Definition

In cryptography, encryptionis the process of encoding a message or information in a way that only authorized parties can access it and those who are not authorized cannot.

Asymmetric Encryption

In public-key encryption schemes, the encryption key is published for anyone to use and for encrypting messages. Only the receiving party has access to the decryption key that enables messages to be read. Public-key encryption was first described in a secret document in 1973. Before that, all encryption schemes were symmetric-key (also called private-key).

Symmetric Encryption

In symmetric-key schemes, the encryption and decryption keys are the same. Communicating parties must have the same key in order to achieve secure communication.

Triple DESwas designed to replace the original Data Encryption Standard (DES) algorithm, which hackers learned to defeat with ease. At one time, Triple DES was the recommended standard and the most widely used symmetric algorithm in the industry.

Triple DES uses three individual keys with 56 bits each. The total key length adds up to 168 bits, but experts say that 112-bits in key strength is more like it.

Though it is slowly being phased out, Triple DES is still a dependable hardware encryption solution for financial services and other industries.

RSA is a public-key encryption algorithm and the standard for encrypting data sent over the internet. It also happens to be one of the methods used in PGP and GPG programs.

Unlike Triple DES, RSA is considered an asymmetric encryption algorithm because it uses a pair of keys. The public key is used to encrypt a message and a private key to decrypt it. It takes attackers quite a bit of time and processing power to break this encryption code.

The Advanced Encryption Standard (AES)is the algorithm trusted as the standard by the U.S. government and many other organizations.

Although it is extremely efficient in 128-bit form, AES also uses keys of 192 and 256 bits for heavy-duty encryption.

AES is considered resistant to all attacks, with the exception of brute-force attacks, which attempt to decipher messages using all possible combinations in the 128-, 192- or 256-bit cipher. Still, security experts believe that AES will eventually become the standard for encrypting data in the private sector.

There are a number of standards related to cryptography.Here are the following standards for encryption:

File system-level encryption, often called file and folder encryption, is a form of disk encryption where individual files or directories are encrypted by the file system itself.

Disk encryption is a technology that protects information by converting it into unreadable code that cannot be deciphered easily by authorized users. Disk encryption uses disk encryption software or hardware to encrypt every bit of data that goes on a disk or disk volume.

Email encryptionis encryption of email messages designed to protect the content from being read by entities other than the intended recipients. Email encryption may also include authentication.Email is not secure and may disclose sensitive information. Most emails are currently transmitted in the clear (not encrypted) form. By means of some available tools, people other than designated recipients can read the email content. Email encryption traditionally uses one of two protocols, either TLS or end-to-end encryption. Within end-to-end encryption, there are several options, including PGP and S/MIME protocols.

Visit link:
Encryption - What It Is, Types, Algorithms, & More ...

How to Choose the Right Security

You've got a secret, perhaps the plan for a new business venture. It's complicated enough you can't just memorize it, so you write it down. But now you worry that someone else might get hold of your secret. What to do? Encrypt it! There are many paths to protect your sensitive files, and ways to share those encrypted files without compromising your security. Just which solution works for you depends on exactly how you'll use your encrypted files. We've rounded up a diverse collection of tools to help you no matter which path you take.

In this roundup, I'm specifically looking at products that encrypt files, not at whole-disk solutions like Microsoft's Bitlocker. Whole-disk encryption is an effective line of defense for a single device, but it doesn't help when you need to share encrypted data.

You can use a Virtual Private Network, or VPN, to encrypt your own internet traffic. From your PC to the VPN company's server, all your data is encrypted, and that's a great thing. However, unless you're connected to a secure HTTPS website, your traffic is not encrypted between the VPN server and the site. And of course the VPN's encryption doesn't just magically rub off on files you share. Using a VPN is a great way to protect your internet traffic when you're traveling, but it's not a solution for encrypting your local files.

When the FBI needed information from the San Bernardino shooter's iPhone, they asked Apple for a back door to get past the encryption. But no such back door existed, and Apple refused to create one. The FBI had to hire hackers to get into the phone.

Why wouldn't Apple help? Because the moment a back door or similar hack exists, it becomes a target, a prize for the bad guys. It will leak sooner or later. As my colleague Max Eddy pointed out in a recent article about Attorney General Barr's ignorance of encryption, "a backdoor is still a door and even a door with a lock on it can be opened."

All of the products in this roundup explicitly state that they have no back door, and that's as it should be. It does mean that if you encrypt an essential document and then forget the encryption password, you've lost it for good.

Back in the day, if you wanted to keep a document secret you could use a cipher to encrypt it and then burn the original. Or you could lock it up in a safe. The two main approaches in encryption utilities parallel these options.

One type of product simply processes files and folders, turning them into impenetrable encrypted versions of themselves. The other creates a virtual disk drive that, when open, acts like any other drive on your system. When you lock the virtual drive, all of the files you put into it are completely inaccessible.

Similar to the virtual drive solution, some products store your encrypted data in the cloud. This approach requires extreme care, obviously. Encrypted data in the cloud has a much bigger attack surface than encrypted data on your own PC.

Which is better? It really depends on how you plan to use encryption. If you're not sure, take advantage of the 30-day free trial offered by each of these products to get a feel for the different options.

After you copy a file into secure storage, or create an encrypted version of it, you absolutely need to wipe the unencrypted original. Just deleting it isn't sufficient, even if you bypass the Recycle Bin, because the data still exists on disk, and data recovery utilities can often get it back.

Some encryption products avoid this problem by encrypting the file in place, literally overwriting it on disk with an encrypted version. It's more common, though, to offer secure deletion as an option. If you choose a product that lacks this feature, you should find a free secure deletion tool to use along with it.

Overwriting data before deletion is sufficient to balk software-based recovery tools. Hardware-based forensic recovery works because the magnetic recording of data on a hard drive isn't actually digital. It's more of a waveform. In simple terms, the process involves nulling out the known data and reading around the edges of what's left. If you really think someone (the feds?) might use this technique to recover your incriminating files, you can set your secure deletion tool to make more passes, overwriting the data beyond what even these techniques can recover.

An encryption algorithm is like a black box. Dump a document, image, or other file into it, and you get back what seems like gibberish. Run that gibberish back through the box, with the same password, and you get back the original.

The U.S. government has settled on Advanced Encryption Standard (AES) as a standard, and all of the products gathered here support AES. Even those that support other algorithms tend to recommend using AES.

