Encryption is vital to everyday life in the 21st century. It’s what keeps your bank details out of criminal hands and your email secure.
Encryption technology has been in use since ancient times, and today I will be discussing its origins and how it is used today, as well as the most common and secure variations employed on the internet. This will include 3DES, AES, RSA, TLS, PGP, IPsec and SSH.
What Encryption Is
Encryption is a way of disguising information so that anyone who shouldn’t have access to it can’t easily read or understand it.
We use the term plaintext to describe a message that has not been encrypted and can be read easily, and ciphertext to describe a message that has been encrypted.
Although time consuming, it’s easy to use a Caesar cipher (or substitution cipher) to take a message and decide on how many letters the writer is going to shift down the alphabet.
The message “Pixel Privacy is a great source of information” would, with a shift of nine characters, become “Yrgnu Yarejlh rb j panjc bxdaln xo rwoxavjcrxw.”
To a casual observer, peeking over your shoulder, that message is unreadable. It’s garbage. And to their great loss, the snooper will never know that Pixel Privacy is a great source of information.
But if someone were to spend time looking at the message and was aware of how substitution worked, it wouldn’t take them too long to figure it out – even without initially knowing by how many letters it had shifted.
They would be able to reason that the letter “j” probably represents either “a” or “i” and would have a complete, decoded solution in under 10 minutes.
You can try out the Caesar cipher here. It’s fun, fast and will give you an idea of just how simple it can be to render plaintext into incomprehensible ciphertext.
But the ease with which they can be broken means that basic encryption methods are useless against a determined adversary who knows that these methods exist. Your spouse can easily read the substitution-encrypted messages you pass to your paramour, and the mirror-writing in your secret diary can be understood using, well, a mirror.
The History of Encryption
More complicated codes developed over time, and by WWII, the British were using primitive electro-mechanical computers for the first time to help break codes.
Fast forward to the late 20th century and the beginnings of the internet, and it’s surprising to learn that encryption was hardly ever used at all.
Even now, a small but significant portion of internet traffic passes over HTTP – the web’s original transport protocol and the part of an internet which tells your browser you’re attempting to reach a website – in an unencrypted form. Fortunately, this is changing as more websites switch to the encrypted version – Hypertext Transfer Protocol Secure (HTTPS).
Here are the main types of encryption that keep information secure both on the internet and in the real world. Hold onto your hats, because there are a few unavoidable technical terms coming up. Don’t worry, I’ll explain them for you.
Let’s say that you’ve encrypted a message, put it in an envelope and sent it to your friend, Darryl. The easiest way of ensuring they can understand what you’ve written down is to let them know what encryption method you’re using, and what the key is.
It’s called symmetric encryption because you use the same key to both encrypt and decrypt the message.
To keep things simple for now, let’s say you’re using a Caesar cipher with a letter shift of 18 characters.
The message Darryl receives is: “Zwq Vsjjqd, dwl’k jmf sosq lg Jwfg sfv ywl esjjawv!”
To decode it, all Darryl needs to do is to shift each letter along by 18 places – if he knows the type of encryption you’re using and the key, that is.
If you’ve met Darryl in person and told him how the message will be encrypted, then there’s no problem, but if Darryl lives on the other side of the country, then you do have problems.
For Darryl to be able to understand your encrypted message, you’ll need to call him and tell him. Or you would need to write down your encryption method in plain text and send it to him separately.
There are hazards at every step. The mailman could open the letter, or maybe Darryl’s partner will. And with the encryption key now known to third parties, they can understand your secret message – plus any subsequent messages you send.
When he eventually decrypts the message, Darryl will discover that it reads, “Hey Darryl, let’s run away to Reno and get married!” but other people will know as well. It’s not ideal.
Up until the 1970s, all encryption was carried out using symmetric keys – although nothing so simple as a Caesar cipher has been seriously employed in the last few hundred years. Instead, the keys can involve a series of predetermined shifts, shifts based on time, or even classic works of literature as in The Key to Rebecca.
Symmetric encryption is also known as private-key cryptography, as the key must be kept private for it to be useful.
When a message is encrypted with one key but can only be decrypted with a different key, we call this asymmetric encryption. And it is significantly more secure than sending messages with symmetric keys.
