Keep your data safe with encryption

Fairfax

LOCKED DOWN: Encryption is all around us, but sometimes the weak link in the security chain is our own selves.

Related Links

Encryption tips and software Wireless Security 101 Fear of viruses could be causing PC attacks Security software maker's own website hacked

Relevant offers

Cryptography, for most people, conjures up images of codes, secrets, spies and clandestine activity. But today cryptography is an important part of protecting all of us in cyberspace, even ballerinas.

Everyone knows a little about cryptography. Perhaps you have played with simple cyphers, like replacing As with Bs, Bs with Cs and so on, to transform something like TOP SECRET into the suitably incomprehensible UPQ TFDSFU.

As recently as the American Civil War these simple kinds of codes were useful. But with two world wars and especially the rise of computers, cryptography underwent a revolution. Today's cyphers rest on incredibly difficult mathematical problems. Arcane maths that once would have languished on a dusty shelf somewhere is now used to protect your bank account.

There are a variety of modern encryption techniques, or algorithms. Most are well known (by techies at least) because their security rests not on the secrecy of the algorithms but on the secrecy of keys, special numerical sequences that control the algorithms.

Plug one key into the algorithm and you get one encrypted result, plug a different key in and a completely different encryption appears.

In the conventional kind of encryption the key must be kept secret. This is secret key encryption. In the 1970s a rather cleverer scheme called public-key encryption was invented. In these systems there are actually two different keys: a private key and a public key.

It doesn't matter who gets hold of the public key. If you're sending a secret message to a friend you use their public key to encrypt it. Once encrypted, only the private key can be used for decryption.

The big downside to secret key systems is that you have to agree beforehand on a key, and that key has to be kept safe in more than one place. With public key systems this isn't a problem; two parties can exchange encrypted messages via an insecure medium without ever meeting, and only one copy of the private key need exist.

Both kinds of encryption are useful. Secret key systems are very quick but require agreement on keys. Public key systems are much slower but don't require agreement. Combining the two gives a neat solution for secure communications: use public-key encryption to initiate communications and agree on a secret key, then switch to a secret-key system for the bulk of the work.

Public-key encryption also allows some other nifty tricks. The private key can be used to "sign" messages so that those with the public key can see that they are authentic. Trusted authorities, or trusted friends can also sign other public keys (then called certificates) so that chains of trust can be established for people and organisations you don't trust directly.

Encryption is all around us. Whenever sensitive information is stored or transmitted, there are people out there waiting to get their hands on it, and encrypting the information is a crucial step in keeping them at bay.

Without encryption, anyone tapping into electronic signals can read whatever is going past, from complaints about the boss to credit card numbers and passwords. Much of cryptography goes on behind the scenes without us even knowing it.

Whenever you pay with eftpos, make a mobile phone call or use a wireless network you are using encryption. Encryption isn't always invisible, however, and it is worthwhile understanding its other uses.

One obvious place is sensitive files stored on your computer. Passwords alone don't keep your data safe. If your computer is stolen, or hacked, your files are there for all to see - unless they are securely encrypted.

Encryption is particularly handy for thumb drives and external hard drives which might hold sensitive information, but are also easy to lose.

The biggest use of encryption for most people, however, is in communications. On the internet there are standards for encryption that employ a combination (to stop imposters), public-key encryption (for key agreement) and secret-key encryption (for the actual work).

A lot of communication software comes with encryption built in. This is especially important for web browsers - otherwise whenever you visited your bank's website anyone could intercept your details as they drifted past on some distant cable.

Encryption is a crucial component of overall computer security, but it is not a magic bullet. Online security is only as good as the weakest link, and there are many other links the dishonest can exploit.

Encryption is useful, but it is no substitute for vigilance.

* Hayden Walles is computer science PhD student at Otago University.

- © Fairfax NZ News