If you're an encryption expert, you may prefer another algorithm, Blowfish, perhaps, or the Soviet government's GOST. For the average user, however, AES is just fine.

Passwords are important, and you have to keep them secret, right? Well, not when you use Public Key Infrastructure (PKI) cryptography.

With PKI, you get two keys. One is public; you can share it with anyone, register it in a key exchange, tattoo it on your foreheadwhatever you like. The other is private, and should be closely guarded. If I want to send you a secret document, I simply encrypt it with your public key. When you receive it, your private key decrypts it. Simple!

Using this system in reverse, you can create a digital signature that proves your document came from you and hasn't been modified. How? Just encrypt it with your private key. The fact that your public key decrypts it is all the proof you need. PKI support is less common than support for traditional symmetric algorithms.

If you want to share a file with someone and your encryption tool doesn't support PKI, there are other options for sharing. Many products allow creation of a self-decrypting executable file. You may also find that the recipient can use a free, decryption-only tool.

Right now there are three Editors' Choice products in the consumer-accessible encryption field. The first is the easiest to use of the bunch, the next is the most secure, and the third is the most comprehensive.

AxCrypt Premium has a sleek, modern look, and when it's active you'll hardly notice it. Files in its Secured Folders get encrypted automatically when you sign out, and it's one of the few that support public key cryptography.

CertainSafe Digital Safety Deposit Box goes through a multistage security handshake that authenticates you to the site and authenticates the site to you. Your files are encrypted, split into chunks, and tokenized. Then each chunk gets stored on a different server. A hacker who breached one server would get nothing useful.

Folder Lock can either encrypt files or simply lock them so nobody can access them. It also offers encrypted lockers for secure storage. Among its many other features are file shredding, free space shredding, secure online backup, and self-decrypting files.

The other products here also have their merits, too, of course. Read the capsules below and then click through to the full reviews to decide which one you'll use to protect your files. Have an opinion on one of the apps reviewed here, or a favorite tool we didn't mention? Let us know in the comments.

Read the rest here:
The Best Encryption Software for 2020 | PCMag

U.S., U. K., and Australia: Encryption Keeps Us Secure

The Internet Society joins over 100 organizations and security experts urging these countries to rethink their calls for exceptional access.

The Internet Society LAC Bureau signed a letter on the importance of encryption produced by ALAI and co-signed by LACNIC. The letter underscores the technical and economic aspects of the matter, highlighting that encryption is an essential condition for stability and trust in the digital ecosystem.

The Internet Society joined over 110 other organizations in an open letter encouraging Facebook to continue its plans to implement end-to-end encryption across its platform.

Together with partners, we hosted a two-panel event about the technology behind encryption and heard compelling stories of its impact on marginalized communities.

On Sep 4, 2019, the Internet Architecture Board (IAB) released the statement that discusses possible unintended effects policy and regulatory proposals may have on the Internet.

The Internet Society and more than 30 organizations have signedan open letter calling on the G7 leaders to prioritize digital security.

We must strengthen, not weaken encryption.By whatever name, any point of entry to a secure service is a weakness.

Rather than encouraging Internet companies to weaken their security, global leaders should be discussing how to increase the use of encryption, make it easier to use, and harder to thwart.

The Internet Society and its locally based chapter, Internet Australia, joined 75 organizations in signing a letter urging Australia not to pursue legislation that could undermine the security of encrypted services and devices used by Australians.

Read the original here:
Encryption | Internet Society

Protecting your files and folders against intrusion has become an increasingly big concern. Hack attempts and privacy intrusions mean that it's become easier than ever for complete strangers to access your most personal details stored on your computer.

For businesses it's worse, as the exposure of sensitive or confidential records can result in financial losses as well as heavy fines.

While there are a number of security solutions available, everything from free anti-malware tools for home consumers and endpoint anti-virus for business, even simple human error can undermine these attempts to secure data.

Encryption software is already deployed by some large corporations and government agencies to protect data, but it's also available and now accessible for a wider range of users.

Once properly setup, even if your security software fails, thieves/hackers/snoopers would still find it almost impossible to do anything with any encrypted data that might be exposed.

Here then are the best in encryption software tools.

Encryption for small teams and individuals

Strong encryption for personal use

Free version available

Mainly mobile-oriented

While free software can be convenient for some, its not always as powerful as premium offerings, and AxCrypt is a good bet if you want something reliable. The software has been designed specifically for individuals and small teams within businesses.

It provides strong security, with files protected by either 128-bit or 256-bit AES encryption, which should thwart any intruders. There are also cloud storage capabilities thrown into the mix the software will automatically protect files saved on services such as Google Drive and Dropbox.

AxCrypt is fully multilingual, and it can work with languages such as Dutch, French, German, Italian, Korean, Spanish, Swedish, Russian and Portuguese with more support planned for the future. As well as this, theres passport management, and you can access your encrypted files through a smartphone app.

The Premium package is $42 per year and there's a business version with extra admin features available for $87 per year. There is a free version but it's very limited and perhaps best thought of as a way to trial the software and help become used to the interface and basic functions.

Effective encryption for individuals

Free to download basic version

Effective personal encryption

Mainly mobile oriented

Although its important to protect assets on company computers, its also crucial to add protection to any device that stores critical data. For instance, most employees have access to their company emails and other accounts on their smartphones, and they need to be protected.

Folder Lock is a good option when it comes to adding encryption to your mobile devices. The app can protect your personal files, photos, videos, contacts, wallet cards, notes and audio recordings stored in your handset.

There are some other hidden security features, too. Not only is there encryption, but you can also set a decoy password, hacker deterrents, log unauthorised login attempts, back up all your passwords and get notified on potential brute-force attacks.

The basic app is free to download, with a pro version available for a one-time fee of $39.95 which opens up more advanced and useful security features.

Powerful protection indeed

Uses multiple encryption methods

Powerful encryption

It may be too complicated for some

Windows-only

CryptoExpert is Windows desktop software which offers secure data vaults for all your data, ensuring its always protected from potential breaches.

It provides more powerful encryption than some of the other tools and apps listed in this article, boasting fast on-the-fly operation. The system can back up a range of different files, including certificates, Word, Excel and PowerPoint files, multimedia files and email databases.

The best thing about CryptoExpert 8 is that it can secure vaults of unlimited size, and it uses Blowfish, Cast, 3DES and AES-256 encryption algorithms. The latter are highly effective and industry-acclaimed. Itll work with 32-bit and 64-bit versions of Windows 7, 8 and 10.

