Encryption is the heart of online security. Almost every other technology that makes privacy and anonymity possible is enabled by encryption. Privacy Journal’s articles explain what encryption is, how it works and why it’s vitally important — and far too often unused.
The basic concept behind encryption will be familiar to anyone who ever played with secret codes as a child. Legible information, such as a written sentence, is translated into data that appears to be nonsense — except to the intended recipient. The original information is the “plaintext,” and the encoded version is the “ciphertext.”
To decrypt ciphertext, you need a key, which is a set of instructions for converting ciphertext back to the original plaintext. The study of how to create usable keys that can only be decoded by the intended parties is known as cryptography. If you’ve ever heard someone tell a story about the characters “Alice and Bob,” cryptography is more than likely the subject.
There are two main kinds of keys. Symmetric keys are privately shared between the owners of data and the people encrypting that data (for example, when you give your files to an encrypted cloud storage service). Anyone with a symmetric key can use it to decrypt the ciphertext, so they must be carefully guarded and only shared when necessary.
Asymmetric keys, also known as public-private key pairs, work differently. With an asymmetric key, anyone with the public key can encrypt the plaintext, but ONLY the owner of the private key can decrypt the ciphertext.
Asymmetric keys are more secure because they don’t require the user to give out the private key to anyone. Among other uses, they’re employed by virtual private networks (VPNs) to encrypt your data. Possession of a certain private key is also a great way to verify a server’s identity — this is how an SSL certificate authenticates a website.
Thanks to the proliferation of the https standard, the majority of websites are encrypted against attacks from outside. However, https doesn’t solve the whole problem. Many other online activities demand encryption, especially any website that asks for a username and password.
Far too few websites store your login credentials in an encrypted vault, as evidenced by the fact that unencrypted usernames and passwords keep getting stolen and sold on the dark web. You can boost your security by using a password manager to assign unique passwords to each of your accounts. That way, if one gets compromised, the others are still safe.
Password managers such as Dashlane and LastPass encrypt all your stored passwords. Many cloud storage and backup services also encrypt any files you place on their servers. Most apply zero-knowledge encryption, whereby you retain the private key. A zero-knowledge service couldn’t pry into your data even if it wanted to.
Encryption is based on a simple idea, but gets complicated fast. Privacy Journal’s encryption articles get down to business and explain the importance of encryption without resorting to jargon, turning the whole subject from ciphertext into plaintext.