What is Encryption? (& How it Works to Protect Your Data)
There is a lot of information in today’s world. From emails to website data, photos, videos, etc. all bouncing around the world wide web to your computer, phone, and TV sending data within your own home network to each other, data bouncing between your phone and Bluetooth headphones, smartwatches and even data just sitting is the storage on all of these devices.
Because of this there is a lot of opportunities for this data to be intercepted or stolen by the someone who wasn’t intended to see it. There is though, one major thing, that helps to ensure all of this data is seen only by the intended recipients: encryption.
There are many forms of encryption frankly and some are better than others, but in this episode of Decodr where I break down technology regularly for you guys, let’s learn more about what encryption is, how it works, the different types, and how it helps to protect all of the information we have floating around.
Firstly, thanks to Bitdefender for sponsoring this video. Consistently ranked as the best antivirus software in terms of not just security but also performance (so having them installed doesn’t slow down your device) by top industry firms who rigorously test these things, they know some things about encryption. You can get a free 4-month trial of their software at the link below, but we’ll talk about them more later on.
So what is Encryption?
Well, there are two states that encryption can be used: in-transit, aka data being sent between different locations, and at rest, as in say data sitting on a hard drive somewhere. First, let’s start with in-transit.
So, as mentioned, tons of things are sending data to one another, constantly. Encryption ensures that the data being sent can only be read by the intended recipient.
Essentially, what it does is it takes otherwise easily readable data and using an algorithm along with a key, it converts it to seemingly random-looking/hard to read data. Then the intended recipient can, using the same algorithm and the key convert it back into data that is easy to read again. The general idea is that anyone who intercepts the data on its way doesn’t have the algorithm and and more importantly the key and so they won’t be able to read it.
In addition to protecting the data, using some systems, it can also guarantee that the data is coming from the specific source it was supposed to.
Now, there are two main ways this works in modern encryption: symmetric and asymmetric encryption.
In Symmetric encryption, there is an encryption algorithm that has been decided by both parties to use to encrypt the data. This essentially is a mathematical algorithm (called a cipher) that takes data either line by line (called XXX) or in chunks of a specific amount (called block) and converts them into that seemingly random data.
Now, in order for both parties to be able to read the data that gets encrypted, they each need to use the key and plug it into the choosen encryption algorithm for it to encrypt the data and then the same key can be used to decrypt it on the other end.
A good example of this is say your home WiFi network. Chances are that you’re home wifi network is using the AES encryption (or the Advanced Encryption Standard) algorithm, which was standardized by the US government after data scientists Vincent Rijmen and Joan Daemen presented it and beat out the other scientists’ proposed methods.
So firstly your devices on your home network all need to support this algorithm method along with your home router. Then you actually create the key when you make a password for your WiFi network. This key gets plugged into the AES algorithm on the router and that scrambles the data in a specific way that it can only be unscrambled by a device after it connects to the WiFi using that same key.
Now, when using a public network, technically everyone on that network all have that key and so theoretically they could then see all of the data being transmitted over the network if they wanted. This is where VPNs or Virtual Private Networks come in.
These essentially, encrypt your data before it’s sent over the network to their own server where it is then decrypted and sent on from there. Data comes back and is reencrypted before being sent back to your device.
Bitdefender actually includes up to 250MBs a day of web surfing with their Total Security 2020 product and you can even get unlimited data for a small amount more. Regardless of which one you choose though, a VPN is a cheap way to make sure that even on public networks, your data is still encrypted.
Now, asymmetric encryption is a bit more complicated, but here we go,
In asymmetric encryption, also called public key encryption, there is also an agreed upon encryption algorithm that both parties have to each use but instead of one key, there are two that are linked.
So there is a private key that is kept secret by one party and a public one that is given out and so anyone can find it and use.
The private key is used to encrypt data and send it to users. They then use the public key to decrypt it and read it. When they send data back, they encrypt it with the public key but since everyone obviously has that same public key and in a symmetric system that means they could then just use it to read it, right? In an asymmertic system, only the private key can then decrypt that data. So anything encrypted with the private key can be decrypted by the public key and anything encrypted by the public key can only be decrypted by the private key.