There is a free 30-day trial available, after which CryptExpert costs $59.95 to buy.

A quality cloud-based solution

Completely cloud-based

Affordable monthly plan

Not everyone wants cloud-based security

CertainSafe is highly effective cloud-based encryption software which attempts to mitigate all aspects of risk and is compliant with industry regulations.

With the platform, you can store and share documents, private messages, photos, videos and other files without exposing them to third-party sources. You can even collaborate and communicate with colleagues through the system, with all correspondence encrypted.

CertainSafe also adds automated security for business databases and applications, meaning you dont always have to do things manually.

There's a 30-day free trial available, after which a subscription costs $12 per month for 100GB and up to 100 free guests.

Free encryption for everyone

Basic version is completely free

Provides effective encryption

Selective approach

Initial download is a bit confusing

VeraCrypt is one of the most popular security tools, providing you with enterprise-grade encryption for important data.

The system is quite easy to use, and all it really does is add encrypted passwords to your data and partitions. All you have to do is give the tool a few details about your data, such as volume size, location and specified hashing algorithms and then the program does its thing.

Whats also nifty about VeraCrypt is that its immune to brute-force attacks, so you never have to worry about hackers decrypting your passwords and other sensitive data. The basic version of the software is completely free, as well.

Secure IT 2000 is a file encryption program that also compresses your files. This means that it may take a little longer than some other programs, but it does mean your files are potentially more manageable after. A master password is required to access any files, which can be a little limiting if you'd prefer to have different passwords for different files, not least if you're looking to share some of them with family and/or friends.

Concealer is a file encryption program specifically for Apple Mac computers. Rather than encrypt all files on your harddrive, instead it provides an encrypted area for you to drag files into - which means you need to ensure you delete the original copy so as to avoid having both encrypted and non-encrypted versions on your harddrive. You can also choose your preferred encryption strength as 128 or 256-bit.

Renee File Protector is another piece of file encryption software for Windows, but this one allows you to have different passwords for different files or folders, effectively creating multiple security levels. Alternatively, you can just stick with a master password if required. And if you forget any of your passwords, Renee File Protector can provide prompts to allow you to recover them, which is handy.

SensiGuard doesn't just encrypt your files and folders, it also hides them so that they will remain hidden from unauthorized users, which is a potentially useful feature. Additionally, you can also securely shred files, which means that it's even harder for hackers to locate any sensitive files on your harddrive that you've already encrypted, or deleted.

Visit link:
Best encryption software tools of 2020: Keep your data ...

It says 256-bit encryption strength is that good?

Most people see the term 256-bit encryption bandied about all the time and if were being honest have absolutely no idea what it means or how strong it is. Once you go beyond the surface-level, it scrambles data and makes it unreadable, encryption is an incredibly complicated subject. Its not a light read. Most of us dont keep a book about modular exponentiation on the end table beside our beds.

Thats why its understandable that there would be some confusion when it comes to encryption strengths, what they mean, whats good, etc. Theres no shortage of questions about encryption specifically 256-bit encryption.

Chief among them: How strong is 256-bit encryption?

So, today were going to talk about just that. Well coverwhat a bit of security even is, well get into the most common form of 256-bitencryption and well talk about just what it would take to crack encryption atthat strength.

Lets hash it out.

When you encrypt something, youre taking the unencrypteddata, called plaintext, and performing an algorithmic function on it to createa piece of encrypted ciphertext. The algorithm youre using is called the key. Withthe exception of public keys in asymmetric encryption, the value of theencryption key needs to be kept a secret. The private key associated with thatpiece of ciphertext is the only practical means of decrypting it.

Now, that all sounds incredibly abstract, so lets use an example. And well leave Bob and Alice out of it, as theyre busy explaining encryption in literally every other example on the internet.

Lets go with Jack and Diane, and lets say that Jack wants to send Diane a message that says, Oh yeah, life goes on.

Jacks going to take his message and hes going to use an algorithmor cipher the encryption key to scramble the message into ciphertext. Nowhell pass it along to Diane, along with the key, which can be used to decryptthe message so that its readable again.

As long as nobody else gets their hands on the key, theciphertext is worthless because it cant be read.

Jack and Diane just demonstrated encryption at its mostbasic form. And while the math used in primitive ciphers was fairly simple owing to the fact it had to be performed by a human the advent of computershas increased the complexity of the math that undergirds modern cryptosystems.But the concepts are still largely the same.

A key, or specific algorithm, is used to encrypt the data,and only another party with knowledge of the associated private key can decryptit.

In this example, rather than a written message that bleakly opines that life continues even after the joy is lost, Jack and Diane are doing the best they can on computers (still holdin on to 16 sorry, these are John Mellencamp jokes that probably make no sense outside of the US). Now the encryption thats about to take place is digital.

Jacks computer will use its key, which is really an extremely complicated algorithm that has been derived from data shared by Jack and Dianes devices, to encrypt the plaintext. Diane uses her matching symmetric key to decrypt and read the data.

In the original example there were actual letters on a physical piece of paper that were turned into something else. But how does a computer encrypt data?

That goes back to the way that computers actually deal in data. Computers store information in binary form. 1s and 0s. Any data input into a computer is encoded so that its readable by the machine. Its that encoded data, in its raw form, that gets encrypted. This is actually part of what goes into the different file types used by SSL/TLS certificates, its partially contingent on what type of encoding scheme youre trying to encrypt.

So Jacks computer encrypts the encoded data and transmitsit to Dianes computer, which uses the associated private key to decrypt and readthe data.

Again, as long as the private key stays, you know private,the encryption remains secure.

Modern encryption has solved the biggest historical obstacle to encryption: key exchange. Historically, the private key had to be physically passed off. Key security was literally a matter of physically storing the key in a safe place. Key compromise not only rendered the encryption moot, it could get you killed.

In the 1970s a trio of cryptographers, Ralph Merkle,Whitfield Diffie and Martin Hellman, began working on a way to securely sharean encryption key on an unsecure network with an attacker watching. They succeededon a theoretical level, but were unable to come up with an asymmetricencryption function that was practical. They also had no mechanism for authenticating(but thats a totally different conversation). Merkle came up with the initialconcept, but his name is not associated with the key exchange protocol theyinvented despite the protests of its other two creators.

