What is encryption? WIRED explains how apps keep our private data safe – Wired.co.uk

Posted on by

With an escalation in hackings over the past decade, breaches in our private data are ubiquitous meaning now, more than ever, encryption is key.

Encryption prevents unauthorised access to your data, from emails to WhatsApp messages and bank details, by keeping communication secure between the parties involved. How Google's AI taught itself to create its own encryption

This is done by 'scrambling' the information sent from one person to another into a lengthy code making it unreadable for anybody else attempting to access it.

When the data is encrypted, the sender and the receiver are the only people that can decrypt the scrambled info back to a readable condition. This is achieved via keys, which grant only the users involved access to modify the data to make it unreadable and then readable again.

On messaging app Whatsapp, for example, every message sent has its own unique lock and key and only the sender and receiver have access to these keys. This prevents prying eyes from seeing the information in messages. For the rest of the world, and even Whatsapp itself, the relayed information is unintelligible gibberish because no-one else has the key to decrypt the content. This is referred to as end-to-end encryption.

Put more simply, imagine encryption to be like translating your information into a language only you and your recipient know, and more importantly which a cybercriminal cant translate.

Most popular apps make use of encryption to retain user safety, whether thats for storing data, or for data in transit.

Tony Anscombe, senior security evangelist from Avast told WIRED that encryption in apps is imperative as it makes using safer, but at the same time, those that dont practise common sense can still fall victim to hacking.

Many apps offer encryption of data, however if a user doesnt lock the app with a password or PIN, then anyone who gets hold of the device has access to your apps and will be able to see the unencrypted data, Anscombe explained. That said, many operating systems offer encryption of everything stored on the device. This helps combat theft of the device to access the data.

When implemented properly, encrypted data could take a hacker billions of years to crack based on sheer brute force attacks. This is because encryption codes use complex mathematical algorithms and long numerical sequences that are difficult to decrypt.

A brute force attack is a method used by a hacker to try as many combinations of passwords or encryption keys until the correct one is found. It is usually carried out using software to scan through the combinations.

However, there are different types of encryption, each with varying levels of effectiveness. This is measured in bits. The higher the number of bits an encryption, the harder it is - in theory - for a hacker to crack it.

A low-bit key is one with fewer combinations, so would be fairly easy to crack for a hacker with dedicated computer resources. The larger the key, the harder this becomes, exponentially. For example, a 5-bit key has 32 possible combinations, a 6-bit key has 64 combinations, a 7-bit key has 128 combinations, and so forth. A 10-bit key has a thousand combinations, a 20-bit key has a million combinations, a 30-bit key has a billion combinations. The quantum clock is ticking on encryption and your data is under threat

The more complex the encryption, the more difficult it becomes for a cybercriminal to reverse engineer the encryption key and access the data. This doesnt mean the codes are uncrackable, but that the time taken to find the right combination would be far too long to ever be feasible in one lifetime, even with the help of powerful supercomputers.

Let's say a hacker has a computer that can test a billion keys per second, trying to brute force all combinations. That means they can break a 30-bit key in just one second. At that speed, though, it will take you a billion seconds (or 34 years) to break a 60-bit key because every 30 bits added makes it a billion times more difficult. A spy agency like the NSA can crack 60-bit keys using supercomputers, but a 90-bit key is a billion times more difficult to crack, and a 120-bit key would be a further billion times more difficult to crack than that.

Considering most Android, Apple and Windows apps have at least 128-bit Advanced Encryption Standard (AES) - the standard US Government encryption algorithm for data encryption - you can imagine that a 128-bit key, which has more than 300,000,000,000,000,000,000,000,000,000,000,000 key combinations, is exceptionally safe. Same goes for 192 or 256-bit AES encryption keys that the US Government requires for highly sensitive data.

Bharat Mistry, cybersecurity consultant at Trend Micro puts this into perspective. It would take fifty supercomputers an estimated 3.4 x 1,038 years to break the commonly used 256-bit encryption key, he told WIRED. As you can imagine, most hackers will be hard pressed to find time for that.

That doesnt mean all encryption is of the highest standard as it is still prone to human error. Poorly developed encryption is not hackerproof; if it is hard and complex to develop, mistakes in the coding can easily lead to users believing they are secure when they're not. For example, homegrown encryption methods have rarely been vetted to the extent supported standards have.

If a hacker has the right level of time and resources, its difficult to say that any encryption is completely immune, Mistry explained.

Shutterstock

The challenge in keeping encryption as tight as possible is therefore checking it is properly implemented and kept secure over time.

Human error, insider attacks and poor implementations are the challenges that IT teams have to face in developing increasingly sophisticated encryption technology.

The biggest problem with encryption is that the key itself needs to be shared between the sender and the recipients, added Mistry. Although this is hard to locate within the information, it could still pose a potential problem.

Security research is currently focused on techniques that do not require the key to shipped or sent to all parties, otherwise known as zero knowledge proof protocol. It isnt widely used now, but we expect it to grow. For the more distant future, some researchers are even looking at ways to hide data within DNA.

Read more:
What is encryption? WIRED explains how apps keep our private data safe - Wired.co.uk

Related Posts
This entry was posted in $1$s. Bookmark the permalink.