The key used to encrypt messages is called the public key and can be shared with anyone, meaning that you or anyone else who has the encryption key can send a secret message to Darryl.
But Darryl’s private key is the only means by which his secret messages can be decoded.
If Darryl wants you to send him a message to discuss honeymoon destinations, all he needs to do is make sure that you know his public key.
He can send it in the post, tell you over an insecure phone line, take out a full page newspaper advert, or hire a skywriter to scrawl it across the blue sky outside your bedroom window. It doesn’t matter – any message encrypted with a public key can only be decrypted with the corresponding private key.
You or anyone else can easily encrypt a message to Darryl using his public key, and as long as he keeps his private key safe, he’s the only one who can unlock it.
You could even enclose your own public key in the initial letter to Darryl, so that he can easily respond with an encrypted message of his own.
Asymmetric encryption is also known as public-key cryptography.
So, Asymmetric Encryption Is the Standard, Then?
Based on what I’ve told you so far, it’s a reasonable assumption to make that asymmetric encryption is the standard. It’s more secure than symmetric encryption because it doesn’t require you to send a symmetric key in a way that could be easily intercepted. But it’s not the best at everything.
Asymmetric encryption is essentially a mathematical operation and is very resource-intensive. The keys themselves are often 4096 bits and there are two of them involved in encrypting and decrypting a message. For large or frequent data transfers, this method is simply not practical.
A short message to a lover is one thing, but encrypting an entire DVD worth of data would take a prohibitively long time and tie up computing resources that could be better spent on other things.
Instead, asymmetric encryption is usually used to send symmetric keys securely, and these can then be used to encrypt the rest of the data.
The main use of this is in TLS encryption, which I discuss further down.
Encryption in the Real World
Take a look up at the URL bar above this page.
Depending on which browser you’re using, you should see a padlock icon or the word secure. This means that your connection to the Pixelprivacy.com servers is encrypted. No one can snoop in on your connection to see what pages you’re looking at, and if you send information to me using a form, no one can see the content of that message, either.
In the early days of the internet, few, if any, websites encrypted their traffic, meaning that any party between your computer and my servers could inspect the content of your traffic, or even change it.
This could be individuals on your home network, using a tool such as Wireshark, your local Internet Service Provider, and my Internet Service Provider (ISP). Until recently, it was common practice for consumer ISPs to inject code into the headers of web pages, allowing them to stalk their customers across the internet in fine detail.
That behavior has become next to impossible with the widespread adoption of SSL and TLS – signified in-browser by the padlock, and in the URL itself by the use of the HTTPS prefix rather than HTTP (The “S” stands for “secure”).
Almost all online activity you engage in during 2021 will involve encryption at some stage of the process – whether it’s simple web browsing, sending messages over WhatsApp or using a banking app.
In Transit vs. At Rest
If you see that padlock in your browser bar, you know that your data is encrypted as it travels over the internet. It can’t be read by any shady middleman for his (or her) own nefarious purposes, and we say that the data is protected in transit.
But what about when it reaches its intended recipient, or when it’s stored on your own personal machine?
Data at rest is often left unencrypted, meaning that parties with access to the machines on which it is stored can read it.
If you’re concerned about unauthorized people gaining access to your hard drive – either in person or via hacking – it may be wise to encrypt your storage devices using a program such as Bitlocker.
Legally, police need different warrants to hack data depending on whether it is in transit or at rest.
Some communications systems try to ensure that data is never kept on storage devices and is only ever in transit. However, law enforcement agencies and the judiciary have taken the view that if a message is being held in a device’s RAM as part of the transit process, this counts as being at rest.
This legal hair-splitting has huge implications for the world of cryptography and recently led to the arrest of hundreds of individuals.
What Is the Most Secure Type of Encryption?
No encryption method is completely unbreakable. Given enough time, resources and expertise, a sufficiently motivated attacker can break any cipher and reveal your secrets to the world.
But it’s not easy, and you need to consider the threat model. The danger posed by your sister reading your emails is not as severe as if you’re up against a state-sponsored actor, such as the Fancy Bear group, which has ties to Russian military intelligence.