About a year later Ron Rivest, Adi Shamir and Leonard Adleman created an eponymous key exchange method based on Diffie-Hellman key exchange (RSA), one that also included encryption/decryption and authentication functions. This is relevant because it was the birth of a whole new iteration of encryption: asymmetric encryption.

They also gave us the aforementioned Bob and Alice, which to me at least, makes it kind of a wash.

Anyway, understanding the difference between symmetric and asymmetric encryption is key to the rest of this discussion.

Manage Digital Certificates like a Boss

14 Certificate Management Best Practices to keep your organization running, secure and fully-compliant.

Symmetric encryption is sometimes called private key encryption, because both parties must share a symmetric key that can be used to both encrypt and decrypt data.

Asymmetric encryption on the other hand is sometimes called public key encryption. A better way to think of asymmetric encryption might be to think of it like one-way encryption.

As opposed to both parties sharing a private key, there is a key pair. One party possess a public key that can encrypt, the other possesses a private key that can decrypt.

Asymmetric encryption is used primarily as a mechanism for exchanging symmetric private keys. Theres a reason for this, asymmetric encryption is historically a more expensive function owing to the size of its keys. So public key cryptography is used more as an external wall to help protect the parties as they facilitate a connection, while symmetric encryption is used within the actual connection itself.

In SSL/TLS, asymmetric encryption serves one, extremely important function. It lets the client encrypt the data that will be used by both parties to derive the symmetric session keys theyll use to communicate. You could never use asymmetric encryption to functionally communicate. While the public key can be used to verify a digital signature, it cant outright decrypt anything that the private key encrypts, hence we call asymmetric encryption one way.

But the bigger issue is the key size makes the actual encryption and decryption functions expensive in terms of the CPU resources they gobble up. This is why many larger organizations and enterprises, when deploying SSL/TLS at scale, offload the handshakes: to free up resources on their application servers.

Instead, we use symmetric encryption for the actualcommunication that occurs during an encrypted connection. Symmetric keys aresmaller and less expensive to compute with.

So, when you see someone reference a 2048-bit private key, theyre most likely referring to an RSA private key. Thats an asymmetric key. It needs to be sufficiently resistant to attacks because it carries out such a critical function. Also, because key exchange is the best attack vector for compromising a connection. Its much easier to steal the data used to create the symmetric session key and calculate it yourself than to have to crack the key by brute force after its already in use.

That begs the question: How strong IS 256-bit encryption?If its less robust than a 2048-bit key, is it still sufficient? And weregoing to answer that, but first we need to cover a little more ground for thesake of providing the right context.

Its really important that we discuss bits of security andcomparing encryption strength between algorithms before we actually get intoany practical discussion of how strong 256 bits of security actually is.Because its not a 1:1 comparison.

For instance, a 128-bit AES key, which is half the current recommendedsize, is roughly equivalent to a 3072-bit RSA key in terms of the actualsecurity they provide.

Its also important to understand the difference betweensecurity claim and security level.

This is typically expressed in bits. A bit is a basic unit of information. Its actually a portmanteau of binary digit, which is both incredibly efficient and also not so efficient. Sure, its easier to say bit. But I just spent an entire paragraph explaining that a bit is basically a 1 or a 0 in binary when the original term wouldve accomplished that in two words. So, you decide if its more efficient. Anyway, were not going to spend much more time on binary than we already have, but Ross wrote a great article on it a few months ago that you should check out.

Anyway, security level and security claim are typically expressed in bits. In this context, the bits of security, lets refer to that as (n) refers to the number operations an attacker would hypothetically need to perform to guess the value of the private key. The bigger the key, the harder it is to guess/crack. Remember, this key is in 1s and 0s, so there are two potential values for each bit. The attacker would have to perform 2n operations to crack the key.

That may be a bit too abstract so heres a quick example: Lets say theres a 2-bit key. That means it will have 22 (4) values.

That would be trivially easy for a computer to crack, butwhen you start to get into larger key sizes it becomes prohibitively difficult fora modern computer to correctly guess the value of a private key in any reasonableamount of time.

But before we get to the math, lets double back to securityclaim vs. security level

Typically when you see encryption marketed, youre seeing the Security Claim being advertised. Thats what the security level would be under optimal conditions. Were going to keep this specific to SSL/TLS and PKI, but the percentage of time that the optimal conditions are present is far from 100%. Misconfigurations are commonplace, as is maintaining support for older versions of SSL/TLS and outmoded cipher suites for the sake of interoperability.

In the context of SSL/TLS, when a client arrives at a website a handshake takes place where the two parties determine a mutually agreed upon cipher suite to use. The encryption strength that you actually get is contingent upon the parameters decided on during the handshake, as well as the capabilities of the server and client themselves.

Taking a Closer Look at the SSL/TLS Handshake

In Everything Encryption By Patrick Nohe

Theres a lot going on underneath the hood when you connect to a website via HTTPS. First and foremost, everyone needs to shake hands?!

Read more

Sometimes 256-bit encryption only provides a security level of 128 bits. This is particularly common with hashing algorithms, which measure resistance to two different types of attacks:

So, for instance, SHA-256 has collision resistance of 128 bits (n/2) , but PreImage resistance of 256 bits. Obviously, hashing is different from encryption but there are also plenty of similarities that make it worth mentioning.

Again, this varies based on the algorithm youre using, and it varies from asymmetric to symmetric encryption. As we said, these arent 1:1 comparisons. In fact, asymmetric encryption security level isnt really as scientific as it might seem like it should be. Asymmetric encryption is based on mathematical problems that are easy to perform one way (encryption) but exceedingly difficult to reverse (decryption). Due to that, attacks against public key, asymmetric cryptosystems are typically much faster than the brute-force style searches for key space that plague private key, symmetric encryption schemes. So, when youre talking about the security level of public key cryptography, its not a set figure, but a calculation of the implementations computational hardness against the best, most currently well-known attack.

Symmetric encryption strength is a little easier tocalculate owing to the nature of the attacks they have to defend against.

So, lets look at AES or Advanced Encryption Standard, which is commonly used as a bulk cipher with SSL/TLS. Bulk ciphers are the symmetric cryptosystems that actually handle securing the communication that occurs during an encrypted HTTPS connection.

There are historically two flavors: block ciphers and stream ciphers.

