If you are looking for ways to secure your privacy online, you should know by now that the first step is to use encryption for everything. Yet, cryptography is not exactly the most popular or easily digestible of sciences. It could be hard to make sense of all the protocol and algorithm names flying around.
Cryptography is the science of concealing secrets by scrambling messages into incomprehensible form. Encryption is the process it employs. While this is a field that is over two millennia old, most of the current jargon – and the terminology you will encounter when looking for secure online communications – is from the past 30-40 years. Here is the basic vocabulary you need to “speak” encryption.
To encrypt something, you need to use a key. Then, to decrypt it, you need the same key. This is the most logical thing in the world, isn’t it? Like you and your roommate having separate, but identical keys for your place that unlock the same door. This is what symmetric encryption is – algorithms that use the same key to both encrypt and decrypt data. AES, Twofish and Blowfish are all examples of contemporary (and reliable) symmetric algorithms.
There is another branch of cryptography that relies on different keys for the different processes. It is called asymmetric, or public key cryptography and in it, you have a pair of keys: a public one for encryption, and a private one for decryption. This could be more confusing, but think of the one key as the lock rather than as a key – everyone can put something in someone’s mailbox (because it’s public), but only they can unlock it (because only they have the private key). RSA is the ubiquitous asymmetric algorithm, and it is used in PGP encryption.
Okay, you encrypt your messages and send them to your contact who has the symmetric or asymmetric key to decrypt them, right? It is not that simple. You have to send the message over a network. How does it get from point A to point B? Link encryption is one of the options. In it, the message is encrypted only while in transit, but is decrypted at every node of the network so it could be forwarded to the next one. In other words, your messages are encrypted while they travel over the air between your device and the nearest cell tower. If someone intercepts a message, they wouldn’t be able to read it. The people operating the network, though, would.
This is why we always advise for using end-to-end encryption when you seek confidentiality. In this case, your messages get encrypted on your end and decrypted only once they reach your recipient. No one along the way is able to decrypt them because they don’t have the key. This is the ultimate defense against digital eavesdropping. Reliable end-to-end encryption protocols include PGP, OTR, OMEMO, Signal, and ZRTP, among others.
The more complex a key is, the harder it is to break a lock. It is the same with cryptographic keys. The general rule of thumb is that the bigger they are, the better security they offer. The reason is simple. To brute-force a message – which means to decrypt a message by guessing the key until they get it – attackers need to try more combinations if the key is bigger. However, you can’t just have keys the size of the Sun and be done with it. Encryption has to be fast to be practical. Absurdly big keys can weigh on processing time. That’s why, today’s highest standard is 4096-bit keys for RSA and Diffie-Hellman, and 256-bit ones for AES.
The difference between AES-128, AES-192, and AES-256 is, as you might have guessed after reading the above paragraph, is in the size of the keys these algorithms use. Like with horsepower and car engines, the more, the merrier. And like cars, all three do their basic job, regardless of the fact that one of them is superior. However, when you see that a company implements AES-256 in their product, you can see that they are striving to keep it future-proof against eventual advances in computing that will render older algorithms breakable.