Most encryption is a trade off between security and convenience. More complex keys will make your data more secure, but it will also make it more difficult and time consuming for your computer to decrypt it using legitimate means.
For practical purposes, three main encryption types are used in the real world: AES-256 and 3DES for symmetric key encryption and RSA-4096 for asymmetric key encryption.
3DES – also known as 3DEA, TDES, TDEA, Triple DEA and Triple DES – is the successor to DES (also called DEA).
That’s a lot of names – and there are more to come.
DES (or DEA) stands for either Data Encryption Standard or Data Encryption Algorithm. Don’t worry – both terms are acceptable, and they both refer to the same thing, but from here on in, I’ll be referring to it as DES to limit confusion.
DES was pioneered as a symmetric key encryption standard in the early 1970s as was heavily criticized – although still widely used – because of NSA involvement in its design, potential NSA backdoors, and the fact that having a relatively short key length of only 56 bits meant that it was vulnerable to brute force attacks by intelligence agencies (such as the NSA) and other adversaries.
In 1991, a collaborative effort managed to crack the DES algorithm in under 12 hours – demonstrating that it was unfit for use.
A mere four years after this, in 1995, 3DES was published and welcomed as the successor to DES. It works by running plaintext through the DES algorithm three times (hence the name), making it more difficult to break.
In addition to the 56 bit keys to which its predecessor was limited, the 3DES algorithm accepts keys of 112 and 168 bits.
Although still used today by many banks and software companies such as Microsoft, 3DES is considered to be both slow and relatively insecure. As such, it is scheduled to be scrapped by December 31st 2023.
AES stands for Advanced Encryption Standard. It is judged good enough to be used for symmetric keys on the internet.
It is a 128-bit block cipher – which means it takes text in blocks of 128 bits and encrypts it, outputting as another 128-bit block of text.
The keys it uses can be either 128 bits, 192 bits or 256 bits. A 256-bit key will be more secure than a 128-bit or 192-bit key.
|What are Bits and Bytes?
There’s an old cliche that computers talk to themselves and each other using a series of zeros and ones. That cliche is true, and we call these zeros and ones bits, which is short for Binary DigITs.
Binary digits can only ever be either a one or a zero, but can be combined in groups of eight to create bytes – a byte can encode a single character of text in a computer.
The idea is that each block will be subjected to as much confusion, substitution and pseudo random processes as is possible without overtaxing the hardware, so as to make it as difficult as possible to unscramble.
Instead of having the individual bytes of each block arranged linearly – so they can be read left to right – AES algorithms arrange them in a 4 x 4 grid.
|Byte 0||Byte 4||Byte 8||Byte 12|
|Byte 1||Byte 5||Byte 9||Byte 13|
|Byte 2||Byte 6||Byte 10||Byte 14|
|Byte 3||Byte 7||Byte 11||Byte 15|
The advantage of the grid is that in addition to having substitution, permutation and key operations carried out on it, the plaintext message can be further scrambled by operations which swap the rows of the grid, and operations which will mix up the columns.
This constitutes a single round of AES encryption for a 128-bit (16 character) block of text.
To make unauthorised deciphering of the message even more difficult, each block will go through this process multiple times.
A message encrypted by a 128-bit key will have 10 rounds, a 192-bit key will have 12 rounds, and a 256-bit key will have 14 rounds.
For each round, a different key is used – generated from the original key through a process known as key expansion.
Remember, this lengthy, processor-intensive process is for each 128-bit block of text. One character comprises 8 bits. So that is 16 characters.
Most end-to-end encrypted messaging services (which ensure that messages are encrypted on the sender’s device, remain encrypted while in transit and are not decrypted until they are opened by the recipient) use Advanced Encryption Standard.
If you’re expecting the abbreviation RSA to reveal something about how this encryption method works, prepare to be disappointed. Each initial stands for the surname of one of its three creators – Ronald Rivest, Adi Shamir and Leonard Adleman (R, S, and A), who came up with this type of asymmetric public/private key encryption.
As I showed above, public keys are lengthy pieces of text which are used to encrypt a message, which can only be decrypted by an individual in possession of the corresponding private key.
At its core, RSA encryption relies on the factoring of extraordinarily large prime numbers.
Taking two prime numbers and multiplying them together is easy – regardless how large they are.