Block ciphers break everything they encrypt down into key-sized blocks and encrypts them. Decrypting involves piecing the blocks back together. And if the message is too short or too long, which is the majority of the time, they have to be broken up and/or padded with throwaway data to make them the appropriate length. Padding attacks are one of the most common threats to SSL/TLS.

TLS 1.3 did away with this style of bulk encryption for exactly that reason, now all ciphers must be set to stream mode. Stream ciphers encrypt data in pseudorandom streams of any length, theyre considered easier to deploy and require fewer resources. TLS 1.3 has also done away with some insecure stream ciphers, like RC4, too.

So, long story short, there are really only two suggested bulkciphers nowadays, AES and ChaCha20. Were going to focus on AES right nowbecause ChaCha20 is a different animal.

TLS 1.2 Recommended Ciphers

TLS 1.3 Recommended Ciphers

GCM stands for Galois Counter Mode, which allows AES which is actually a block cipher run in stream mode. CCM is similar, combing a counter mode with a message authentication functions.

As we covered, you can actually safely run AES in GCM or CCM with 128-bit keys and be fine. Youre getting equivalent of 3072-bit RSA in terms of the security level. But we typically suggest going with 256-bit keys so that you maintain maximum computational hardness for the longest period of time.

So, lets look at those 256-bit keys. A 256-bit key can have2256 possible combinations. As we mentioned earlier, a two-bit keywould have four possible combinations (and be easily crackable by a two-bitcrook). Were dealing in exponentiation here though, so each time you raise theexponent, n, you increase the number of possible combinations wildly. 2256is 2 x 2, x 2, x 2 256 times.

As weve covered, the best way to crack an encryption key is brute-forcing, which is basically just trial & error in simple terms. So, if the key length is 256-bit, there would be 2256 possible combinations, and a hacker must try most of the 2256 possible combinations before arriving at the conclusion. It likely wont take all trying all of them to guess the key typically its about 50% but the time it would take to do this would last way beyond any human lifespan.

A 256-bit private key will have 115,792,089,237,316,195,423,570,985,008,687,907,853,269,984,665,640,564,039,457,584,007,913,129,639,936 (thats 78 digits) possible combinations. No Super Computer on the face of this earth can crack that in any reasonable timeframe.

Even if you use Tianhe-2 (MilkyWay-2), the fastest supercomputer in the world, it will take millions of years to crack 256-bit AES encryption.

That figure sky-rockets even more when you try to figure out the time it would take to factor an RSA private key. A 2048-bit RSA key would take 6.4 quadrillion years (6,400,000,000,000,000 years) to calculate, per DigiCert.

Nobody has that kind of time.

Now would actually be a good spot to talk a little bit about quantum encryption and the threat it poses to our modern cryptographic primitives. As weve just covered, computers work in binary. 1s and 0s. And the way bits work on modern computers is that they have to be a known value, theyre either a 1 or a 0. Period. That means that a modern computer can only guess once at a time.

Obviously, that severely limits how quickly it can bruteforce combinations in an effort to crack a private key.

Quantum Computers will have no such limitations. Now, two things, first of all quantum computing is still about 7-10 years from viability, so were still a ways off. Some CAs, like DigiCert, have begun to put post-quantum digital certificates on IoT devices that will have long lifespans to try and preemptively secure them against quantum computing, but other than that were still in the research phase when it comes to quantum-proof encryption.

The issue is that quantum computers dont use bits, they use quantum bits or qubits. A quantum bit can be BOTH a 1 and a 0 thanks to a principle called superposition, which is a little more complicated than were going to get today. Qubits give quantum computers the power to exponentiate their brute force attacks, which effectively cancels out the computational hardness provided by the exponentiation that took place with the cryptographic primitive. A four Qubit computer can effectively be in four different positions (22) at once. Its 2n once again, so a Quantum Computer with n qubits can try 2n combinations simultaneously. Bristlecone, which has 72 qubits, can try 272 (4,722,366,482,869,645,213,696) values at once.

Again, were still a ways from that and the quantum computer would have to figure out how to successfully run Shors algorithm, another topic for another day, so this is still largely theoretical.

Still, suddenly 4.6 quadrillion years doesnt seem like such a long time.

256-bit encryption is fairly standard in 2019, but everymention of 256-bit encryption doesnt refer to the same thing. Sometimes256-bits of encryption only rises to a security level of 128 bits. Sometimeskey size and security level are intrinsically linked while other times one isjust used to approximate the other.

So the answer to how strong is 256 bit encryption isnt one with a clear cut answer. At least not all time the time.

In the context of SSL/TLS though, it most commonly refers toAES encryption, where 256 bits really does mean 256 bits. And, at least for thetime being, that 256-bit encryption is still plenty strong.

By the time an attacker using a modern computer is able tocrack a 256-bit symmetric key, not only will it have been discarded, youllhave likely replaced the SSL/TLS certificate that helped generate it, too.

Long story short, the biggest threat to your encryption and your encryption keys is still mismanagement, the technology behind them is sound.

As always, leave any comments or questions below

This article was originally written by Jay Thakkar in 2017, it has been re-written for 2019 by Patrick Nohe.

Read more from the original source:
What is 256-bit Encryption? How long would it take to crack?

Email was one of the earliest forms of communication on the internet, and if youre reading this you almost undoubtedly have at least one email address. Critics today decry the eventual fall of email, but for now its still one of the most universal means of communicating with other people that we have. One of the biggest problems with this cornerstone of electronic communication is that it isnt very private. By default, most email providers do not provide the means to encrypt messages or attachments. This leaves email users susceptible to hackers, snoops, and thieves.

So you want to start encrypting your email? Well, lets start by saying that setting up email encryption yourself is not the most convenient process. You dont need a degree in cryptography or anything, but it will take a dash of tech savvy. Well walk you through the process later on in this article.

Alternatively, you can use an off-the-shelf encrypted email client. Tutanota is one such secure email service, with apps for mobile and a web mail client. It even encrypts your attachments and contact lists. Tutanota is open-source, so it can be audited by third parties to ensure its safe. All encryption takes place in the background. While we can vouch for Tutanota, its worth mentioning that there are a lot of email apps out there that claim to offer end-to-end encryption, but many contain security vulnerabilities and other shortcomings. Do your research before choosing an off-the-shelf secure email app.

If youd prefer to configure your own email encryption, keep reading.

