software, using PGP requires that you do a little more work when sending and receiving messages, but can also dramatically improve the resilience of your systems to attack.

Lets take a closer look.

The major pro of PGP encryption is that it is essentially unbreakable. Thats why it is still used by journalists and activists, and why it is often regarded as the best way of improving cloud security. In short, it is essentially impossible for anyone be they a hacker or even the NSA to break PGP encryption.

Though there have been some news stories that point out security flaws in some implementations of PGP, such as the Efail vulnerability, its important to recognize that PGP itself is still very secure.

The biggest con of PGP encryption is that it is not that user-friendly. This is changing thanks to off-the-shelf solutions that we will come to shortly but using PGP can add significant extra work and time to your daily schedule. In addition, those using the system need to be aware of how it works, in case they introduce security holes by using it incorrectly. This means that businesses considering a move to PGP will need to provide training.

For that reason, many businesses might want to consider alternatives. There are encrypted messaging apps like Signal, for instance, that offer encryption that is more straightforward to use. In terms of storing data, anonymisation can be a good alternative to encryption and can be a more efficient use of resources.

Finally, you should be aware that PGP encrypts your messages, but it doesnt make you anonymous. Unlike anonymous browsers using proxy servers or working through a VPN to hide your true location, emails sent through PGP can be traced to a sender and recipient. Their subject lines are not encrypted either, so you shouldnt put any sensitive information there.

In the vast majority of cases, setting up PGP encryption involves downloading an add-on for your email program, and then following the installation instructions. There are add-ons like this available for Thunderbird, Outlook, and Apple Mail, and we will describe these below. In recent years we have also seen the emergence of a number of online email systems that include PGP by default (the most famous being ProtonMail).

For those of you looking to use PGP to encrypt your files, there are a number of large-scale software solutions available. Symantec, for example, offers PGP-based products such as Symantec File Share Encryption for encrypting files shared across a network and Symantec Endpoint Encryption for full disk encryption on desktops, mobile devices and removable storage.

If you are looking to start using PGP encryption, this will normally involve downloading a piece of software that automates the process of encryption and decryption. There are a number of different products available to do this, but you should be aware of what to look for.

Depending on why you are using PGP, and how often you need to use it, there are several different approaches to setting it up. In this section we will focus on what most users will need from PGP secure email rather than encrypted file storage, which is a more complex issue. Here, then, are five solutions for implementing PGP on your home or business networks.

Gpg4o is one of the most popular PGP solutions for Windows users and aims to integrate seamlessly with Outlook 2010 2016.

The standard implementation of PGP encryption for Mac users is GPGTools, which is a suite of software that offers encryption for all areas of your Mac system.

As with the tools above, Enigmail was designed to integrate with a specific email client, in this case, Thunderbird.

ProtonMail was one of the first secure email providers and remains one of the most popular. Unlike the solutions above, ProtonMail operates through a web portal, meaning that it is easily separable from your everyday inbox.

Lastly is FairEmail, which extends PGP encryption to Android phones. This is a stand-alone email app that is free to use.

Even after the explanation above, you may still have some questions. Here are the answers to the most commonly asked questions about PGP.

A: Yes. Though PGP is now more than 20 years old, there have been no vulnerabilities found in the basic implementation of the system. That said, encrypting your emails is not sufficient for total security, and you should always use PGP in combination with a full cybersecurity suite that includes threat detection software.

A: PGP uses a combination of symmetric and public-key cryptography to provide users with a secure way to send messages to each other.

A: The best PGP software will depend on your needs. Most people dont need to encrypt all of their emails, and so for most people a web-based PGP email provider will be the best solution. That said, if you are frequently sending emails that need to be encrypted, you can consider downloading a PGP add-on for your standard email client.

A: It depends. If you are storing customer information, the answer is yes. Encrypting your personal files is not a necessity, but can dramatically improve your defenses against a cyberattack. Encryption software based on PGP is generally some of the easiest to work with, and is a good place to start when it comes to encrypting your files.

