- What is Encryption?
- How does encryption work?
- Modern Encryption Technology
- Modern Encryption Protocols
- How To Encrypt Everything
- Encrypt And Secure Your PC
- How To Delete Data Securely On Windows?
When we hear the word encryption on the news, it stirs up 007 secret agent images with a briefcase full of advanced technology for picking every lock of the world. However, that is just imagination! We are secret agents of our own as we all use encryption almost every day, even if we do not understand the “why” and “how” of it. This guide answers your question, what is Encryption and how does encryption work, and helps you encrypt everything.
Today, as the world is experiencing the cyber criminal activities at mass scale, data security is an important priority and necessity of every person. Almost, every device we use today utilizes some form of encryption technology. If encryption helps us to provide data security, then we are on board to encrypt everything and secure our personal information.
Encryption is a straightforward and modern word for old cryptography. In the 19th century, the era of World War II, German used ciphers of cryptography to secure their communication but failed by the code breaking of Alan Turing of England.
Encryption uses a sophisticated form of algorithms (ciphers) and turns readable text into random characters (encrypt) that are unreadable without a right key to re-assemble the data into a meaningful form (decrypt).
There are two forms of encryption methods are in use today.
- Public Key Encryption (asymmetric encryption)
- Private Key Encryption (symmetric encryption)
The two encryption methods are similar, as they encrypt everything and hide user data to hide it from others and decrypt it with the right key to make it readable. However, they differ in performing the steps taken to encrypt the data.
Public Key (asymmetric) encryption uses two keys method, a recipient’s public key, and a mathematically matching private key.
In a simple example, if Brian and Michelle both had keys to a safe box, Brian has a public key and Michelle has a matching private key. As Brian has the public key, he could unlock the safe box and put stuff in it, but he can not view what’s already in that safe box or take anything. While as Michelle has the matching private key, she could open the safe box to see or remove the stuff that is already inside it, but to put things in it, she would require an additional public key.
In a technical sense, Brian can encrypt everything of the data with a public key and send it to Michelle, and Michelle can only decrypt data (with a matching private key). What it means is that a public key is required to encrypt data, and a private key is needed to decrypt it. However, to further encrypt the data an additional public key is required.
Private Key (symmetric) encryption is different from public key encryption in the sense of usage of keys. There are still two keys required in the process of encryption, but both the keys are now substantially similar.
In a simple sense, Brian and Karen both have the keys to the aforementioned safe box, but in this case, both keys perform the same thing. Both are now able to add or remove stuff from the safe box.
In a technical sense, Brian can now encrypt everything and decrypt data with his key, like Michelle.
As the world has advanced and new technologies have taken the place of the old working methods and machines. Modern encryption technology has shifted to more advanced algorithm methods and larger key sizes to hide encrypted data. In concept, the larger the key size gets a possible combination one has to go through to decrypt the data.
As the key-size and algorithms continue to improve, the more amount of effort and time it takes to crack the encryption code using brute force attacks. For example, 40-bit and 64-bit difference looks small in value but in actual, the 64-bit encryption is 300 times harder to crack than a 40-bit key. Nowadays, most new encodings use minimum 128-bit, with some of the encryptions use 256-bit keys or higher. For example, a 128-bit key would require 340 trillion possible combinations to crack the encryption. You can imagine how longer it would take to encrypt 256-bit key.
The DES (Data encryption standard) is a form of symmetric-key (private key) algorithm for the encryption of data. It developed in the seventies at IBM. In 1999 it was declared insecure as EFF (Electronic Frontier Foundation) managed to crack its 56-bit key in 22 hours. Triple DES introduced with another common name Triple Data Encryption Key Algorithm (TDEA or Triple DEA) which works on the same concept of DES but with the triple layer of protection with a 168-bit key to encrypt everything.
The AES is a subset of original algorithm Rijndael. The AES uses the symmetric-key algorithm, meaning the same key is used both for encrypting and decrypting the data. AES first utilized by the U.S. government and is now adopted worldwide. It surpasses the old DES encryption algorithm and uses different size key lengths 128, 192, and 256-bits to encrypt everything. The robust encryption of AES is considered computationally infeasible to crack. It uses little system resources and provides strong performance.
RSA developed by three cryptographers Rivest, Shamir, and Adleman and introduced in 1977. It is one of the first to use an asymmetric-key algorithm which creates two keys, one public key to encrypt the data and one private key to decrypt it. RSA generates a public key based on two large prime numbers, with an auxiliary value to encrypt everything on the data. However, with currently published methods anyone with advanced knowledge of prime numbers can decrypt the electronic data. RSA is a slow algorithm and is less commonly used to encrypt everything of user data. It is a source of some modern encryption technologies such as PGP (Pretty Good Privacy).