OK, I understand that that is a bit complicated, bear with me, here’s an analogy that Panayotis Vryonis came up with.
Imagine you have a chest with a lock that instead of just having two states like normal, unlock and lock, we have three: locked by turning all the way to the left (A), unlocked in the middle (B), and locked by turning all the way to the right (C).
Then there are two keys. Key 1 can only turn the lock clockwise, so A to B to C. While Key 2 can only turn it counterclockwise, so C to B to A. Now, let’s say Key 1 only has one copy and only one person has that copy (this is the private key) while Key 2 is copied a bunch of times and handed out to anyone who asks for it so a lot of people have it (the public key).
So if the person with the private key puts some data in the chest and then turns the lock to the right to lock it in position C.
Anyone now with Key 2 can come up and turn the lock to middle (B) (since that’s counterclockwise) and unlock it and get the data. They can put their own data back in it and since their key can only turn to the left again, they do so and lock it in position A.
Now, anyone else with Key 2 can’t unlock this since they can only turn to the left. But the original person with Key 1 can turn it to the right to get to the unlocked position, take out the data, and then put their own back in, turn it to the right to lock it again and the cycle starts anew.
OK, so while this seems odd, it’s useful. In particular, there’s a thing you probably do all the time, that uses this method: browsing the web.
On the internet, websites can use this asymmetric encryption in the form of TLS/SSL and if they do that’s when you see that lock icon in your browser and the “https://” in the URL.
So when you visit a site that uses SSL encryption, you’re computer sends a request to the site and the site provides the public key (Key 2 from our analogy) to your computer. It then encrypts it’s data with it and sends it to the site. The site then uses it’s own private key to decrypt it, then encrypts its own data and sends it back.
So now, when you input your credit card info for example, it is encrypted in-transit to the site, etc.
It can be more complicated than that, but that gives you the general idea, I think.
There is also a way to add an additional layer of security on top of this that has become popular lately and that’s with using a password manager.
The idea behind these is that they, like the Bitdefender Wallet, allow you add an extension to your web browser and it’ll generate very hard to guess passwords to use for logging in to websites, it then encrypts this information itself and can only be accessed by your master login. Making it even less likely that if say a website gets hacked some how and someone gets access to your password, they won’t be able to use it for any of your other accounts since they are all unique and unrelated.
Now, besides in-transit encryption, we have at rest encryption. This is when things are encrypted while on a drive of some sort. Basically, it uses the same symmetric encryption, we just discussed but to scrambled the data sitting on the drive while it’s inactive.
So for example, your phone is probably encrypted by default nowadays and without delving into the backend of everything and how that works, suffice it to say that your pin/password is associated with a key. So if someone were to say take out the drives in your phone (which yes, is entirely possible) and try to access them somehow, they would need the pin/password to get the key to decrypt it.
Now, your computer on the other hand isn’t encrypted by default usually but there are programs to help you do so if you wanted, one such program is to use Bitdefender’s File Vault system. This lets you set a password to then encrypt a specific drive or folder and then everything in that folder gets scrambled and cannot be read even if someone were to steal your computer.
In addition to these, there’s also secure external drives that use buttons on the drive or, like this one, a fingerprint sensor to encrypt data on them that can only be decrypted by inputting the correct code or using the correct fingerprint.
And there you go, a basic overall understanding of encryption.
Again, you can check out Bitdefender’s Total Security 2020 product and get a free 4 month trial at the link in the description below.
I hope this was useful for you guys, please let me know in the comments below what you thought of it, would love to hear suggestions of topics you’d like me to cover in the future or just any ways you guys think I could improve the series.
Also if you enjoyed this, please thumbs up or share it and check out the rest of the channel and if you like what you see there, please subscribe and ding the bell next to the word subscribe to be notified when I do new videos. As always though, thanks for watching.