PGP encryption can be a powerful tool in protecting your data, your privacy, and your security. It provides you with a relatively easy, completely secure method of sending emails, and also allows you to verify the identity of the people you are communicating with. Because PGP add-ons are also available for most major email clients, this form of encryption is generally easy to implement.

All this said, secure email is only one aspect of cybersecurity. You should ensure that, in addition to PGP, you also use a robust data security platform and Data Loss Prevention software. Making use of as wide a range of tools as possible is the best way to ensure your privacy and security.

More:
What is PGP Encryption and How Does It Work? - Varonis

What is Encryption and How Does it Work? – TechTarget

Posted on January 22, 2023 by admin

What is encryption?

Encryption is the method by which information is converted into secret code that hides the information's true meaning. The science of encrypting and decrypting information is called cryptography.

In computing, unencrypted data is also known asplaintext, and encrypted data is called ciphertext. The formulas used to encode and decode messages are called encryption algorithms, or ciphers.

To be effective, a cipher includes a variable as part of the algorithm. The variable, which is called a key, is what makes a cipher's output unique. When an encrypted message is intercepted by an unauthorized entity, the intruder has to guess which cipher the sender used to encrypt the message, as well as what keys were used as variables. The time and difficulty of guessing this information is what makes encryption such a valuable security tool.

Encryption has been a longstanding way for sensitive information to be protected. Historically, it was used by militaries and governments. In modern times, encryption is used to protect data stored on computers and storage devices, as well as data in transit over networks.

Encryption plays an important role in securing many different types of information technology (IT) assets. It provides the following:

Encryption is commonly used to protect data in transit and data at rest. Every time someone uses an ATM or buys something online with a smartphone, encryption is used to protect the information being relayed. Businesses are increasingly relying on encryption to protect applications and sensitive information from reputational damage when there is a data breach.

There are three major components to any encryption system: the data, the encryption engine and the key management. In laptop encryption, all three components are running or stored in the same place: on the laptop.

In application architectures, however, the three components usually run or are stored in separate places to reduce the chance that compromise of any single component could result in compromise of the entire system.

At the beginning of the encryption process, the sender must decide what cipher will best disguise the meaning of the message and what variable to use as a key to make the encoded message unique. The most widely used types of ciphers fall into two categories: symmetric and asymmetric.

Symmetric ciphers, also referred to as secret key encryption, use a single key. The key is sometimes referred to as a shared secret because the sender or computing system doing the encryption must share the secret key with all entities authorized to decrypt the message. Symmetric key encryption is usually much faster than asymmetric encryption. The most widely used symmetric key cipher is the Advanced Encryption Standard (AES), which was designed to protect government-classified information.

Asymmetric ciphers, also known as public key encryption, use two different -- but logically linked -- keys. This type of cryptography often uses prime numbers to create keys since it is computationally difficult to factor large prime numbers and reverse-engineer the encryption. The Rivest-Shamir-Adleman (RSA) encryption algorithm is currently the most widely used public key algorithm. With RSA, the public or the private key can be used to encrypt a message; whichever key is not used for encryption becomes the decryption key.

Today, many cryptographic processes use a symmetric algorithm to encrypt data and an asymmetric algorithm to securely exchange the secret key.

The primary purpose of encryption is to protect the confidentiality of digital data stored on computer systems or transmitted over the internet or any other computer network.

In addition to security, the adoption of encryption is often driven by the need to meet compliance regulations. A number of organizations and standards bodies either recommend or require sensitive data to be encrypted in order to prevent unauthorized third parties or threat actors from accessing the data. For example, the Payment Card Industry Data Security Standard (PCI DSS) requires merchants to encrypt customers' payment card data when it is both stored at rest and transmitted across public networks.

While encryption is designed to keep unauthorized entities from being able to understand the data they have acquired, in some situations, encryption can keep the data's owner from being able to access the data as well.

Key management is one of the biggest challenges of building an enterprise encryption strategy because the keys to decrypt the cipher text have to be living somewhere in the environment, and attackers often have a pretty good idea of where to look.

