Encryption 101: How do I protect myself against nosy secret services….

EncryptionSo you read everything about the recent NSA scandal and ask yourself: How can I make sure my data is safe?

The answer: ENCRYPTION!

Only through strong encryption and strong passwords you can make sure you data is save from nosy secret services or hackers. And it’s actually quite easy as this series of posts will show you. 

I will start by explaining a bit of background information about encryption.

Symmetric vs. asymmetric encryption is probably the most important difference you need to understand. In symmetric encryption a key (or passphrase) is used to encrypt a document. The same key is then used to decrypt the data once it reaches the destination. Think about symmetric encryption as a safe. Whoever has a key (or knows the code) can open the safe, deposit information or withdraw them.

Encryption-symmetric encryptionSymmetric encryption has been around for thousands of years (even the Romans used it). It’s very, very secure. If you encrypt your data with an AES-256 algorithm it will even take supercomputers decades to break the passcode using a brute-force-attack.

But encryption will only work if you choose a good password! You password should at least by 15 digits with a random selection of letters, numbers and special characters. Do not use words, your birthday or other stuff that can be easily guessed.

Some operating systems offer to encrypt your entire harddisk. On a Mac, this feature is called “File Vault”. If you want to encrypt single files, USB sticks, external drives or a harddisk partition you can use the free software “TrueCrypt“.

Archive software also normally has a feature to encrypt your ZIP files.

While symmetric encryption is very safe, it has one massive disadvantage: Key distribution

Imagine you want to send confidential information via an email attachment or copy it on a cloud service like ownCloud or Dropbox. Naturally, you want to encrypt the data. However, to decrypt the data the recipient needs to know the key.

This isn’t a problem if he/she lives next door (but then you’d hardly need to use the web to transmit information). If the recipient lives far away you need to make sure he/she receives the password in a secure manner. And that used to be a huge challenge.

In the 1960s, banks in the United States employed an armada of employees who travelled around the country every week for the sole purpose of delivering the encryption keys for secure communication to all branches.

So while symmetric encryption is safe, it’s utterly useless  to pass encrypted files to someone who’s far away. Symmetric encryption works fine for keeping your data on your devices safe, but for the transport we need a different solution.

Encryption-asymmetric encryptionEnter asymmetric encryption: In the 1970s two really smart guys, Whitfield Diffie and Martin Hellman, invented the principle of asymmetric encryption. And it works as follows: Instead of having one key, you have a key pair: A public key and a private key. The public key can be shared freely. You can send it around via an unencrypted email, post it on your blog, etc. It doesn’t matter. Because the public key can only encrypt data. To decrypt the data, you need the matching private key.

Let’s say Alice wants to send Bob an encrypted email. To do that, Alice needs Bob’s public key. She encrypts the email with Bob’s public key. Bob receives the email and decrypts it with his private key.

Sounds complicated? You can compare it to a safe with two keys. The public key allows to open the safe and put information inside. However, you cannot take anything out. Only the private key opens the safe and allows you to retrieve the information.

Or, to stick with the safe example, we can think of  the public key being a safe itself. A safe you pass to everyone who wants to send you confidential information. The sender puts the information in your safe and locks it. But he/she doesn’t have the key (or the code) to open the door. Only you, the owner of the private key, can open the save and retrieve the information.

Asymmetric encryption was a revolutionary concept and would have solved the key distribution problem forever. The only problem was that Diffie and Hellman invented the theoretical concept but didn’t present a solution.

The solution was found a few years later. Ronald Rivest, Adi Shamir and Leonard Adleman invented a new algorithm called “RSA” in 1977. Through using a mathematical problem involving prime numbers they were able to create a public/private key pair that allows encryption with the public key and decryption with the private key. (I need to add here that this is not 100% correct. The British secret service discovered public/private encryption a few years earlier but didn’t publish it. So strictly speaking, Diffie, Hellman, Rivest, Shamir and Adleman weren’t the first persons to invent it but they were the first persons who made it public to a large audience).

The result of asymmetric encryption was staggering!

For the first time it was possible to securely transmit information without the need of secure key distribution.

Nowadays this principle is used pretty much anywhere. The SSL protocol your browser uses when you do online banking or online shopping (you can see it on the https:// in the browser”) is based on asymmetric encryption.

Basically, whatever requires the secure transport of information on the net (whenever you enter a password, credit card details or send an email) is, or should be, encrypted via asymmetric encryption.

Without the break-through efforts of asymmetric encryption the internet as we know it today wouldn’t be possible.

In my previous post I mentioned Threema, a secure messaging application for Android and iOS which is based on asymmetric encryption.

In my next post, I will talk about email encryption using “PGP (Pretty Good Privacy)”, a free system that allows you to apply asymmetric encryption to all your email traffic.

One thought on “Encryption 101: How do I protect myself against nosy secret services….

Add yours

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Website Powered by WordPress.com.

Up ↑

%d bloggers like this: