Blog/Infosec 101/

Encryption 101: your complete guide

John Sears

John Sears

·

May 18, 2022

·

11 min read

Jump to section

In the past, encryption was primarily understood within the context of war. Generals would encrypt their messages so that only the intended target would be able to understand them. Now, though, encryption and decryption processes are all around us – on our phones, behind our social media profiles, and in places we might not expect.

So, what does this technology mean to us in the present day? How does it affect our lives, and what can be gained by understanding its ins and outs? Read on for everything you need to know about encryption.

What is encryption?

At its simplest, encryption is best understood as a way to render data unreadable to anyone who doesn't have the key to unlock it. In the context of digital communications, end-to-end encryption is used to protect information as it travels between devices – for example, your computer and your bank's website.

The practice of encrypting is also used extensively in cloud storage solutions. When you save a file to the cloud, it's usually encrypted before it's uploaded so that even if someone manages to gain access to your account they won't be able to see your data.

Note, however, that end-to-end encryption and general encryption differ slightly. While services like NordLocker use your unique key to keep your data secure, mainstream cloud services hold the keys to your encryption and could technically access it at any time.

Why we need to encrypt our data

Internet security has been a relevant issue ever since the World Wide Web's conception, and it's only become more important in recent years. In an age where our most sensitive data is often stored online – and our cybersecurity habits aren’t always up to scratch – encryption is more essential than ever.

If you've ever had your credit card details stolen, you'll know how devastating the consequences can be. Banks and other secure institutions encrypt your financial data in order to protect your information from prying eyes, whether it's thieves trying to steal your identity or hackers attempting to breach your network.

How does encryption work?

Encryption is based on a mathematical algorithm that takes data and scrambles it into an unreadable format. The algorithm is unique to each encryption key, so only those with the key can decode the data.

It can help to think of encryption as turning a lock that can't be opened without the right key. The encryption key is like the key to that lock, and the data is like the contents of the safe that it protects.

Plaintext and ciphertext

When data is encrypted, it's split into two parts: plaintext and ciphertext. Plaintext is the original, unencrypted data, while ciphertext is the scrambled version that can only be read with the key.

It's important to note that encrypting data doesn't make it completely invisible – it just makes it incredibly difficult to read without the key. Anyone who has access to the ciphertext can still see that it exists. They just won't be able to understand what it says without the key.

Encryption and decryption

Encryption and decryption are the opposite ends of the same process. Encryption takes a plaintext message — anything you can read, watch, listen to, and understand — and uses a set of algorithms to turn the message into ciphertext, or unreadable data. Decryption is the reverse process, where the (hopefully) intended target deciphers the scrambled data back into a plaintext message.

A real-world example of this can be found in simple day-to-day computer operations, like sending an email. When you type in your password to log in to your email account, the password is turned into an unreadable format by encryption. When you press 'send', your message is encrypted and sent to the recipient's mailbox. The recipient's mailbox then decrypts your message and displays it as readable text.

How is encryption used?

Most of the time, encryption and decryption processes are invisible. You open your browser and click on a Gmail bookmark that opens your email. But a lot more goes on behind the scenes, including the browser protocols encrypting and decrypting the signal between the source (your computer) and the recipient (Gmail’s server), and vice versa.

Not all encrypting is invisible and done in the background, however. You can use apps like NordLocker to secure your files in a few clicks. Even without an intended recipient to send an encrypted message to, you have plenty of other reasons to secure your data.

Common real-world encryption uses

Regardless of the encryption type or the actual algorithm, the primary purpose behind encryption is to protect a piece of data. Here are a few examples of what encryption is used to protect:

Data in the cloud

When you put files in a cloud, they get encrypted. The only difference is who has the keys. When it’s tech giants like Google Drive, they have the ability to decrypt, scrape, or delete your files. When you use end-to-end encryption, the key to your files stays with you.

The internet

Browsing the internet, at its core, is about signals going from your computer to your ISP. Internet protocols already have encryption built in so that the signal can’t be hijacked.

Databases

Keeping user information in plaintext would be highly insecure because the data would be easy to steal. That’s why user passwords, along with other key data, should be kept in encrypted databases.

Emails

Instant messages, emails, and other types of communication should be encrypted to protect the participants. It’s done with the help of asymmetric key encryption and digital security protocols. However, you should be aware of who holds the keys.

Why use encryption?

There are many security reasons to encrypt data. For example, database security is immensely beneficial, and so are secure messaging and encrypted cloud services. But another issue is often overlooked – the internet changed everything by turning private data into a sellable resource.

