Encryption: the key to secure data?

Filed under
Security

For as long as modern computers have been around, they have been associated with encryption in one way or another. It is no coincidence that the first semi-programmable computer, Colossus, was developed to decrypt messages during the Second World War.

Encryption relies on encoding information in a way that makes it difficult to decode without either a key (cipher) or an awful lot of mathematical muscle. The longer the length of the cipher (in bits), the more difficult it will be to break. Although there are many encryption techniques that are unbreakable in practice, there are very few that are unbreakable in theory, given enough time or processing power.

Encryption techniques separate into two main types, explains Bernard Parsons, chief technology officer at security software company BeCrypt. Symmetric encryption dates back to the Roman empire and beyond, but asymmetric encryption is more recent.

Commonly used for file encryption, (for example, to protect files on a laptop to hide data in the event of theft), symmetric encryption focuses on using a single cipher to encrypt and decrypt data. "As the field of cryptography became better understood in the public domain, a number of algorithms were proposed, all of them based on difficult mathematical problems," says Parsons.

The trick is to ensure that the mathematical problem is sufficiently complex to stop it being solved by current computing technology. Developing such problems requires not only significant mathematical skill, but also an agreement between multiple parties to use the same mathematical algorithm to encrypt and decrypt data, in order to exchange files.

Consequently, standards became important in the early days of modern computerised encryption in the mid-1970s. One of the first was the Data Encryption Standard (DES), an encryption algorithm using a cipher 56 bits long. DES was at one time considered strong enough to be used for banks' automatic teller machines, but as processing power increased, it was replaced by triple DES, which ran the same piece of data through the DES algorithm three times for extra strength.

"Towards the end of the 1980s questions were asked about the appropriateness of triple DES for a number of reasons, one being performance," says Parsons. A new encryption standard called AES (Advanced Encryption Standard) was established in 2001, and it is still considered to be state-of-the-art.

Full Article.