52,837 multiplied by 2,803 is 148,102,111. It’s simple, and the calculator app on your phone can figure it out in considerably less time than it would take you to type in the problem.
But what about backwards?
If you know only the result – 148,102,111 – it’s very difficult to work out which two numbers were multiplied together to get the result. Yes, it’s doable, and with enough time, it’s possible through trial and error to factorize 148,102,111 and get the correct answer.
A computer program can factorize a 9-digit number made up of two primes in a few seconds to a few minutes.
The number 999,383,370,463,609,254,952,241,684,645,650,823,884,673,628,473,324,589,521,574,996,971,167,526,442,838,919,596,137,331,453,809,913,033,499,864,793,514,618,061,088,154,327,473,732,042,393,823,132,479,301 is the product of two 256 bit primes. Breaking it down to those original two numbers would take, for all practical purposes, forever.
Generating a public/private RSA key pair involves a number of steps, the first of which is to select two extremely large prime numbers and multiply them together.
Mathematical operations are applied to each of the primes and to the product – which masks what the original primes and the products were to begin with.
Here’s an example, and I’m going to keep the initial numbers as simple as possible so this is easy to follow.
Choose two prime numbers: 3 and 5.
Work out the product: 3 x 5 = 15.
Subtract 1 from each of the primes and multiply them:
3 – 1 = 2
5 – 1 = 4
2 x 4 = 8
Step 4 – making the public and private keys (this is where it gets tricky):
Next up we need to find two more numbers, which when multiplied together then mod 8 = 1.
(Note: Mod is short for modulo and is the remainder left over when one integer is divided by another.)
We call these numbers d and e – which stand for decryption and encryption.
We need the following equation to be true:
(d x e) mod 8 = 1
I’ve chosen the numbers 11 and 3, which satisfy the equation and are easy to remember.
My public key now is 11, 15. The 15 is the product of the two primes I selected initially, and 11 is the value given to e.
My private key now is 3, 15. The 15 is the product of the two primes I selected initially, and 3 is the value given to d.
Step 5: Encrypting the message with your public key.
If you’ve been following along with a pencil and paper, well done! Not long now.
To keep things short, we’re going to be encrypting a single letter, C. It’s my favourite letter, and we’re going to represent C using the number 3 because it’s the third letter of the alphabet.
Using the two values in my newly generated public key, we’re going to do another piece of arithmetic.
Encrypted text = (text to be encrypted)e mod (multiple of primes)
Encrypted text = 311 mod 15
311 = 177,147
And 177,147 mod 15 is 12.
The letter C encrypted through my public key is 12. The twelfth letter of the alphabet is L.
That’s the essence of encrypting a message with RSA. You can follow these steps yourself, and hopefully come up with the same result.
This process is followed for every character in your message.
Step 6: Decrypting the message with your private key.
The message you’ve received is simply L. Fortunately, you remember that your private key is 3, 15, so it’s relatively simple to decrypt the message using a similar formula.
This time it is:
Decrypted text = (encrypted character)d mod (multiple of primes)
Decrypted text = 123 mod 15
123 = 1,728
1,728 mod 15 = 3
As you can see, this encryption process is relatively easy to follow when using very low, simple primes – and you can even run the RSA encryption algorithm by hand if you’re so inclined – but it is fiendishly difficult when using much larger primes as a starting point, making RSA an extremely secure method of encryption.
TLS / SSL
The terms TLS and SSL are often used interchangeably, and they mean exactly the same thing to the user experience – the padlock icon in the browser bar and the reassurance that your communications are secure while in transit.
SSL stands for Secure Sockets Layer and was created in 1995 by Netscape.
The name changed to Transport Layer Security in 1999, and enhancements were added to correct security flaws in SSL.
If you click on the padlock, you’ll be reassured to see a green text saying that your connection is secure and that PixelPrivacy.com is verified by Cloudflare inc. Clicking through will allow you to see a copy of the actual security certificate for this site.
To ensure that communication between your computer and our website is secure, there needs to be an exchange of symmetric keys. A lot of data passes between the machines on a single webpage, and RSA encryption is simply too slow and too resource-intensive to be usable for that amount of data.