Take a look at companies that keep challenging the limits of digital privacy and how much of it you can have. Not only that, but even the concept of ownership is now being tested:

  • Online services can do anything with your data and files

  • If you use Google Drive, Google Photos, Dropbox, or any cloud service that’s not end-to-end encrypted, you essentially give companies the right to rummage around your files and take whatever they like. Google is not even hiding the fact that it can and does scan and remove data from your Drive as it deems necessary.

  • The age of renting

  • Ironically, while companies try to get hold of everything you have, they’re extremely protective of what they own. The age of streaming made it easy for companies to take away the media you paid for – no one came after your cassettes and CDs. Now, services like Google Movies and Apple Music have no problem deleting your library from their cloud if some corporate agreement is changed. As you can see, encrypting information is essential for communications as well as for protecting your data. It’s a bit like owning a hard copy of a book, image, or file. Encrypting secures your digital possessions so no one can take them away because without your permission, they can’t even know those possessions exist.

Symmetric and asymmetric algorithms

Encryption methods define the way cryptography ciphers and algorithms are applied. Two main kinds of encryption exist – symmetric and asymmetric – and quantum encryption is on the rise.

Symmetric algorithms

Symmetric encryption is the simplest type of encryption. There’s a message and a secret cipher that transforms that message. If anyone finds out the secret cipher, however, they will be able to decrypt the message – even in cases of extremely strong encryption.

In symmetric cryptography, you should be aware of two ciphers: stream ciphers, which encrypt messages symbol by symbol; and block ciphers, which encrypt and decrypt data in chunks.

AES (Advanced Encryption Standard), one of the world’s most popular encrypting algorithms, is a block cipher. It takes a block of a plaintext message and applies a key to encrypt it. The result is ciphertext, which is encrypted again a pre-defined number of times based on that algorithm.

Asymmetric algorithms

Asymmetric, or public key encryption, relies on public and secret keys that help verify the integrity of the communication channel. Let’s look at two examples from different asymmetric algorithms:

RSA encryption uses prime factorization, a mathematical calculation that is easy to do one way (multiplying two numbers to get their prime factor), and hard to do another way (deriving the two original numbers when only their prime factor is known).

ECC, or elliptic curve encryption, uses mathematical curves to derive its keys. The principles stay the same, but ECC is simply more efficient than RSA or similar algorithms. For example, a 256-bit ECC key would offer the same security as a 3,072-bit RSA key.

What is hashing?

We’ve highlighted two methods of encryption, and they are the most commonly used ones – but there’s also hashing. And while hashing isn’t technically encryption, it’s often mistaken for it.

Hashing is the use of mathematical functions to turn a message into a pre-set number of characters. Whether it’s a simple password or Leo Tolstoy’s “War and Peace,” you can express both in a single 40-digit hash.

The reason it’s not considered encryption is that hashing does not work in reverse. You can’t revert your 40-digit hash back into a literary masterpiece. But hashing is perfect for verifying the integrity of a message because even if a single letter of the original message was changed, its hash would also be different.

Encryption algorithms: the specifics

Now that you understand the differences between the main encryption methods and know a little about hashing, let’s look at several encryption algorithms in more detail.

AES

AES is currently the most common symmetric algorithm. It replaced DES (Data Encryption Standard) after several researchers proved that the algorithm can be broken. AES offers 126-, 192-, and 256-bit encryption. Today, AES is used in a variety of ways and applications, like file encryption, SSL/TLS protocol, VPN encrypting, and mobile encryption.

RSA

Named after its creators, Rivest-Shamir-Adleman, or simply RSA encryption, is an asymmetric algorithm. It’s based on the prime factorization of large numbers, which makes RSA very secure and scalable because it allows using different key lengths, like 768-, 1024-, 2048-, 4096-bit, etc.

RSA is often used for digital signatures like email encryption and SSL/TLS certificates

ECC

ECC (Elliptic Curve Cryptography) is based on (you guessed it) elliptic curves. While the mathematicians Neal Koblitz and Victor S. Miller came up with the idea in 1985, it took 20 years for ECC to be adopted more commonly.

One of the companies to use this modern-day encryption method is NordLocker. As ECC is an asymmetric algorithm, we use it to ensure secure file sharing. Compared to RSA, ECC offers the same security with much shorter keys.

Why does that matter? Shorter keys require less computational power and make authentication much faster. It would also take considerably more time to crack it using brute-force attacks.

Blowfish

We briefly mentioned that DES was replaced by AES as the go-to algorithm – but AES was not the only candidate at that time. Blowfish, a symmetric block cipher, was recognized for its efficiency and security.

