Many small business owners have heard about the importance of encryption. Some even have TSL security for their websites and landing pages. What is encryption? And how does it work? We’ve put together a comprehensive tutorial for you in this article.
Encryption is the method by which information is converted into secret code that hides the information’s true meaning. Encryption is a way of scrambling data so that only authorized parties can understand the information. In simpler terms, encryption takes readable data and alters it so that it appears random.
Cryptography
The science of encrypting and decrypting information is called cryptography. In computing, unencrypted data is also known as plaintext. Encrypted data is called ciphertext. Ideally, only authorized parties can decipher a ciphertext back to plaintext and access the original information.
Encryption is commonly used to protect data in transit and data at rest. Every time someone uses an ATM or buys something online with a smartphone, encryption is used to protect the information (e.g. – credit card number and security code). The encryption is the means by which people are protected from having their debit or credit card numbers stolen by cybercriminals.
Although encrypted data appears random, encryption proceeds in a logical, predictable way. It allows a party that receives encrypted data and possesses the right key to decrypt it to turn it back into plaintext. Truly secure encryption will use keys complex enough that a third party is highly unlikely to be able to decrypt or break the ciphertext by brute force — in other words, by guessing the key.
Encryption, which plays an important role in securing many different types of information technology (IT) assets, therefore provides four assurances:
- Confidentiality/Privacy – encodes the content so that only the intended recipient can read it.
- Authentication – verifies the content’s origin (e.g. – establishes that a website’s owner owns the private key listed in the website’s TLS certificate. This allows users of the website to be sure that they are connected to the real website)
- Data Integrity – ensures that what the recipient receives has not been tampered with on the way to them on the internet.
- Nonrepudiation – makes it impossible for the sender to deny having sent the encrypted message.
What is a Key in Cryptography?
A cryptographic key is a string of characters used within an encryption algorithm for altering data so that it appears random. In the same way as a physical key, it locks (encrypts) data so that only someone possessing the “right key” can unlock (decrypt) it.
2 Main Kinds of Encryption
- Symmetric encryption – there is only one key, and all communicating parties use the same (secret) key for both encryption and decryption.
- Asymmetric encryption (aka public key encryption) – there are two keys: one key is used for encryption, and a different key is used for decryption. The decryption key is kept private (hence the “private key” name), while the encryption key is shared publicly, for anyone to use (hence the “public key” name).
Asymmetric encryption is a foundational technology for TLS (often called SSL), which secures millions of websites around the world, including ours here at EZnet Scheduler® and at our parent company, EZnet Services, Inc.®. TLS/SSL ensures website visitors that the site they’re connecting to is the real website for the individual or business the visitor wants to visit.
HTTP vs. HTTPS
Encryption is especially important for keeping HTTP requests and responses secure, and for authenticating website origin servers. The protocol responsible for this is called HTTPS (Hypertext Transfer Protocol Secure). A website served over HTTPS instead of HTTP will have a URL that begins with https:// instead of http://. This is usually represented by a secured lock icon in the browser address bar.
HTTPS uses the encryption protocol called Transport Layer Security (TLS). In the past, an earlier encryption protocol called Secure Sockets Layer (SSL) was the standard. However, the more secure TLS has replaced SSL. A website that implements HTTPS will have a TLS certificate installed on its origin server.
Is Encryption Foolproof?
Encryption is largely successful in keeping cybercriminals out. But cybercriminals are becoming increasingly sophisticated in their hacking methods and tools. Some just launch what is known as a “brute force” attack in order to gain access to data that is supposed to be secure. A brute force attack happens when a cybercriminal who does not know the decryption key attempts to figure out what the key is by making millions or billions of guesses.
Brute force attacks are much faster with modern computers, which is why encryption has to be extremely strong and complex. Most modern encryption methods, coupled with high-quality passwords and multi-factor authentication, are resistant to brute force attacks. By the same token, however, they may become vulnerable to such attacks in the future as computers become more and more powerful. Weak passwords are still susceptible to brute force attacks, and that’s why we recommend complex passwords, or, better yet, multi-factor authentication.