Encryption, put simply, is no more than scrambling up the contents of a message so that only those with a key can decrypt it. Sort of like those puzzles you did in school where every letter of the alphabet had to be converted to some other letter of the alphabet so as to decode the final message. Computers make the scrambling far more complex and impossible for a human to crack by hand. When you encrypt an email, its contents are scrambled, and only the receiver has the key to unscramble it.

To make sure only the intended recipient can decrypt the message, email encryption uses something called public key cryptography. Each person has a pair of keysthe digital codes that allow you to decrypt an encrypted message. Your public key is stored on a key server where anyone can find it, along with your name and email address. Conversely, you can find other peoples public keys on keyservers to send them encrypted email.

When you encrypt an email, you use the recipients public key to scramble the message. Due to the technology behind this type of cryptography, the public key cannot be used to decrypt it. The email can then only be decrypted by the recipients private key, which is stored somewhere safe and private on his or her computer.

There are two main types of email encryption methods you need to know exist: S/MIME and PGP/MIME. The former is built into most OSX and iOS devices. When you receive an email sent from a Macbook or iPhone, youll sometimes see a 5-kilobyte attachment called smime.p7s. This attachment verifies the identity of the receiver so only he or she can read the email. S/MIME relies on a centralized authority to choose the encryption algorithm and key size, is easy to maintain, is harder to set up with web-based email clients, and is more widely distributed thanks to Apple and Outlook.

The other heavyweight in email encryption is PGP/MIME, which is what were going to focus on in the latter part of this tutorial. You get more flexibility in how you encrypt emails, it relies on a decentralized, distributed trust model, and its fairly easy to use with web-based email clients. Its also free to get a certificate, which S/MIME is usually not (you buy it when you buy an iPhone or Macbook). With PGP, not only can you choose how you encrypt, you can specify how well encrypted the messages you receive must be.

This makes PGP/MIME cheaper and more flexible, but before we get into that, well look at the S/MIME encryption features built into Outlook and Apple products.

Now that you have a digital certificate/ID, follow these instructions to get it into Outlook:

Okay, so now youve got a digital signature to put on your emails, but they wont appear by default. To attach your digital signature:

At this point we want to remind you that digitally signing an email is not the same as encrypting it. However, if you want to send someone an encrypted message on Outlook, that person needs to have sent you at least one email with their digital signature attached. This is how Outlook knows it can trust the sender. Conversely, if you want to receive an encrypted email from someone else, youll need to send them one unencrypted email first with your digital signature on it. This is a tedious downside to S/MIME. You can digitally sign your email just by clicking the new Sign button before sending.

Now that you have each others digital signatures and certificates saved into your respective key chains (address books), you can start exchanging encrypted emails. Just click the Encrypt button that we added before hitting send, and thats all there is to it!

S/MIME support is built into the default email app on iOS devices. Go into the advanced settings, switch S/MIME on, and change Encrypt by Default to Yes. Now when you compose a new message, lock icons will appear next to recipients names. Simply click the lock icon closed to encrypt the email.

iOS consults the global address list (GAL), a sort of keyserver for S/MIME certificates, to find contacts in your exchange environment. If found, the lock icon will be blue.

When you receive that email, do the following:

To send encrypted messages in the default mail program in Mac OSX requires the same condition as iOS and Outlook: you must first have the recipients digital signature stored on your device. When you compose a message and type in the recipients email, a checkmark icon will appear to show the message will be signed.

Next to the signature icon, a lock icon also appears. Unlike iOS where you can select which recipients will receive encrypted email and which dont, OSX is an all-or-nothing affair. If you dont have the certificate for all of the recipients, the email cannot be encrypted.

Remember to sign emails only after youve finished writing them. If its been altered, the certificate will show up as untrusted.

On Android, youve got a couple options for how to encrypt your email. The CipherMail app allows you to send and receive S/MIME encrypted mail using the default Gmail app and some 3rd-party apps like K-9. It follows the same certificate rules as what we already discussed above.

The other option is to use PGP/MIME, which requires both an email app and a keychain to store certificates. PGP requires a bit more setup, but you dont need to receive someones digital signature in advance to send them encrypted email.

OpenKeychain is a simple and free keychain tool for storing other peoples certificates. It works well with K-9 Mail, but some other email apps might also be compatible.

In OpenKeychain, you can create your own public and private keys. Input your email address, name, and password, and it will generate these keys for you. If you have an existing key, you can import it. To use a generated key with other devices and apps, you may export it.

OpenKeychain also helps you search for other peoples public keys online so you can send them encrypted email. After youve added someones public key to your keychain, they will be saved for more convenient use later.

To use OpenKeyChain with an email app, go into the email apps settings and make OpenKeyChain your default OpenPGP provider. This process varies from app to app, but it should just take a bit of digging through settings menus to find it. Not all email apps (including Gmail) will support encryption, however.

For web-based email clients like Gmail, we recommend a PGP/MIME encryption solution, as they are far easier to incorporate than S/MIME. For the purposes of this tutorial, were going to use a Chrome extension called Mailvelope with Gmail. Most browser extensions work in a similar manner, however, and follow the same basic principles. You can also consider EnigMail, GPGTools, and GNU Privacy Guard.

To get started, install the extension and open the options menu. Start by generating your own key: enter a name, email, and password and click Generate. Most email encryption extensions come with a built-in key generator and key ring. If you already have a key, just select the option to import it via copy and paste.

Now youve got an encryption key, but it doesnt do much good if no one can find your public key to send you encrypted mail. You can upload your public key to a keyserver. We suggest MITs keyserver because its popular, free, and easy to use. In the Mailvelope settings, navigate to Display Keys and click on the one you just made. Go to Export to see the plain text of your public key. Copy it to your clipboard.

Head to the MIT PGP Keyserver and paste your key into the Submit a Key field and hit submit. Now go back to the MIT keyserver homepage and search the name you entered. You should see your key listed.

Take note of the key ID, which is displayed both in the Mailvelope settings and on the MIT listing. This is useful if you have the same name as someone else on the keyserver because it serves as a unique identifier. Journalists, for instance, often publish their key ID onto their online profiles and social media so sources know for certain that they are emailing the right person.

While were on the MIT keyserver site, you can use it to search for the public keys of others. Click on the key ID of the person you are searching for to display the plain text of their key. Copy it and paste it into the import section of Mailvelope to add it to your keyring.