It never caught on, however; by the time Blowfish became known, AES was already adopted by banks and government institutions. You can still find it used today, but better alternatives are available.

Twofish

Twofish is an extension of Blowfish. It’s also a license-free, symmetric algorithm, but Twofish can handle 128- and 256-bit data blocks. It’s also unique since it utilizes 16 rounds of encryption, regardless of the key size.

SHA

Since we’ve thrown in hashing with types of encryption, we’ll also briefly mention hashing algorithms, a way the original data is distilled to a unique fixed-character hash. One of the most common hashing algorithm groups are SHA, which includes SHA-0, SHA-1, and SHA-2. The first two have already had their day, but SHA-2 has been the default hashing algorithm since 2017.

NordLocker’s encryption

If you’re interested in NordLocker’s encryption methods, we highly recommend checking out the Why NordLocker page, where we explain the types of algorithms we use, why we use them, and how they protect your files.

NordLocker uses a hybrid method. We combine the power of AES to protect your data and the efficiency of ECC to help secure your keys.

What is quantum encryption?

Quantum encryption, or quantum cryptography, is a method of securing a message using the laws of quantum mechanics. It may seem light years away, but scientists are convinced it’s already on our doorstep; for example, IBM has already created a quantum encryption method that is not vulnerable to quantum computing.

Why we need quantum encryption

With asymmetric encryption, the sender and the recipient have a pair of keys — one public and the other secret. Just like other encryption methods, it's based on a mathematical problem; multiplying two large prime numbers takes only a moment, but deriving those prime numbers from the result is almost impossible.

This could be a problem in the quantum computing era. Not only are quantum computers faster, but they also operate on a different set of laws. In other words, an algorithm that takes modern computers decades to crack could be solved overnight with quantum computers.

That's why today, scientists are harnessing the power of quantum computing to create unbreakable encryption methods – because the classical encryption methods we use today will eventually be cracked by quantum computers.

How quantum cryptography works

Quantum cryptography is the only encryption method that can't be broken by a quantum computer. It's centered around the basic principles of quantum mechanics, which say that anything that can be observed changes the thing being observed.

In public-key encryption, we must first exchange secret keys and establish a line of communication. In quantum encryption, however, this would be done with the help of photons or light particles.

What you should know about photons is that they have several distinctive properties, one of them being a spin. The spin has a direction — horizontal, vertical, or diagonal (either from the left or the right). Most importantly, the direction of the spin can be changed when the photon is passed through a filter.

Here’s how quantum encryption works in practice:

  • First, the sender turns a message into a binary code, represented by 1s and 0s.

  • The code is then transformed into photons, where 1s are photons with a vertical or a right-side spin, and 0s are photons that have a horizontal or a left-side spin.

  • The message is encrypted by sending each photon through a randomly selected filter and changing its spin.

This is why this type of encryption is so strong: it’s not enough to know the photon’s spin — you also have to know the order in which filters were used. If you get just one of them wrong, it scrambles the whole result.

The challenges of quantum encryption

Quantum encryption has several problems. First, it needs more time. A few decades ago, we were content with using slow, gigantic, and unsecured computers. We thought these machines were incredible because we had nothing to compare them with.

Now, however, we do: we know that computers should be fast, reliable, and secure. That’s why before quantum computing can take over, it has to become better than traditional computing – and at the moment, it’s simply not. Here’s why:

  • Quantum computing is still new and very expensive. It will take time before regular consumers can afford it.

  • Lack of infrastructure. Photons can’t travel very far, so parties must either be connected directly or use relays to increase the range over which the message can be sent.

  • Security is not guaranteed. While the quantum encrypted message is theoretically unbreakable, the use of relays and routers could give hackers new opportunities to get the encryption key. That said, China claims to have sent a completely secure message 1,200 km through a quantum satellite (source theconversation.com).

It’s impossible to tell when quantum computing will become widespread, but it’s clear that the wait will be exciting. In the meantime, encryption continues to protect our data from threats, delivering information securely between sender and receiver.

How can I use encryption to secure my data?

One of the safest and easiest ways to encrypt your data is by using a provider like NordLocker. Our cloud-based encryption service uses advanced encryption to protect your data – and we're serious about security.

We use a specialized hybrid encryption technique that blends both AES and ECC encryption algorithms. This approach is more secure than using a single type of algorithm, and it's virtually impossible to break.

Read here to learn more about how we can help keep your data under lock and key.

John Sears

John Sears

Verified author

John believes that the best things in life are simple. He uses the same approach when he’s writing about online security. John says that his #1 pet peeve is phishing scams. Ironically, his favorite non-work related activity is fishing.