ECC (Elliptic Curve Cryptography) is the most robust encryption algorithm today to encrypt everything on the data and uses new encryption protocols such as PGP, SSH, and TLS. It is an asymmetric public-key encryption algorithm based on the algebraic structure of Elliptic curves. ECC requires smaller encryption keys while providing equivalent encryption in comparison to non-ECC algorithms. The efficiency of ECC and smaller size keywords makes them ideal for a modern embedded system such as smart cards. The NSA supports this technology, as a successor to previous RSA algorithm.
An encryption protocol is a concrete or abstract protocol used to perform security-related functions and apply above mentioned algorithms to encrypt everything. A protocol is a host who describes how an algorithm should be used to help secure data-in-transit between two parties.
Following are the components of a security protocol.
- Access Control – It authenticates the user profile and authorizes access to resources.
- Encryption Algorithm – combined with other various security methods to encrypt data.
- Key Management – Creation, Distribution, and Management of keys.
- Message Integrity – Ensures the security of encrypted data.
The most common and widely used protocols are listed below for better understanding the everyday encryption.
Secure Socket Layer (SSL) was the leading encryption protocol before TLS replaced it. It was developed by Netscape and was widely in use to website identity validation. SSL performs three actions to ensure encrypt everything of the connection.
Transport Layer Security (TLS) is the successor to SSL. TLS is similar to SSL (SSL v3) but different in application and neither inter-operable. However, most web browsers and websites support both the encryption protocols.
Secure Shell (SSH) is a network protocol and applies on unsecured networks to ensure the security of network services operations and to encrypt everything of the connection. The best example of its application is when users connect to a remote location.
SSH creates a secure channel between a client (e.g. a web browser or application) and the server (e.g. company network). The protocol is specified in two major versions SSH-1 and SSH-2. The most common use of this protocol is Unix-like OS connecting to shell accounts. It has limited use in Windows OS, but Microsoft is looking forward to providing native SSH support in future.
PPTP (Point-to-Point Tunnel Protocol) is an outdated method to implement Virtual Private Networks (VPN). It relies on creating a point-to-point tunnel instead of encryption or authentication features. It offers 40-bit to 128-bit of encryption to encrypt everything of the communication.
SSTP (Secure Socket Tunnel Protocol) is a form of VPN tunneling that provides the mechanism for encryption, authentication, key negotiation to transport PPTP data through TLS/SSL channel. SSTP was intended for remote client-server connection, and it does not support VPN tunnel in general.
L2TP (Layer 2 Tunneling Protocol) is an encrypted tunnel protocol used to support VPNs or as part of ISPs connection security. It does not provide any encryption, but rather, it relies on the encryption of other encryption protocol like IPSec to offer encryption features.
OpenVPN is an open-source application that implements the techniques of VPN for creating secure point-to-points connection in remote access facilities. It uses a protocol which offers SSL/TLS encryption for key exchange. It is the most popular encryption protocol to create a VPN connection.
As we have discussed the concept and methods of encryption above, now it is time to go nitty-gritty and How-To on the implementation of encryption. We now start from the broader home network to the single file of inside your computer along with mobile device while on the go.
You can encrypt your home network with these four easy steps.
Log in to your wireless router
- Physically look at the back of your router to see make and model with IP address and login details, then log in.
- For Example, if your default IP address is 192.168.1.1, and default username/password as admin, then do the following:
- Open your web browser by typing 192.168.1.1 in the address bar and click enter.
- When prompted to enter username and password, enter “admin” in both fields.
- If your router is set to default “admin” credentials, then you should consider changing it from unauthorized access.
Enable MAC Filtering
A media access control address (MAC address) is a unique network address assigned to network technologies, including Ethernet and WiFi. Mac Filtering is probably the easiest way to prevent unauthorized access from your wireless network, but the least secure as well. You can enable the White-list of MAC addresses to allow specific MAC addresses to allow internet access and block others.
Using encryption on your wireless network is important. Not only it prevents unauthorized access to the network, but it also blocks internet traffic listening. Two mostly used types are listed below.
- WEP – This is the common type of encryption enabled in most routers. It prevents your neighbors and passersby from access to your network. However, this encryption can breaks in 2 minutes by hackers.
- WPA2 – This is one of the most common types of network encryption and comes enabled in some routers. WPA2 provides more security than WEP and has not cracked yet, but it’s not available in some of the older devices.
Deciding between WEP, WPA2, or Mac Filtering
WPA2 is the most secure encryption to prevent access to the network. If you have an older device that does not support WPA2 security, then opt for WEP security. If you are unsure how to setup network encryption, MAC filtering is the least secure and easy to setup.
Disable SSID Broadcasting
This option decides whether people can see your Wi-Fi signals. This option is not necessarily recommendation as it may be invisible to those nosy neighbors, but it will not protect you from any serious hackers. It can also make setting up your home network difficult. So, it is as good only to know about it and rely on encryption rather than disabling SSID broadcasting.
You can set up wireless on a Mac OS X system. For a detailed guide on network encryption; you can follow our standalone guide on how to encrypt your network.