Now that youve added recipients to your key ring and made your own public key available to others, you can start sending and receiving encrypted mail. Mailvelope adds a button to the Gmail composer that opens another window where you can type out the message you want to encrypt. When youre done, hit the encrypt button, choose the recipient, and transfer the encrypted text into the email. You can add unencrypted text in the email as well, but dont tamper with the encrypted text.

When you receive an encrypted email, the browser extension you chose should automatically recognize it and offer to decrypt it. The recipient will need an extension or some sort of PGP decryptor app on their end. In Mailvelopes case, I just click the icon that appears hovering over the encrypted text, enter my password, and voila!

The downside to Mailvelope, and indeed most web-based encryption extensions, is that they dont encrypt attachments. You can use Gnu Privacy Guard to encrypt attachments with PGP before uploading them, which allows you to encrypt using the same key pair. Or you can opt for any one of these file encryption apps.

Encryption only hides the content of the message, not the senders email address. For any number of reasons, a time may come when you need to send an email anonymously to hide your identity. To do this, a few burner email services will give you a temporary fake email address.

Guerrilla Mail is our top choice. You can set up a disposable email address from which you can send and receive messages. It includes a password manager so you dont have to memorize passwords for multiple burner accounts. Best of all, its completely web-based with no registration required, which makes hiding your identity that much more effective.

Zmail is another solid option for sending fake email if you prefer a desktop client rather than a web app.

Nine out of 10 viruses that infect computers come from email attachments. No level of encryption will protect you from being careless. Its therefore very important to scan all email attachments before opening them, especially from senders you dont recognize. Viruses disguised as Microsoft Word documents are especially common. Many email clients, including Gmail, will automatically scan attachments for you, but others will require you do so manually.

Dont click on links in emails from unreliable sources. In fact, just dont open emails altogether if they dont look trustworthy. A spam blocker will go a long way toward avoiding these.

If you email a large group of people, use BCC so spammers cant get a hold of the list. Conversely, if someone includes you in a long list of CCed email addresses, dont hit reply all without carefully considering the alternatives.

Finally, set a strong password on your email account and change it every so often. Read through our guidelines if youre not sure what constitutes a strong password or use apassword strength checker if youre still unsure how strong yours is.

Now, lets get on with encryption.

Related: Cyber security statistics

Many apps and email services out there promise email encryption but dont use S/MIME or PGP/MIME. These are indeed much easier and faster to set up, but be aware that they roll their own encryption and may not strive for the same privacy standards. SafeGmail and Virtru are examples of these, and we dont recommend them.

We encourage you to upload your public PGP key to a keyserver, but its not required. Instead, you can just send the plain text of your public key to the person(s) that you want to receive encrypted from.

Email encryption provides a secure means of sending messages containing sensitive material as well as a means for others to send you sensitive material. Journalists use it to correspond confidentially with sources. Businesses use it to relay trade secrets and classified documents. Lawyers use it to keep sensitive client and case information safe. You get the idea. In our opinion, email encryption is something you should have readily available when the need arises, but its not necessary for everyday communication.

See also: Can your employer read your personal emails?

Related: Looking for a VPN to protect your privacy? See our list of the best VPN services.

See the original post here:
How to encrypt email (Gmail, Outlook iOS, OSX, Android ...

A new bill would reduce legal protections for apps and websites, potentially jeopardizing online encryption. The draft bill would form a National Commission on Online Child Exploitation Prevention to establish rules for finding and removing child exploitation content. If companies dont follow these rules, they could lose some protection under Section 230 of the Communications Decency Act, which largely shields companies from liability over users posts.

Reports from Bloomberg and The Information say that Sen. Lindsey Graham (R-SC) is behind the bill, currently dubbed the Eliminating Abusive and Rampant Neglect of Interactive Technologies (or EARN IT) Act. It would amend Section 230 to make companies liable for state prosecution and civil lawsuits over child abuse and exploitation-related material, unless they follow the committees best practices. They wouldnt lose Section 230 protections for other content like defamation and threats.

The bill doesnt lay out specific rules. But the committee which would be chaired by the Attorney General is likely to limit how companies encrypt users data. Large web companies have moved toward end-to-end encryption (which keeps data encrypted for anyone outside a conversation, including the companies themselves) in recent years. Facebook has added end-to-end encryption to apps like Messenger and Whatsapp, for example, and its reportedly pushing it for other services as well. US Attorney General William Barr has condemned the move, saying it would prevent law enforcement from finding criminals, but Facebook isnt required to comply. Under the EARN IT Act, though, a committee could require Facebook and other companies to add a backdoor for law enforcement.

Riana Pfefferkorn, a member of the Stanford Law Schools Center for Internet and Society, wrote a detailed critique of the draft. She points out that the committee would have little oversight, and the Attorney General could also unilaterally modify the rules. The Justice Department has pushed encryption backdoors for years, citing threats like terrorism, but they havent gotten legal traction. Now, encryption opponents are riding the coattails of the backlash against big tech platforms and fears about child exploitation online.

Techdirt founder Mike Masnick also notes that Section 230 doesnt cover federal crimes so the Justice Department could already prosecute companies if theyre enabling abuse. This bill would just let it write a new set of rules by threatening much broader liability.

A spokesperson for Grahams Senate Judiciary Committee emphasized to Bloomberg that the bill isnt final. And the Justice Department is taking a closer look at Section 230 next month, holding a public workshop to discuss potential changes.

Read more:
A new bill could punish web platforms for using end-to-end encryption - The Verge

By William GallagherSaturday, February 01, 2020, 01:35 pm PT (04:35 pm ET)

Republican Senator Lindsey Graham is behind a draft bipartisan bill called the 'Eliminating Abusive and Rampant Neglect of Interactive Technologies Act of 2019'' or EARN IT. Its stated aims are to "develop recommended best practices... regarding the prevention of online child exploitation." However, the methods Graham proposes would effectively ban all end-to-end encryption.

"The absolute worst-case scenario could easily become reality," think tank TechFreedom president Berin Szoka told Bloomberg. "DOJ could effectively ban end-to-end encryption."

The act would introduce a National Commission on Online Child Exploitation Prevention "and for other purposes." Senator Graham's draft bill proposes a structure for the Commission, which would comprise 15 people including the US Attorney General.

The greater part of Senator Graham's proposals outline creating and enforcing age limits for online material, plus a rating system to categorize images by severity.

