Encryption... That enigmatic word the media, governments, politicians, agencies, and various organizations have been discussing for quite some time. Should we all use encryption? Is encryption dangerous? Should we ban encryption? But we at Secure Group bet that many people caught in this discussion would actually fail to answer the single most important question about it. Namely, what is encryption?
Do you think all journalists or politicians really understand encryption? Yes? Then what's the difference between encryption, cryptology, cryptography, and cryptoanalysis?... Ah, now it's a "no" perhaps.
Encryption vs cryptology, cryptography, and cryptoanalysis
A lot of people might guess that at least some of these terms are interchangeable. But they aren't at all, none of them.
Cryptology is the science behind it all. The thickest book on the shelf. It studies turning information into code, decoding that information via a key, as well as breaking that code without a key in order to extract the information. In brief: encode, decode, break the code.
Cryptography is the scientific branch of cryptology that deals with encoding, i. e. how to use secret writing that only the intended recipients can understand by decoding it with a key.
Cryptoanalysis is the archenemy or cryptography because it focuses on how to analyze and reverse-engineer encoded messages without having that key.
Encryption is rather similar to cryptography because it's actually part of it. But while cryptography is the science, encryption is the cryptographic process of encoding information in such a way that only authorized people can read it.
What is encryption? Let's elaborate.
Now that we cleared the basics, it's time to dive deeper into encryption.
First of all you need to remember that encryption itself doesn't prevent interception. What it does is to ensure that even if spies obtain some information, they won't be able to read it because it's encoded and they don't have the key. So these poor spies end up with several unpleasant choices:
- Figure out the code via cryptoanalysis (which can take forever is the encryption code is complicated enough)
- Obtain the key to decrypt this message (which in modern cryptography is nearly impossible but there's a chance if the key is public)
- Kidnap a person who has the key (in which case why even bother intercepting)
- Or shoot themselves (the risks of the profession...)
Don't forget that encryption isn't mean to protect communication only. It can protect any kind of information, no matter if it's in transit or stands still somewhere in a device. So everything from emails, instant messages, and voice calls to all kinds of files, folders and partitions can be subject to encryption.
Now let's go back to the encryption process. Basically, first you have the information that needs to be delivered, referred to as plaintext in cryptography. To encrypt it, you need to use a cryptographic algorithm which turns plaintext into ciphertext. To decipher the encrypted information, i. e. to return it to its plaintext format, you need the proper key, which is often generated in a (pseudo)random way.
This could be as simple as replacing letters with numbers. But since the ages before Christ, when people started experimenting with secret communication, cryptology has evolved a lot, especially during World War II and The Cold War. And today there are cryptographic methods that are virtually unbreakable. Unless you have a quantum computer, which is still closer to science fiction than to reality.
So, put short, encryption is what you do after you answer the following question: "How do I keep this information unreadable for people that should never read it, even if they obtain it?". It's the cryptographic action.
The two main types of encryption
To complete the basic picture, I should also mention that there are two types of encryption: private-key encryption and public-key encryption.
Private-key encryption, also known as symmetric encryption, is the older type of the two. It encompasses all cryptographic methods in which two or more communicating people use the same key encrypt and decrypt information. Less commonly, there might be slightly different keys that are, however, related in an easily computable way. In practice, this encryption type represents a shared secret between the people authorized to be in a private information circle.
Public-key encryption, also known as asymmetric encryption, appeared in the 1970s. It encompasses all cryptographic methods in which people use one public key for encryption of a message which is paired with a private key for decryption.
Both types have their specific strengths and weaknesses but I'm going to talk more about them in another post.
Is encryption evil?
Maybe you're guessing correctly that I formulated the question like this on purpose.
Too many people have raised the question if encryption should be banned in order to facilitate law enforcement. But what this would actually do is prevent people and organizations from being able to protect their privacy and sensitive information, while criminals and terrorists wouldn't care if they break the law by using encryption anyway. It's that simple!
Like many technologies, encryption can be misused. But so can be anything else. And it doesn’t mean that people and organizations who use encryption are bad. However, it's
"so commonly misunderstood and currently a media boogeyman," as How-To Geek put it,
that many people tend to be negative about it and consider it dangerous. And this turns it into a convenient political tool for manipulation.
Do you feel evil when you open an HTTPS website? Because this is SSL encryption. Do you feel evil when your smartphone is encrypted? Because this is storage encryption and is already enabled by default in modern mobile operating systems. Or do you feel evil when you use an app as common as WhatsApp because it offers chat encryption?
Encryption is the last thing to blame for terrorism and crime. With or without it, they will continue to exist. Unless somebody believes that prior to encryption the whole world lived in peace...
If you'd like to learn more about encryption, I recommend that you visit the Secure Group Academy whare you can find additional information.