What is Encryption?

Encryption (and decryption) are the processes involved in the science of cryptography. Take a message in plain text and encrypt it so it cannot be understood except by someone possessing the decrypt key. This has been used for over 2,000 years.

In computers and the internet, encryption is used everyday for sending passwords across networks, safe from prying eyes and for securely sending credit card and other important details to websites.

Programmers will sometimes use encryption to encrypt data in applications and stop anyone from reading or modifying that data.

Start with a message that has to be sent securely. This could be

• Text.
• Numeric Data.
• Secret Codes (E.G. Missile Launch Codes!)

Next we need an encryption key. This could be a phrase like ‘My secret password phrase’. The strength of this key depends upon it being a minimum length and having a good mixture of characters.

• "My7 sEcreT5&£ pas3WoR3w :0{PHRaSe.86$"
• "My secret password phrase"

Now depending on the encryption algorithm, we may also need a decryption key. Public-key encryption has two keys- this is assymetrical encryption. A simple xor though can use the same password for both encryption and decryption as the XOR operator has the property that when

C = A XOR B

B = A XOR C

A = B XOR C.

Any algorithm can be used that takes the original text and processes it using the encryption key so long as there is a corresponding decryption key. For the strongest encryption, one of the well-tested algorithms such as AES (Advanced Encryption Standard) should be used.

Counter-intuitively, the best encryption methods are not kept secret. While keeping them a secret would appear better, it is Security though Obscurity and is considered poor as the security will probably be compromised and keys are easier to change than algorithms!

The best algorithms are those that have been extensively tested by cryptographers. They will have looked for weaknesses and ways to crack the algorithm and if they fail it will be regarded as reasonably secure. That doesn't mean it is guaranteed to be uncrackable, just that no one has found any weaknesses.

Many programmers do this. However unless you are an experienced crytographer, it is best to regard it as being lightweight and not use it for anything important.

You have to ask yourself : "Is it worth anyone's time to break my encryption?" If it is, then use a tried and tested algorithm, even if you have to buy it in.

Alternatively there are several free or open source libraries like these listed here.

• SSL Library in the C Code Library.
• Free Crypto C++ Library in the C++ Code Library

No. One method of measuring the strength of a scheme is its bit length. While lengths like 56 bits have been successfully broken in a fairly short time by a super computer or network of pcs, 128 bits is so much harder that is almost uncrackable.

Until major mathematical advances are made, it is unlikely that anyone except perhaps the NSA or the Russian or Chinese equivalents will have the computing resources to crack it. It is far easier and cheaper to snatch passwords from computers by methods such as key loggers than spend billions of dollars on advanced computers.

A secure hash of a document is encrypted with the private key of the creator. This is the Digital Signature of the document, "signed" by the creator.

With this it is now possible for someone else to verify that

• The creator "signed" the document. This is done by decrypting the Digital Signature with the public key of the creator and comparing the result of that to the Secure hash of the document. Only the creator would have been able to encrypt the hash with his private key.
• The document has not been altered. If it has, the decrypted secure hashes would not match.

If you enjoyed this article, you might like What is Data Compression?