Even though you may not know it, you come across crypto several times a day.
And if you think crypto is best left to developers, hackers, and battles between Apple and the FBI, you’re wrong.
You should understand what cryptography (encryption) is, how it is used to protect your data both on the network and on your devices, and how you can take advantage of it to keep your valuable information safe from prying eyes.
In this article, we’ll go over how cryptography is used, with examples of different types of cryptography in use today.
Block Cipher
Block cipher is an encryption method that breaks plain text into blocks of fixed size. Each block has the same number of bits. At the same time, the block cipher operates only on a block of plaintext and applies the key to produce the corresponding block of ciphertext.
While decryption also only operates a block of ciphertext to produce its corresponding plaintext. The Data Encryption Standard (DES) is the best example of this.
DES splits the plaintext into the number of blocks, every 64 bits. DES operates on one block of plain text at a time. A 56-bit key is applied to each block of plaintext to produce its corresponding 64-bit ciphertext.
During decryption, only one ciphertext block is operated at a time to produce its corresponding plaintext block. In DES, the decryption algorithm is the same as the encryption algorithm.
In general, block ciphers operate on a block of bits at a time instead of one bit at a time. Bitwise operation is a time-consuming process and since the block cipher is a computer-based cryptographic algorithm, it must be fast. That’s why operating a block of bits at a time makes it faster compared to a stream cipher.
But there is a limitation in block cipher as it would generate the same ciphertext for repeating text patterns in plaintext. However, this limitation was resolved by implementing chaining in the block cipher.
PGP
PGP (Pretty Good Privacy) has become a mainstay of privacy and security for one main reason for the Internet: it allows you to send someone an encrypted message without having to share the code beforehand. There is much more, but this is the fundamental aspect that has made it so useful.
Suppose you need to send a confidential message to a friend without anyone else discovering its content. One of the best solutions would be to alter it with a secret code that only you and your friend know so that if someone intercepts the message, they cannot read the content.
Systems like this work fine on many different types of encryption, but there is one major flaw: How can you send someone an encrypted message if you haven’t had a chance to share the code with them yet?
If you haven’t shared the code beforehand and used it to encrypt your message, your friend will have no way of decrypting the encrypted message when she receives it. If you send the code along with the encrypted message, anyone who intercepts the message will be able to access the content just as easily as the recipient.
It’s a conundrum that PGP has managed to solve with something called public-key encryption, which allows its users to send secure, encrypted messages to people even if they’ve never done so before.
PGP encryption is a data encryption methodology used to encrypt, decrypt, and authenticate digital files and online communications. It uses a combination of encryption methodologies such as hashing, data compression, symmetric private-key cryptography, and asymmetric public-key cryptography to keep data secure.
PGP encryption can be used to protect text files, emails, data files, directories, and disk partitions.
Fernet Encryption
Fernet is a useful tool in a Python developer’s arsenal, developed by the Python Cryptographic Authority (PYCA). Although there is no official licensing body that oversees it, they work together to solve common cryptographic problems in the language.
Their goal is to help you protect data without taking all the risks that come with implementing cryptographic primitives yourself.
When fernet is implemented correctly, an attacker cannot read or pry into a message that has been encrypted and authenticated with it.
There are a variety of different use cases for Fernet. Real-world examples include:
- Apache Airflow: This workflow scheduling and monitoring platform implement fernet to encrypt passwords for both variable configuration and connection configuration. This helps keep passwords safe from attackers.
- Red Hat Overcloud: Fernet keys can be used to provide encryption in Red Hat Overcloud, which is the company’s OpenStack platform environment for creating and managing network resources in public and private clouds.
- Databricks: Fernet can play a role in protecting personally identifiable information in conjunction with other tools such as Databricks. This information is precious to hackers, so it is important to have secure encryption and authentication mechanisms like fernet to protect it.
SHA-2
Before we can get into the details of what SHA-2 is, we need to cover the basics. It’s not particularly helpful to know that SHA-2 is a hash function with Merkle-Damgard construction if you don’t already know what a hash function is.
At their most basic level, hash functions take inputs of any size and then outputs of fixed length, which is known as hashes.
The simplest hash functions are used for tasks such as data storage and retrieval. One of the main advantages of these simple hash functions is that they allow data to be found and accessed in a short and consistent time.
Now that you know what a hash function is and that the SHA-2 family is a specific subtype known as a cryptographic hash function, we can get into more specific details of SHA-2.
As we have mentioned, SHA-2 is not just a single hash function, but a family of six. They are collectively known as SHA-2 because the family is the replacement for SHA-1, which was just a single algorithm.
The SHA-2 family is as follows:
- SHA-224
- SHA-256
- SHA-384
- SHA-512
- SHA-512/224
- SHA-512/256
3DES
3DES is an encryption cipher derived from the original Data Encryption Standard (DES). It rose to prominence in the late 1990s but has since fallen out of favor due to the rise of more secure algorithms such as AES-256 and XChaCha20.
Although it will be deprecated in 2023, it is still implemented in some situations. Since it is based on one of the first widely published and studied algorithms, DES, it is still important to learn what 3DES is and how it works.
Although it is officially known as Triple Data Encryption Algorithm (3DEA), it is more commonly known as 3DES. This is because the 3DES algorithm uses the Data Encryption Standard (DES) cipher three times to encrypt your data.
DES is a symmetric key algorithm based on a Feistel network. As symmetric key encryption, it uses the same key for the encryption and decryption processes.
The Feistel network makes both processes almost the same, resulting in an algorithm that is more efficient to implement.
DES has a 64-bit block and key size, but in practice, the key only provides 56 bits of security. 3DES was developed as a more secure alternative due to the short key length of DES.
In 3DES, the DES algorithm is executed three times with three keys; however, it is only considered secure if three separate keys are used.
AES Encryption
In short, AES is a type of symmetric encryption it uses the same key to encrypt and decrypt data.
It also uses the SPN (Substitution Permutation Network) algorithm, applying multiple rounds to encrypt the data. These rounds of encryption are the reason behind the impenetrability of AES as there are too many rounds to break.
There are three lengths of AES encryption keys. Each key length has a different number of possible key combinations:
- 128 bits: 3,4 x 10 38
- 192 bits: 6,2 x 10 57
- 256 bits: 1,1 x 10 77
Although the key length of this encryption method varies, its block size, 128 bits (or 16 bytes), remains fixed.
The AES encryption process is relatively easy to understand. This allows for easy implementation as well as really fast encryption and decryption times.
Additionally, AES requires less memory than many other encryption types (such as DES), making it a real winner when choosing your preferred encryption method.
RSA
RSA encryption is a system that solves what was once one of the biggest problems in cryptography: How can you send someone an encrypted message without having the opportunity to share the code with them first?
Under RSA encryption, messages are encrypted with a code called a public key, which can be shared openly. Due to some different mathematical properties of the RSA algorithm, once a message has been activated with the public key, it can only be decrypted with another key, known as the private key.
Each RSA user has a key pair consisting of their public and private keys. As the name suggests, the private key must be kept secret.
Public key recording schemes are different from the symmetric key recording, where both the recording and decryption processes use the same private key.
These differences make public key encryption such as RSA useful for communicating in situations where there has been no opportunity to securely distribute keys beforehand.
Symmetric key algorithms have their applications, such as data encryption for personal use or where there are secure channels through which private keys can be shared.