So what is the deal with encryption? What is it? What does it do? Why would I want to use it? How does it work? How can I put it to use? These are all very good questions and by the end of this article, you'll be considered an "Encryption Pro" (well at least by your friends and family for whatever that is worth!) because of your ability to at least talk with an official manor on the subject. More important however will be how you implement your knowledge. Weather it will be to teach others, secure yourself, a family member, a friend or even help out at the office by suggesting a look at security policies, these actions will define your level of protection.
Well, What is it?
From Wikipedia:
In cryptography, encryption is the process of transforming information (referred to as plaintext) using an algorithm (called cipher) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information (in cryptography, referred to as ciphertext). In many contexts, the word encryption also implicitly refers to the reverse process, decryption (e.g. "software for encryption" can typically also perform decryption), to make the encrypted information readable again (i.e. to make it unencrypted)...
Bla bla bla. What does that mean any way? Well in short, when you are typing in an email or you are reading letters and words like these here on the screen now, it is in a form called plaintext a.k.a. "Human Readable."
It Does What Exactly?
When encrypt something such as an email, office documents, etc... we protect it from people who are not supposed to have access to the information. It is sort of like a word scramble except the only way to unscramble is with a "passphrase" or "key." Without this "key" there are only two options and both are based on chance. The first is hope who ever invented/implemented the encryption method did it wrong or poorly and the other rely on a "brute force" attack (where you try random combinations until the end of time).
Let's take a look at an example. I have a text file call test.txt. In this file, is the phrase "Mary had a little lamb." Now the fact that we can open it, and read it directly means it is in plaintext. I am going to use the program PeaZip to encrypt the text file with the passphrase "white as snow" (earning me a "Quite weak" score of 32). If I try to open the new file (test.7z) in note pad all I get it garbage and if I try to extract it with PeaZip, I can't even read the file names until I provide the decryption password.
Why on Earth Would I Want That? -
There are a few reasons to use encryption. Without looking at the obvious (protecting online login information to things such as email and bank accounts), there are several other reasons to utilize encryption.
- Protect financial/legal/heath records
- Protect data on a laptop if stolen (especially if it contains the above)
- Secure email communications (send passwords, documents )
- Portable USB thumb drive with passwords or other important info on them
How Do I Use it then?
Well now that we know the why's and what's it is time to take a look at the how's. The first thing is to get some software. There really are only a few programs needed to start "encrypting like an expert."
The first would be using GPG to encrypt emails. This is a good practice since every email you send can be opened and read many times before it reaches the recipient(s). Encrypting email will allow you to send pictures, documents, passwords and anything else, without the NSA or anyone else taking a peak at it. One of these programs is called Enigmail in the form of a plug-in for Mozilla Thunderbird. If you are more of an Outlook person then GPG4Win provide near identical services. The benefit of GPG is that you have to share keys first. This prevents having to send passwords and such through email or text message.
A simple file solution is to use PeaZip. You it will let your right click and encrypt but you can also open PeaZip and make it more customized such as self extracting. PeaZip is great if you want to send someone some documents by email and can tell them the password over the phone or in person. This will allow you to just attach documents to an email as if you were doing a normal email. However this does not scramble the actual message of the email, only what is inside the encrypted zip file.
Another great program is TrueCrypt. With the new iteration of TruCrypt, you can now do full disk encryption in MS Windows and a GUI now exists for Linux and Mac. This program is perfect for protecting a laptop, or USB thumb drives. It allows you to also create encrypted "containers" so even if you don't encrypt the entire drive or USB key, you can create a folder that acts like a virtual drive. In it are all your encrypted documents. Also it allows you to run it in a "stand alone" mode. This way you can run it from a USB key and not worry about having to install it on a friend's computer. Look for a guide/review next week on how to take advantage of this application.
The final program to take a look at is one I have mentioned before, KeePass. This program helps you keep track of all your other passwords. It too can run from a USB key making it great for logging into websites when you are on the go.
The Problem
If using encryption is such an important part of security why is encryption not used often? Well this is only a half truth. Encryption is used often and increasingly so. For instance, if you do any online banking, or use a GMail account, have a password to log into your computer, and many other (but by no means all) login situations. At the same time however, encrypting these logins can be expensive, and that is why it is used conservatively. The main problem; "Security" and "Usability" are inversely proportional. This means as one goes up, the other must come down. This can be easily summed up by examining a password. The longer and more complex the password, the more secure, yet it becomes more difficult to remember do to its length and obscurity. On the other end of the scale if we only used one letter passwords such as "v" or "X" then it would take someone only 26 tries or less to guess it. Not good.
Summary Please
Well let's make the simile that a password is like a lock on a junkyard fence. Sure it keeps people from opening the fence but at the same time, since you can see through the fence and easily by pass it, it really is not that secure. Now encryption would be like switching the fence out for an underground bunker with one way in and one way out. Now that I think about it a junkyard really is not that great of a comparison so let's swap junkyard for... your house but keep the fence and bunker idea. That's better. Now sure your valuables are all safe and sound buried under 8 meters of earth but seems a bit excessive to just protect a lamp you picked up at a yard sale last weekend but not excessive to protect the diamond necklace handed down through the family.