If you have ever looked into how to protect your data, you have likely learned that it needs to be encrypted. Of course, most people have no idea what that means. Still fewer people know how it works. While you don’t need a computer science degree to protect your data online, it is still helpful to understand the basics of key concepts such as encryption.
What Is Encryption?
When you send data over a network, there is always a risk of it being intercepted. This is especially significant when you are connecting to a website, software or any other service through the internet.
If the data is being sent unencrypted, it can be read by anyone. While there may be some formatting data that looks confusing to the naked eye, plain text data is very easy to interpret for anyone who knows what they are looking for.
However, nearly all network traffic today is encrypted. This means that the data being transferred has been encoded so that only the intended recipient can read it. There are many ways to achieve this but they all basically boil down to the same idea. An algorithm and a secret key are used to scramble the data like a cipher. Unlike a basic cipher, however, well-encrypted data is virtually impossible to decode without the key.
How Does It Work?
Typically, data encryption works with public and private keys. Imagine that encryption is a padlock. The keys are used to lock and unlock the padlock. The parties that want to send data between each other have the keys so that they can lock and unlock (encrypt and decrypt) the data. However, unlike a regular padlock, encrypted data can’t just be forced open. It is very secure.
Of course, the sender already has the keys, but the recipient may not yet. There are lots of ways to arrange the keys but asymmetric is one of the most common.
In this arrangement, the first party (Greg) wants to get some data from another party (Jane). Greg has a public and private key. Unlike a normal lock, these can only be used to encrypt and decrypt data respectively. So, he sends his public key to Jane. She uses it to encrypt the data and send it to him. He then decodes it with his private key.
Since the public key can’t decode the data, there is very little risk of the data being exposed. Some setups are symmetric in which both parties have the same key. Naturally, this is a little less safe. However, there are some setups that can use symmetric encryption very securely.
What Are SSL and HTTPS?
If you have ever looked on your browser and seen the little padlock, you may have wondered: what is SSL and what is HTTPS? Secure socket layer is a system of encryption for websites and web browsers.
In it, the server sends the browser its public key so that the browser can send encrypted data to the server. Then, the browser sends a symmetric encryption key to the server. It encrypts this using the server’s public key. Therefore, no one can intercept the symmetric key. The two components can now talk with encryptions.
HTTPS is short for hypertext transfer protocol secure. HTTP is the method used by browsers and web servers to send information to each other. HTTPS is simply an upgraded version of this that uses SSL to secure the data being sent between the two.
When you are browsing most modern websites, they require a connection over HTTPS. This means that all your interactions with websites are encrypted so that the traffic between them can’t easily be intercepted. While it may be possible for an advanced cyber attack to decrypt the data, the challenge is sufficiently high that attackers almost always rely on other methods.
Discover more about network security today. When you understand the concepts, you can better protect yourself.