Encryption

Posted on by Gary Ackerman

A post for network security students:

In today’s digital age, encryption is a cornerstone of cybersecurity, safeguarding our data from prying eyes. Encryption is the art and study of writing codes. It involves transforming plaintext (readable data) into ciphertext (encrypted data) using ciphers and cryptographic algorithms. Encryption ensures that only authorized individuals can decipher and access the original information.

The Basics of Cryptography

Cryptography relies on keys, which are unique pieces of information that remain secret . These keys are essential for both encryption and decryption processes2. Encryption is like locking a door, restricting access to only those with the key, while decryption is like unlocking it.

We often talk about the fictional characters Alice and Bob when describing encryption schemes. Alice and Bob represent people communicating securely using encryption, or computer systems that use encryption to send information securely.

Types of Data Encryption

Encryption methods vary depending on the state of the data:

  • • Data at rest—Files that are not actively being processed, such as documents or databases.
  • • Data in transit—Data being sent between two systems, like emails or files transferred over a network.
  • • Data in use—Data that a computer system is currently using, which cannot be encrypted in its current state.

As data transitions between these states, the type of encryption applied changes accordingly.

Modern Cryptography Methods

Modern cryptography rests on three main methods: symmetric, asymmetric, and hashing. These methods form the basis of most encryption techniques used today. These are addresses on other blog posts here on hackscience.education as well: Unlocking the Secrets: A Deep Dive into Cryptography

• Symmetric cryptography—Employs a single key for both encryption and decryption . Symmetric key algorithms use substitution and transposition techniques6 . Symmetric algorithms are fast and efficient for bulk encryption. However, the key must be transmitted via out of band transportation without being exposed. Two well-known symmetric algorithms are:

  • Data encryption standard (DES)—An early encryption standard using a 56-bit key, now easily broken due to increased computing power.
  • Advanced encryption standard (AES): AES uses a 128-bit key (up to 256-bit) and block encryption, is still in use today, and has an excellent work factor.

• Asymmetric cryptography—Uses a public key and a private key. Data encrypted with the public key can only be decrypted with the private key, and vice versa. Public key cryptography facilitates secure communication, especially between unfamiliar parties. This is useful for proving identity and preventing denial of sending.

• Hashing—Involves one-way cryptographic functions that produce a unique, fixed-size output (hash) for a given input . Hashes are irreversible, meaning the original data cannot be recovered from the hash. The waterfall effect ensures that even minor changes to the input data result in a vastly different hash output. Hashes verify passwords and file integrity. Examples of hashing algorithms include:

  • Message Digest 5 (MD5)
  • Secure Hashing Algorithm 1 (SHA-1)
  • SHA-2
  • SHA-3

How Encryption Secures Website Visits

When you visit a secure website, the web server sends a digital certificate containing its public key, accepted symmetric key algorithm, and the certificate authority (CA). Your system verifies the certificate with the CA and generates a symmetric key using the server’s preferred algorithm. The symmetric key is encrypted using the server’s public key and sent back to the server. Once the web server decrypts the symmetric key with its private key, a secure connection is established, allowing encrypted communication.

How Malicious Hackers Circumvent Encryption

Those who seek to harm your IT may bypass encryption through social engineering to obtain credentials, or by exploiting implementation flaws rather than attacking the encryption algorithms themselves.

Cryptanalysis: Breaking Encryption

Cryptanalysis is the study of breaking encryption. Techniques include:

  • • Brute-force analysis—Systematically guessing keys, but is time-intensive .
  • • Differential analysis—Identifying patterns by comparing plaintext inputs with ciphertext outputs .
  • • Side-channel attacks—Exploiting external factors like power consumption or timing to uncover vulnerabilities.

Protecting Encryption Keys

To safeguard keys, cryptographic algorithms use an initialization vector (IV), which adds random bits to the key before encryption to prevent pattern exploitation.

Salting Hashes

Adding a unique, random string (salt) to passwords before hashing increases the number of possible hashes, making collisions difficult to find.