There are plenty of best practices for encryption key management. It's just that key management adds extra layers of complexity to the backup and restoration process. If a major disaster should strike, the process of retrieving the keys and adding them to a new backup server could increase the time that it takes to get started with the recovery operation.

Having a key management system in place isn't enough. Administrators must come up with a comprehensive plan for protecting the key management system. Typically, this means backing it up separately from everything else and storing those backups in a way that makes it easy to retrieve the keys in the event of a large-scale disaster.

Encryption is an effective way to secure data, but the cryptographic keys must be carefully managed to ensure data remains protected, yet accessible when needed. Access to encryption keys should be monitored and limited to those individuals who absolutely need to use them.

Strategies for managing encryption keys throughout their lifecycle and protecting them from theft, loss or misuse should begin with an audit to establish a benchmark for how the organization configures, controls, monitors and manages access to its keys.

Key management software can help centralize key management, as well as protect keys from unauthorized access, substitution or modification.

Key wrapping is a type of security feature found in some key management software suites that essentially encrypts an organization's encryption keys, either individually or in bulk. The process of decrypting keys that have been wrapped is called unwrapping. Key wrapping and unwrapping activities are usually carried out with symmetric encryption.

Hash functions provide another type of encryption. Hashing is the transformation of a string of characters into a fixed-length value or key that represents the original string. When data is protected by a cryptographic hash function, even the slightest change to the message can be detected because it will make a big change to the resulting hash.

Hash functions are considered to be a type of one-way encryption because keys are not shared and the information required to reverse the encryption does not exist in the output. To be effective, a hash function should be computationally efficient (easy to calculate), deterministic (reliably produces the same result), preimage-resistant (output does not reveal anything about input) and collision-resistant (extremely unlikely that two instances will produce the same result).

Popular hashing algorithms include the Secure Hashing Algorithm (SHA-2 and SHA-3) and Message Digest Algorithm 5 (MD5).

Encryption, which encodes and disguises the message's content, is performed by the message sender. Decryption, which is the process of decoding an obscured message, is carried out by the message receiver.

The security provided by encryption is directly tied to the type of cipher used to encrypt the data -- the strength of the decryption keys required to return ciphertext to plaintext. In the United States, cryptographic algorithms approved by the Federal Information Processing Standards (FIPS) or National Institute of Standards and Technology (NIST) should be used whenever cryptographic services are required.

For any cipher, the most basic method of attack is brute force -- trying each key until the right one is found. The length of the key determines the number of possible keys, hence the feasibility of this type of attack. Encryption strength is directly tied to key size, but as the key size increases, so too do the resources required to perform the computation.

Alternative methods of breaking encryptions include side-channel attacks, which don't attack the actual cipher but the physical side effects of its implementation. An error in system design or execution can enable such attacks to succeed.

Attackers may also attempt to break a targeted cipher through cryptanalysis, the process of attempting to find a weakness in the cipher that can be exploited with a complexity less than a brute-force attack. The challenge of successfully attacking a cipher is easier if the cipher itself is already flawed. For example, there have been suspicions that interference from the National Security Agency (NSA) weakened the DES algorithm. Following revelations from former NSA analyst and contractor Edward Snowden, many believe the NSA has attempted to subvert other cryptography standards and weaken encryption products.

An encryption backdoor is a way to get around a system's authentication or encryption. Governments and law enforcement officials around the world, particularly in the Five Eyes (FVEY) intelligence alliance, continue to push for encryption backdoors, which they claim are necessary in the interests of national safety and security as criminals and terrorists increasingly communicate via encrypted online services.

According to the FVEY governments, the widening gap between the ability of law enforcement to lawfully access data and their ability to acquire and use the content of that data is "a pressing international concern" that requires "urgent, sustained attention and informed discussion."

Opponents of encryption backdoors have said repeatedly that government-mandated weaknesses in encryption systems put the privacy and security of everyone at risk because the same backdoors can be exploited by hackers.