As I discussed earlier, sending symmetric keys over the internet makes them vulnerable to anyone who wants to intercept them.
Instead, we use the much heavier and slower asymmetric method to encrypt the symmetric key so it can be sent securely. The symmetric key is small enough to avoid that encrypting it using RSA does not make excessively stressful demands on your hardware.
If you look at the screenshot above, you’ll see the PixelPrivacy.com public key.
Your browser uses this key to encrypt its initial contact with my server – sending its symmetric key in a form which cannot be intercepted by eavesdroppers.
My server then decrypts the message with its private key, and voila! Symmetric keys have been exchanged, allowing fast and secure communication.
The method I‘ve described seems great if you skim through it, but there’s an obvious potential flaw.
How does your computer know that it has actually exchanged keys with the PixelPrivacy.com server and not, for instance, with Pirate Pete the Packet Plunderer?
The digital Certificate goes some way towards proving that the public key belongs to PixelPrivacy.
Anyone can make a security certificate with an associated public key. It’s a slow mathematical process, and you’ll likely need to leave your machine running overnight as it grinds through the prime numbers, but it’s totally doable.
I can do it, you can do it, and Pirate Pete The Packet Plunderer can certainly do it.
This is where the idea of a Certificate Authority comes in.
Instead of generating the certificate myself, I asked Cloudflare Inc to do it for me, sending them my public key and receiving a signed certificate in return which verifies that yes, this public key belongs to PixelPrivacy.com.
If my site tries to deploy a certificate that isn’t registered to me by a trusted authority, your browser will warn you, and you’ll know the site isn’t safe to visit.
An example of a server attempting to use a certificate belonging to another site
Cloudflare itself is able to grant trusted certificates by the Root Certificate Authority – Baltimore CyberTrust Root.
IPSec is another abbreviation – this time standing in for Internet Protocol security. It’s nice and easy to remember.
IPsec serves two purposes. The first is privacy, which, as you would expect, comes down to making sure that people who shouldn’t have access to your communications aren’t monitoring them. The second is data integrity, which is achieved via hashing algorithms that allow your computer to verify that what was sent is exactly what has been received.
IPsec is mainly for Virtual Private Network use – essentially your computer pretending it is part of a different network in a different physical location – and is employed when we send data from computer to computer across untrusted networks (which is basically anything outside of your home or place of work). It’s an alternative to TLS and creates a direct connection – or tunnel – between two routers.
Privacy is managed via Internet Key Exchange, and any data entering the tunnel is encrypted and then decrypted when it reaches the far end, making it unreadable to any would-be snoopers.
The computers attached to the routers at either end of the tunnel are able to treat each other as if they were on the same physical network, regardless of how far apart they may be in real terms.
It creates a Virtual Private Network.
The internet is a complicated infrastructure of routers, switches, physical cables and wires. It’s easy for data to get lost or corrupted in transit.
Having a bit switched when you’re watching a YouTube video or listening to Spotify isn’t a big deal, but when you’re sending encrypted packets, it means that the message it contains is completely unreadable and can never be decrypted.
Hashing for Integrity
IPsec ensures that encrypted data is received intact by use of hashes. This involves the sending computer subjecting the encrypted data to yet another algorithm. The hashing algorithm will give a value which could only be generated by subjecting that exact data to the algorithm.
When the data arrives on the receiving computer, it is subject to the same hashing algorithm. If the hash value is the same, the recipient can be confident that no bits have been lost or altered as the data travels over the Virtual Private Network.
There are two main means of authentication with IPsec, which allow the machines at either end of the tunnel to verify their identities.
SSH is short for Secure SHell and is a means of securely connecting to another machine through a shell or command interface.
It is typically used by system administrators to control servers or other machines on their network, allowing them to log in as different users on remote systems.
The beginning of a secure shell session on the author’s home network. Note that the username and hostname have changed.
By default, SSH sessions are initiated using a username, an IP address and a password.
For example, to connect to one of my own machines, I would type ssh [email protected] .
The “ssh” part tells my machine that I want to initiate a secure shell session, chris is the username I want to use, and the machine I am connecting to is located at the IP address 192.168.1.99 on my local network.
Once I have inputted the correct password, I have complete control of the chris account as if I am sitting at a keyboard in front of it.