At no point does the draft bill mention encryption, however its requirements cannot be complied with if end-to-end encryption is used. Companies with any public or private online discussion areas, such as Whatsapp and Facebook, would be required to divulge user details to law enforcement.

"[Best practices] shall include... coordinating with law enforcement agencies and other industry participants to preserve, remove from view, and report material relating to child exploitation or child sexual abuse," says the draft bill.

"[Also] retention of evidence and attribution or user identification data relating to child exploitation or child sexual abuse, including such retention by subcontractors," it continues.

Senator Graham's proposals explicitly state that the result will be changes to the Communications Decency Act of 1934, which currently allows online services to shield themselves from lawsuits over such materials.

Neither Apple nor any online companies have publicly responded to the proposals yet. However, Apple has and continues to be a strong and vocal proponent of the necessity for end-to-end encryption and the dangers of removing it.

There is currently no date for when the draft bill will proceed further toward legislation.

However, it comes after FBI officials have reportedly been concerned over US Attorney General William Barr's pressures to weaken or remove end-to-end encryption.

Most recently, Apple's senior director of global privacy, Jane Horvath, spoke at CES in January about the company's position on weakening encryption to help combat crime.

"Building back doors into encryption is not the way we are going to solve those issues," she said.

Continue reading here:
Apple's end-to-end encryption threatened by new proposed bill - AppleInsider

You may not think much about encryption day to day, but its the reason the FBI can't easily get at the data on the iPhones that come into its possession; it also means if someone steals your phone, they won't be able to get anything off it without the PIN code.

In terms of individual apps, it stops anyone from snooping on your WhatsApp and Signal conversations when theyre in transit from one device to the otherand that includes anyone who works at WhatsApp or the Signal Foundation. In short, it makes it much, much harder for anyone to get at your photos, messages, documents, and everything else you've got stored on your phone. Heres how to make sure its working for you.

iPhone Encryption

It was the 2014 release of iOS 8 that encrypted every iPhone back to the 4S by default. Much to the chagrin of various law enforcement agencies, that encryption has only gotten tougher over time.

Everything on an iPhone is locked down as soon as you set a PIN code, a Touch ID fingerprint, or a Face ID faceyour PIN, fingerprint, or face acts as the key to unlock the encryption, which is why you're able to read your messages and view your files as soon as your phone is unlocked.

This is also why you should never leave your phone lying around unlocked if you value the data on it. You can configure the screen lock on your iPhone by going to Face ID & Passcodeor Touch ID & Passcodeon the iOS Settings menu. If you go the PIN route, use at least a six-digit alphanumeric code. Anything shorter, or using numbers only, is too easy for forensic devices to brute-force.

Encryption extends to backups of your iPhone made through Apple's own software too, whether that's on the web in iCloud, or in iTunes or Finder on a connected computer. (Tap your name at the top of the iOS Settings screen, then iCloud and iCloud Backup to set which one you're using.) You can choose to leave local iTunes or Finder backups unencrypted if you want, via the tick box labeled Encrypt local backup on the Summary or General tab.

iCloud backups are encrypted, but Apple can potentially get at them if needed.

However, theres a crucial distinction between data on your iPhone and data in your iCloud backups. While the latter are encrypted and thus protected against hackers, Apple does hold its own key to decrypt them and will pass the data on to law enforcement if forced to. Apple will also use it to help you regain access to your backup if you lose it. If thats a concern for you, keep your backups stored locally on a Windows or Mac laptop.

Android Encryption

The encryption picture used to be patchy for Android, but in the past three or four years most new Android smartphonesincluding the popular Samsung Galaxy and Google Pixel lineshave come with encryption enabled by default. You can check this under Advanced and Encryption and Credentials in the Security page of Settings.

Continued here:
How to Get the Most Out of Your Smartphone's Encryption - WIRED

The United States government, as well as US law enforcement agencies, care a lot about iOS and Android encryption. Smartphone data can reveal a lot about terrorists, people who conduct mass shootings, and even general criminals. If officials conduct investigations properly, that data can be used in court as evidence.

Thats why there have been lots of headlines recently about the US government trying to convince companies such as Apple to hand over so-called backdoor access to our smartphone data.

However, critics argue that the government having easy access to your private data pretty much defeats the purpose of encrypted data in the first place, and Apple (among other companies) have mostly refused to cooperate. According to a new expos from Vice, though, the government appears to be doing fine with cracking smartphone encryption, with or without help from the smartphones creators.

At least, thats the case when it comes to most iPhones. When it comes to Android encryption, the job is reportedly getting increasingly more difficult for investigators.

Detective Rex Kiser, who conducts digital forensic examinations for the Fort Worth Police Department, had this to say toVice: A year ago we couldnt get into iPhones, but we could get into all the Androids. Now we cant get into a lot of the Androids.

Vices investigation into the matter shows that Cellebrite one of the most prominent companies that government agencies hire to crack smartphones has a cracking tool that can break into any iPhone made up to and including the iPhone X. The tool pulls data such as GPS records, messages, call logs, contacts, and even data from specific apps such as Instagram, Twitter, LinkedIn, etc., all of which could be incredibly helpful in prosecuting criminals.

However, that same Cellebrite cracking tool is much less successful with Android encryption on prominent handsets. For example, the tool could not extract any social media, internet browsing, or GPS data from devices such as the Google Pixel 2 and Samsung Galaxy S9. In the case of the Huawei P20 Pro, the cracking software literally got nothing.

Some of the newer operating systems are harder to get data from than others, Kiser toldVice. I think a lot of these [phone] companies are just trying to make it harder for law enforcement to get data from these phones under the guise of consumer privacy.

If you own one of those Android phones just mentioned or even newer phones from those same companies, dont think that your phone is uncrackable. Just because Cellebrites tool doesnt work doesnt mean investigators cant extract the data they need. The process just becomes more labor-intensive and takes more time and resources. Even a brand new phone, such as the iPhone 11 Pro Max, can be cracked, according toVices sources. It just isnt as easy as hooking it up to a cracking tool and watching the data flow.

Related:How does encryption work? Gary explains!

Either way,Vices article heavily suggests that Android phones are the safer alternative as compared to iPhones if your main concern is security and privacy. After all, law enforcement organizations arent the only people after your data: criminal enterprises could use the same tools to get your information illegally. For now, this article makes it seem that Android encryption is the way to go to best avoid those situations.

Excerpt from:
Forensics detective says Android phones are now harder to crack than iPhones - Android Authority