Recently, law enforcement agencies, such as the Federal Bureau of Investigation (FBI), have criticized technology companies that offer E2EE, arguing that such encryption prevents law enforcement from accessing data and communications even with a warrant. The FBI has referred to this issue as "going dark," while the U.S. Department of Justice (DOJ) has proclaimed the need for "responsible encryption" that can be unlocked by technology companies under a court order.

Australia passed legislation that made it mandatory for visitors to provide passwords for all digital devices when crossing the border into Australia. The penalty for noncompliance is five years in jail.

By 2019, cybersecurity threats increasingly included encryption data on IoT and on mobile computing devices. While devices on IoT often are not targets themselves, they serve as attractive conduits for the distribution of malware. According to experts, attacks on IoT devices using malware modifications tripled in the first half of 2018 compared to the entirety of 2017.

Meanwhile, NIST has encouraged the creation of cryptographic algorithms suitable for use in constrained environments, including mobile devices. In a first round of judging in April 2019, NIST chose 56 lightweight cryptographic algorithms candidates to be considered for standardization. Further discussion on cryptographic standards for mobile devices is slated to be held in November 2019.

In February 2018, researchers at MIT unveiled a new chip, hardwired to perform public key encryption, which consumes only 1/400 as much power as software execution of the same protocols would. It also uses about 1/10 as much memory and executes 500 times faster.

Because public key encryption protocols in computer networks are executed by software, they require precious energy and memory space. This is a problem in IoT, where many different sensors embedded in products such as appliances and vehicles connect to online servers. The solid-state circuitry greatly alleviates that energy and memory consumption.

The word encryption comes from the Greek word kryptos, meaning hidden or secret. The use of encryption is nearly as old as the art of communication itself. As early as 1900 B.C., an Egyptian scribe used nonstandard hieroglyphs to hide the meaning of an inscription. In a time when most people couldn't read, simply writing a message was often enough, but encryption schemes soon developed to convert messages into unreadable groups of figures to protect the message's secrecy while it was carried from one place to another. The contents of a message were reordered (transposition) or replaced (substitution) with other characters, symbols, numbers or pictures in order to conceal its meaning.

In 700 B.C., the Spartans wrote sensitive messages on strips of leather wrapped around sticks. When the tape was unwound, the characters became meaningless, but with a stick of exactly the same diameter, the recipient could recreate (decipher) the message. Later, the Romans used what's known as the Caesar Shift Cipher, a monoalphabetic cipher in which each letter is shifted by an agreed number. So, for example, if the agreed number is three, then the message, "Be at the gates at six" would become "eh dw wkh jdwhv dw vla." At first glance, this may look difficult to decipher, but juxtaposing the start of the alphabet until the letters make sense doesn't take long. Also, the vowels and other commonly used letters, like t and s, can be quickly deduced using frequency analysis, and that information, in turn, can be used to decipher the rest of the message.

The Middle Ages saw the emergence of polyalphabetic substitution, which uses multiple substitution alphabets to limit the use of frequency analysis to crack a cipher. This method of encrypting messages remained popular despite many implementations that failed to adequately conceal when the substitution changed -- also known as key progression. Possibly the most famous implementation of a polyalphabetic substitution cipher is the Enigma electromechanical rotor cipher machine used by the Germans during World War II.

It was not until the mid-1970s that encryption took a major leap forward. Until this point, all encryption schemes used the same secret for encrypting and decrypting a message: a symmetric key.

Encryption was almost exclusively used only by governments and large enterprises until the late 1970s when the Diffie-Hellman key exchange and RSA algorithms were first published and the first PCs were introduced.

In 1976, Whitfield Diffie and Martin Hellman's paper, "New Directions in Cryptography," solved one of the fundamental problems of cryptography: how to securely distribute the encryption key to those who need it. This breakthrough was followed shortly afterward by RSA, an implementation of public key cryptography using asymmetric algorithms, which ushered in a new era of encryption. By the mid-1990s, both public key and private key encryption were being routinely deployed in web browsers and servers to protect sensitive data.

View original post here:
What is Encryption and How Does it Work? - TechTarget