This is grossly insecure for several reasons. chris is an easy login to guess, and any password I might come up with could be easily broken.
In reality the chris account was created for the purposes of this screenshot, and it is accessed using SSH keys, which eliminate the need for passwords altogether.
SSH keys are another example of a public/private key pair, with both keys being generated on your local machine, and with the public key stored on the machine you’re going to be accessing.
In addition to increasing security, using SSH keys means that logging in and out of remote machines is really fast and convenient.
In addition to system administration, SSH tunnels can be used for transfer files in a manner similar to a Virtual Private Network.
PGP stands for Pretty Good Privacy and allows users to encrypt individual messages to send by email.
Again, it uses public/private key pairs, with the recipient making their public key available to anyone who wants to use it.
Using the RSA algorithm I demonstrated earlier, it is possible to encrypt any message so that it can only be decrypted by a recipient with the corresponding private key.
The encrypted message can then be copied into an email, sent by text, or even by post with the assurance that it will be very difficult for any unauthorised person to access the contents.
A PGP encrypted message sent over unencrypted email.
Once the message itself is encrypted using PGP, the means of transmitting it does not need to be secure, and it can be sent over any kind of network.
Is Encryption Safe?
Whether encryption is safe is a difficult question, and the short answer is “yes and no.”
Nothing is completely safe forever. Given enough time and resources, a determined attacker can break any encryption technology – just as a skilled and determined thief with enough lockpicks can eventually pick any lock.
Sure, you can add more locks to your front door, but that just means that the thief will need to spend more time and effort picking them before eventually making off with your tiara and pearls.
For the gold standards of encryption I’ve covered in this article, it’s fair to say that they’re the equivalent of exceptionally large and difficult padlocks, and they will be unbreakable by all but the most skilled criminals.
It’s also important to consider how difficult and time consuming additional layers of security would be. There needs to be a reasonable balance between the amount of effort you put into securing your data, and the likelihood of someone trying to break it.
Criminals tend to look for easy targets – unencrypted messages on the wire are like an unlocked and wide open front door, and most thieves will be deterred by even a simple padlock.
Determined actors with the resources to crack RSA and AES are unlikely to try and break into your family picture archive – they’ll be too busy trying to steal the virtual crown jewels.
But what about the encryption algorithms themselves? How do we know that they can be trusted? After all, Crypto AG, a company which supplied encryption machines to world governments for decades, turned out to have been owned by the CIA for most of its history – allowing the US to spy on the secret communications of both allies and enemies.
The difference today is that most encryption algorithms are open source. This means that the code and methods used to encrypt messages can be inspected by anyone. With open source software, it’s impossible to hide any kind of secret back door into encryption software, and any vulnerabilities are detected and can be quickly patched.
Hopefully, you managed to follow as we walked through how RSA encryption works (well done you). Did you spot any secret back doors?
I didn’t either.
What Is the Blowfish Algorithm?
The Blowfish Algorithm sounds like the latest Dan Brown thriller, or the next James Bond movie or the working subtitle of Tom Cruise’s current Mission Impossible caper.
It’s not far off either - Blowfish encryption is all about keeping spies, thieves, government agencies and bald megalomaniacs out of your data.
Blowfish first appeared on the cryptographic scene all the way back in 1993 as a symmetric key block cipher. At the time, Blowfish was unusual in that the code was public domain, meaning that anyone could use it, rather than commercial, proprietary or government ownership.
The Blowfish algorithm encrypts blocks of 64 bits (eight characters), with key sizes ranging from 32 bits to 448 bits.
Each 64-bit plaintext block is divided into two parts - a left side and a right side - each of 32 bits.
The left side and the right side have mathematical substitutions and other functions applied to them and their outputs are swapped - the right-hand side output becoming the new input for the left hand side and vice versa.
This happens a total of 16 times.
Encryption with Blowfish is fast, except when generating new keys.
It was succeeded by the far less sinister-sounding TwoFish in 1998.
What Is a Brute Force Attack in Encryption?
Going back to real world locks for a second - there are only so many potential key shapes in existence. Sure, a burglar could use lockpicking tools, but one way of breaking into houses is to try as many variants of the key as you have available.
