Encryption is the process of converting or scrambling data and information into an unreadable, encoded version that can only be read with authorized access to the decryption key. Encryption is a widely used security tool that can prevent the interception of sensitive data, either while stored in files or while in transit across networks.
This is a complicated question to answer. When deciding on an encryption algorithm, it is important to consider these questions:
If any question cannot be answered in the affirmative, either a new algorithm should be chosen or more research should be done.
Because encryption is a constantly changing field, these decisions can be difficult. However, it is important to understand that encryption is very important to security. Making decisions based on partial knowledge about encryption can be dangerous. If you don't fully understand encryption, make sure you are using crypto designed and built by someone who does understand.
To properly encrypt emails, businesses should invest in encryption tools designed for email. When choosing the tools, a business can decide on sender encryption or key management.
While businesses are encrypting traffic to protect their data, attackers are encrypting threats. As Cisco CEO Chuck Robbins said at Cisco Live, "70 percent of the attacks that are launched are within encrypted traffic."
Decrypting all traffic, however, would be incredibly time consuming. Businesses must invest in tools that leverage big data to identify potential threats. Machine learning and network analytics can flag obscure indicators and behaviors that suggest an encrypted threat. Once identified, the network can quarantine and investigate the threat before damage occurs .
Symmetric and asymmetric encryption are two main subgroups of encryption.
Below are some examples of common types of encryption.
The Triple Data Encryption Standard (DES), often written 3DES, is a version of the original DES encryption algorithm that encrypts data three times. The Triple DES uses three 64-bit keys, so the key length is 192 bits. Triple DES is a symmetric encryption, and the key is private. Because it encrypts data in 64-bit segments, Triple DES is considered a block cipher. Cipher Block Chaining (CBC), however, is an encryption mode that struggles at high data rates.
Blowfish is an encryption technique that was designed by Bruce Schneier in 1993. Similar to Triple DES, Blowfish is a symmetric block cipher. Unlike Triple DES, Blowfish does variable-length key encryption. Rather than set 64-bit segments, Blowfish encrypts segments ranging from 32 to 448 bits. Blowfish is an unpatented and unlicensed encryption technique. For this reason, it is free and available for public use.
The RSA encryption key, named after creators Ron Rivest, Adi Shamir, and Leonard Adelman, is the standard encryption technique for important data security. RSA is asymmetric cryptography, so there is one public key and one private key. The RSA algorithm uses prime factorization. Simply put, this key requires the factorization of a product involving two large prime numbers. While it seems easy, figuring out these two numbers can be difficult. Even for large computers, it can be expensive and exhaustive to decrypt. While RSA can be very useful, it becomes increasingly inefficient at higher security levels.
Because of an increase in brute-force attacks on the original DES, the Advanced Encryption Standard (AES) was put into place in 2002. AES is a symmetric block cipher that was originally named Rijndael. This block cipher uses three separate keys: AES-128, AES-192, and AES-256. These three keys are used to encrypt and decrypt information of 128 bits. Since its adoption, AES has been used to protect classified government information and sensitive data.
Elliptic Curve Cryptography (ECC) is a very advanced approach. Often based on a common public key algorithm, ECC combines elliptic curves and number theory to encrypt data. These elliptic curves are within finite fields and are symmetrical over the x-axis of a graph. Given these properties, cryptographers can provide robust security with much smaller and efficient keys. For example, an RSA key of 15,360 bits would be equivalent to an ECC key of just 512 bits.