Communication is a two-way process. You send requests to your network through your personal computer and the network in return process those requests. If your PC is secure than it can block malicious attacks from infected networks. If it is not secured, then the chances are that potential malicious attacks like malware, ransomware, Trojans can infect your PC. Good news is that you can strong arm your PC with encryption and security. We are listing some recommendation to help you encrypt your PC. Note: For complete settings of encrypting a Mac; follow the guide on Mac Encryption: An Extensive Guide to security.
Administrator user accounts are active by default when you install an operating system on any computer device. Administrator access gives anyone with the special privileges to modify core system files and install and overwrite application data. Administrator account puts you at a disadvantage because people can easily access or hack into the account physically or over the network. Also, place a strong password including special characters in both the accounts.
In Windows: Settings > Control Panel > User Accounts & Family Safety > User Accounts > Manage Another Account
UAC (User Access Control) is a technology and security infrastructure in Microsoft Window OS. It provides Windows OS a sandbox approach in which every application has to take permission before execution. It prevents malware from compromising your operating system.
In Windows (Only): Settings > Control Panel > User Accounts & Family Safety > User Accounts > Change User Account Control Settings.
Bitlocker is a built-in feature of Windows OS, and it performs full disk encryption on your computer system. However, it is only available in Professional and Enterprise versions of Microsoft Windows OS. To check BitLocker support in your Windows OS:
In Windows (Only): My Computer > Right-Click C drive > See the option “Turn On BitLocker.”
If it is there, then congratulations your Windows OS does support encryption functionally. If not, then you can use third-party software. Check our guide on how to encrypt your hard drive for full disk encryption with the best encryption software recommendations.
When you delete data on your computer, the files removes temporarily from your system which can recover from a third-party data recovery app. To permanently delete your data you can use a software like BleachBit (recommended by EFF). In Mac OS X: Delete your files to the Trash, Select “Finder” > Secure Empty Trash.
It might sound many applications, but in fact, only one software or a combination of two software can provide all these features. Nearly all of the antivirus security companies offers all these features in their paid versions. Antivirus and Anti-Spyware features ensure that your system remains clean from all the malware, Trojans, ransomware and other viruses. Anti-Theft is a new feature which keeps a tab on your device location through location service, in case if your device is lost or stolen, then you can wipe your data from remote locations. Network Intrusion Prevention feature continuously scans your internet packets transfer for potential threats and notify you of malicious activities.
Most of the malware and trojans installs in our system through the web browser exploitation. Once we visit a malicious website, it redirects us to malware which exploits web browser vulnerabilities to install malware applications or ransomware. Alternatively, we allow others to snoop in our personal information while connecting to a public unsecured wireless network. To overcome such problems, you can install a VPN service to your system. VPN provides anonymous connection and encrypts Internet traffic. VPN service offers a minimum of 256-bit AES bank-level encryption and supports SSL VPN and PPTP VPN protocols, among other popular ones. Setting up a VPN on Linux, Windows or Mac provides an extra layer of security to your web traffic and hides your original location from snoopers like government, ISPs, and hackers.
By default, your emails are not encrypted, even by popular email services like Yahoo, Gmail, and Microsoft. Their email clients rely on third-party encryption application to do their job. You can encrypt your emails by some extensions on stores like Google Chrome. Follow this setup guide on how to encrypt your email for a detailed application.
Your necessary files and folders are accessible by anyone with physical access to your computer. Files and folders are the first to be affected by an infected virus, and you all of your necessary data and information in just a few seconds. You can prevent this problem by encrypting files and folders on your computer using built-in features and third-party software to ensure PC encryption. You can follow this setup guide on how to encrypt files and folders for a detailed application.
Similarly, your text files, Excel sheets, PowerPoint presentations are also accessible by anyone physically and over the network. You can prevent access to your text file by encrypting it. You can follow this setup guide on how to encrypt a text file for a detailed application.
When we visit your favorite websites frequently, we save username and passwords for those sites to avoid re-entry of passwords each time. Our web browsers are prone to exploits; hackers can exploit our web browser vulnerabilities to gain unauthorize access to our saved site preferences, cookies, and saved credentials. You can prevent such problem with the use of some password protecting program like KeePass X (recommended by EFF). Once, you set up the program you need to enter a master password only once for accessing all the passwords. You can follow the complete guide on how to encrypt a password.
How to encrypt your phone?
People use their mobile phones as a personal computer. Smartphones offer you the flexibility of work while moving. You can do a bank transaction, do online shopping, talk to your friends on instant messaging apps, run your business CRM and much more. That is why the focus of hackers nowadays is more towards hacking into your smartphones like Android and iPhones. You can avoid such problem by following this guide on how to encrypt your phone and some best encryption apps for Android and iPhones.
We have listed some of the best encryption practices to strong arm your devices against hacking attacks. You can read further detailed topics on each subject listed here by following their links. The main aim of this guide is to provide security, privacy, and freedom to every person connected to the internet. We keep on updating the topics and list for latest tips and news, stay connected with us and be encrypted.