And if they don’t work on the first target’s condo, maybe they’ll work on one of the neighbors’.
In encryption, a brute force attack sees an attacker trying out as many keys or passwords as they can in the hope of opening the virtual door to your secrets. This is one of the reasons you absolutely must use high-level encryption when each lock and key shape is unique.
And avoid all of the passwords on this list.
What Are the 4 Basic Types of Encryption Systems?
“Basic” is probably a misnomer here. Although the principles behind each of the most common encryption types is easy to understand, each of them relies on complicated mathematical operations and requires a lot of computing power.
Advanced Encryption Standard (AES) is a type of symmetric encryption, which means that plaintext is encrypted into ciphertext with one key, and can only be decrypted with the same key. AES uses 128-bit keys and each 16-character block of text goes through between 10 and 14 rounds of substitution.
Rivest-Shamir-Adleman (RSA) encryption is asymmetric encryption - which means that plaintext is encrypted into ciphertext with one key, and can only be decrypted with a different key.
RSA relies on the factoring of extraordinarily large prime numbers and the fact that it is very difficult to work out which prime numbers were multiplied together to produce an even bigger number. It’s simple in principle, but almost impossible to break in practice.
3DES is the most common type of encryption used by banks to secure and verify online transactions. It is based on the earlier DES, which was pioneered as a symmetric key encryption standard in the early 1970s.
3DES is now viewed as being comparatively insecure and is due to be phased out in 2023.
Twofish is the successor to Blowfish. It differs from its predecessor in that it uses a 128-bit block size instead of 64 bit, and employs key sizes of up to 256 bits.
Like Blowfish, Twofish was released into the public domain and anyone can use it, free of charge.
The future of encryption
It’s almost certain that this article will be obsolete in a decade. Software is written by human beings and humans are essentially flawed – as is the software they write to keep you safe. Encryption methods fall by the wayside as new ways to circumvent them are discovered, and new algorithms take their place.
Even when no known or foreseeable exploits, algorithms become useless as the computing power which can be devoted to breaking them increases exponentially. Take a look here. It’s a list of encryption algorithms from the early 2000s, the machines used to brute force attack them, and how long it took before the encryption was eventually broken.
Cracking time ranged from 3.5 hours up to 1470 days. These efforts were made using chips whose frequency was measured in the megahertz.
Quantum computing – a rapidly emerging field in China, the US, and the EU, could potentially crack any encryption instantly.
As much as we like to tell ourselves that our current encryption methods can’t be broken in less time than is left in the universe, it probably isn’t true. Either previously unknown flaws will emerge in current encryption standards, or a mixture of raw power and emerging tech will make brute force attacks more practical.
Currently there are no realistic substitutes on the horizon beyond making our current algorithms more complex – employing long keys and bigger prime numbers, staying ahead of the exploits and increase in computing power.
Nonetheless, there are a few possible candidates on the horizon.
It’s impossible to observe something – that’s the fundamental premise behind Heisenberg’s Uncertainty Principle. If you send a message using photons sent from one computer to another computer, anyone attempting to snoop on the photons while they’re en route will change them, and the message will be irretrievably scrambled.
The drawback is (at least according to our current understanding) is that quantum cryptography would require an unbroken fibre optic cable between the sender and the receiver. This is not in any way practical.
So there’s a quantum computer which can instantly break any and all encryption you can think of – how do you even begin to hide things?
One possibility is to serve up fake yet plausible data to every single attempt to break an encryption algorithm. That way when an attacker does get the right solution to encryption he (or she) will be unable to tell what is real and what is fake.
Unfortunately, while generating fake data is easy enough, making it believable is not – especially to someone who knows what they are looking for and is able to test it.
Something else entirely
I’m a writer, and if I was able to predict the future ahead of the big names in technology, I’d be considerably richer than I currently am.
- What Encryption Is
- The History of Encryption
- Symmetric Encryption
- Asymmetric Encryption
- Encryption in the Real World
- What Is the Most Secure Type of Encryption?
- TLS / SSL
- Is Encryption Safe?
- Encryption FAQs
- What Is the Blowfish Algorithm?
- What Is a Brute Force Attack in Encryption?
- What Are the 4 Basic Types of Encryption Systems?
- The future of encryption