Introduction To Encryption Process
The stuff about which I am going to talk about right now, you probably won’t find much about it on the Internet. Heck, when I was learning this myself, I had a lot of trouble learning each and every bit of Algorithms, Math, encryption, cryptography and programming, the trusted keys, and stuff.
And the worst was when I came to know that every other encrypted thing in the world can be decrypted or hacked, no matter what. Yeah, there is no such thing as FoolProof Security. But the main reason for me to write this blog was that there is hardly anyone helping you out there related to this. My aim is to help people understand what encryption is and how it is related to Cryptography and Math.
What does Cryptography mean?
Firstly, encryption is just but one branch of cryptography. So, now the question must be, what is cryptography. I actually prefer cryptography to Art. It is not totally related to Programming or similar stuff. Cryptography was used even in ancient times. The most famous cryptographer of all time was Leonardo DaVinci. His encryption process methods were so challenging that even today, most of his works are still not decrypted.
So, cryptography is the art of writing or coding something so that only a specific person to whom it is addressed can understand that. No one else would be able to understand it. This cryptography can be in the form of images, or writing, text, design, architecture, or anything. There is no limit to that.
Ever heard of Mona Lisa (Yes, it was drawn by Leonardo Davinci)? Yes, it even said that her left eye is also encrypted in the painting. Not to mention that there could be a lot of conspiracies here as well. Now you may have gotten an approximate idea of what I am talking about and where I am heading.
Also, do you remember the part previously where I told you that even the images are encrypted? Yes. Speaking virtually, hand-drawn images can be encrypted to show some sort of code of a map or some other stuff. Similarly, images can also be encrypted in sentences. This is called Steganography. Steganography is a form of encryption process where you write one thing, but you actually mean something else.
Nowadays, terrorists and a lot of ISIS people use this form to communicate with each other. They post ads in newspapers, which actually look like some normal advertisement, but they actually mean something else.
Digital Cryptography and Encryption
After reading all of this, you might be wondering how this all gets entangled with computers. It is simple. When you store something digitally, you may need some sort of security. For example, we all have many internet accounts, and we need to keep them secure. So, the encryption process part here is with the server. For example, let us say you create an email account.
Now, the password you used would have to store on the server. But this password cannot be in plain text. The reason for that is because if the server gets compromised by some hacker, then all the data inside, would then get released, and anyone can misuse it. So, this data needs to be secured. And this is where the encryption process part comes in between.
The encryption program, which is created here, is not a simple process. For example, let’s say the password is Abcd@123(just assume). So, when this password is entered, it gets converted into a hash file of a 32-bit which is stored on the server. Whenever you enter the password, the converted hash file needs to match the hash file stored on the server. Now you may think, what if some hacker is doing a Man-in-the-Middle-Attack and gets the hash file. That’s the magic here. Each hash file has almost ‘n’ number of possibilities here.
This means that even if the hacker gets the encrypted program hash file and says, even if he or she decrypts it, he won’t get the same password. The possibility of getting the same password, i.e. Abcd@123, from the hash file is one in a million. In short, this is again what the main aim of cryptography is. That is only the concerned party should recognize the code. In our case, the concerned party is the Server and the User entering the password.
To be frank, there are very fewer email providers who provide encrypted program security. The worst part here is, nowadays, hackers don’t even tend to go for hash cracking. They straight away social engineer their way into the accounts. Besides, pro hackers don’t even need your password to enter your account. Assuming the same situation you are in of the man-in-the-middle attack, an attacker can straight away sniff your email, which is sent in the form packets.
Thus the only way to secure yourself is to get an email provider who provides an email encryption process as well and not just the password encryption process. And the only one I know of as of now is Protonmail.com. They are very sophisticated. Recently, some hackers even tried to hack into their accounts, but due to extreme security, they weren’t able to, and they later ended up DDOSing protonmail’s system, which went on for 3-4 days until it became life again(DDOS: Distributed Denial of Service Attack is a method of sending an extreme number of packets to disrupt the system).
Encryptions and Security
The encryption process has several forms. Though it is hard to decrypt an encrypted service, it is not impossible. WEP, for example, is a type of Wi-Fi security, but it is extremely insecure, whereas WPA and WPA2 Personal are totally secure. But being totally secure doesn’t mean foolproof. A WPA2 encrypted Wi-Fi with a 12 character can take up to 15-20 days to crack, but it can be cracked.
Similarly, it can crack the same password with a good enough computer in 3-5 days. I have a system at my home running PIMP OS(PIMP is a bitcoin-mining operating system) with core i7 6th gen(processor doesn’t matter though) and a 15000-RPM SSD along with two gtx980 graphics cards. With this setup and a wordlist Dictionary from Kali Linux(Kali Linux is a penetration testing OS), I can easily crack the same password in 10-12 hours. Shocked? Yes. But that’s just me.
Extremist hackers mostly employ bots that take control of hundreds, not to mention thousands of computers, and babysit them for cracking passwords. By doing this, they can easily crack passwords in a few minutes. Now how scary it is, just think. It straight away escalated from 20 days to 20 minutes. And these are just pure math. According to the decryption philosophy of mathematics, every other encryption can be cracked with enough time. It’s just pure probability and brute force password cracking.
If you are more interested in the encryption process, I would recommend you to read the book “Digital Fortress”. It’s an excellent book for a beginner to understand how the encryption process works. And NO! It’s not a math or programming book. It’s a fictitious novel, but the encryption process details are near close enough to real life.
Types of Encryption
As I said previously, encryption has multiple forms. Following are the main types of encryption:
1. Symmetric Encryption
Symmetric encryption gathers plain-text data and then shuffles it to make it unreadable. And just before reaching the required party, it re-arranges the data again. Symmetric types of encryption are the fastest of other encryption processes. The viable part to remember here is that the encrypter and decrypter party both need to have the same key to intercept the data.
The bad part about the symmetric key is that even if your data is encrypted, the software readily needs the unencrypted data to match the password and not the encrypted one. This indirectly proves that the software itself is compromised. The only to protect yourself is to design the software so that the data remains encrypted when the user logs out of the system and leaves the key only in an unreadable encrypted format which is actually tough, to begin with.
2. Asymmetric Encryption
Asymmetric encryption, similar to symmetric ones, also gathers plain-text, shuffles it, and re-arranges it again at the other end. Still, here multiple variable keys are used for each end. Users and decrypters use public key and private key to shuffle and re-arrange the data. The only problem with a public key is to make sure you trust the public key you hold. If the public-key is somewhat compromised, then everything is. A simple Man-in-the-middle attack is an easy way to compromise it.
Nowadays, when you hear the term encryption process, it’s actually hashing what is happening in the background. Hashing is not a pure form of the encryption process, though. Remember the example I gave previously about email security?
Yeah! That’s what hashing is, really. Hashing a string will always produce the same string, but the reverse string is never the same. But with enough information, one can easily use some other data to create the same hash. As a matter of fact, in the case of hashes, the hash is the password itself.
Speaking of encryption programs, no matter what you do, there is no foolproof security. It will always be Security through Obscurity. One can only be paranoid enough to be safe enough.
This has been a useful Guide to the encryption process here, we have discussed the different encryption process, and types of encryption, which helps people understand what exactly is encryption and you may also look at the following article to learn more –