WhatsApp, these days, focuses more and more on the data privacy of users. After the chats, the messenger will now offer protection for backups too. So, now you can lock your WhatsApp backup with a password or 64-digit encryption key. Interestingly, this WhatsApp encryption is similar to what the company offers for its messages and calls.

To recall, WhatsApp chats and calls are end-to-end encrypted, so no one, except for you, can read your data. WhatsApp backups are also end-to-end encrypted now, so these will also have the same level of security. Read on to know more!

First of all, install the latest version of WhatsApp on your phone, and then follow these steps to make your backups end-to-end encrypted.

1. Open WhatsApp and tap on three dots and go to Settings.

2. Now select Chats and next tap on Chat Backup.

3. Scroll down to the bottom and you will see End-to-end Encrypted Backup.

4. Tap on Turn On.

5. Now if you want to create a password, tap on the Create Password option.

6. Choose a password thats at least 6-character long with a letter. Tap on Next.

7. Youll need to enter it again and tap on Create to save it.

WhatsApp encryption for your chat backups would be turned on immediately.

1. Alternatively, you can Use 64-digit Encryption Key instead to generate a unique key.

2. Tap on Show Key and then write it down. Then tap on Continue.

3. Lastly, tap on Yes, Continue.

Thats it! Now when you try to restore your backup, you will be asked to enter your password.

If you cant remember your password, you can change the password later. Please note that you can enter your password or key wrong only five times and after these many attempts, youll have to wait for some time.

Follow the steps mentioned below to change your WhatsApp backup password:

1. Go to WhatsApp settings.

2. Now select Chats and tap on Chat Backup.

3. Scroll down and tap on End-to-end encrypted backup.

4. Now select Change Password.

5. Tap I forgot my password and then verify your identity with your biometrics or PIN.

You can now create a new password for your WhatsApp backup.

You can access your WhatsApp backups like you normally do. You can restore it from your Google Drive or iCloud account anytime with the use of the backup password. If you choose to proceed without restoring a backup, that backup will still be there and you can access it whenever you reinstall WhatsApp on any other device.

This happens only in a case when you cant remember your backup password. When you are restoring your chats and dont have access to your WhatsApp backup password, you wont be able to access it.

Unfortunately, no! If you somehow lose your password or key, not even WhatsApp can help you. Since end-to-end encryption uses your unique key, it can only be decrypted with the same key. So, no, WhatsApp wont be able to unlock your backup.

If you cant remember a password or key, you can choose to turn off end-to-end encryption for your backup anytime. Heres how:

1. Go to WhatsApp settings.

2. Select Chats and tap Chat Backup.

3. Now go to End-to-end encrypted backup.

4. Select Turn Off and tap on I forgot my password.

5. Verify your identity with your biometrics or device PIN and tap Turn off.

6. Lastly tap on Done.

Thats all. You can turn it back on at any time.

This was all about WhatsApp backup end-to-end encryption. For more such tips, follow us on social media!

You can also follow us for instant tech news atGoogle Newsor for tips and tricks, smartphones & gadgets reviews, joinGadgetsToUse Telegram Group, or for the latest review videos, subscribeGadgetsToUse YouTube Channel.

Read the rest here:
7 Questions Answered About WhatsApp Backup End-to-end Encryption - Gadgets To Use

Encryption and the development of cryptography have been a cornerstone of IT security for decades and remain critical for data protection against evolving threats.

While cryptology is thousands of years old, modern cryptography took off in the 1970s with the help of the Diffie-Hellman-Merkle and RSA encryption algorithms. As networks evolved and organizations adopted internet communications for critical business processes, these cryptographic systems became essential for protecting data.

Through public and commercial development of advanced encryption methods, organizations from sensitive government agencies to enterprise companies can ensure protected communications between personnel, devices, and global offices. Financial institutions in the 1990s and 2000s were some of the first to incorporate encryption to protect online transactions, particularly as backup tapes were lost in transit.

The race continues for cryptographers to keep encryption systems ahead of cryptanalysts and hackers. Quantum computing attacks already present a real threat to existing standards, making the continued development of encryption pivotal for years to come.

This article looks at encryption, how it fits into cryptology, how cryptographic algorithms work, types, use cases, and more.

Encryption is the act of translating data into secret code (ciphertext) and back again (plaintext) for secure access between multiple parties. With shared protocols and encryption algorithms, users can encode files or messages only accessible to other select clients.

To no ones surprise, the study of cryptography and advancements in encryption are essential to developing cybersecurity. Individuals, small businesses, and enterprise organizations all rely on encryption to securely store and transfer sensitive data across wide-area networks (WAN) like the internet.

Application developers managing sensitive user data must especially beware of increasing regulatory action surrounding data privacy.

Cryptology is the overarching field of study related to writing and solving codes, whereas encryption and decryption are the central processes driving the computer science discipline.

As seen below, cryptography is the methodology and applications for managing encryption schemes, and cryptanalysis is the methodology of testing and decrypting these messages.

Cryptographers versed in the latest encryption methods help cybersecurity companies, software developers, and national security agencies secure assets. Cryptanalysts are the individuals and groups responsible for breaking encryption algorithms for good, bad, and ugly reasons.

Penetration testing and red teamers are critical for remaining vigilant in an ever-changing threat environment and catching the vulnerabilities otherwise missed. Alternatively, advanced persistent threats (APT) are always around the corner trying to do the same.

While there are several encryption schemes, they all share the ability to encrypt and decrypt data through a cryptographic key. This unique key is a random string specifically produced to complete the encryption transaction and the more bits in length and complex a process, the better.

Brute force attacks are among the most common cryptanalytic methods, and the time it takes to break an encrypted message is a recognized indicator of the encryption strength.

For users familiar with password management and the value of complex passwords, this makes sense. The longer and more complex the encrypted message is, the longer itll take to decrypt.

Without encryption, data from users and organizations alike would be widely available for all to see on public networks. Individuals and application developers hold responsibility for using and implementing services secured by a good encryption algorithm.

Not every application or network requires military-grade encryption however, enterprise organizations cant go wrong with the services offering the most strength.

A visible example of the role encryption plays with everyday web traffic is the transition from HTTP to HTTPS protocols witnessed in the last decade. Short for the Hypertext Transfer Protocol, HTTP was central to the World Wide Web development in the 1990s and remains a popular application layer protocol connecting users to internet content through a web browser.

In 1994, Secure Sockets Layer (SSL) emerged to give clients an encrypted method to surf the web. By 1999, its successor the Transport Layer Security (TLS) protocol offered a more robust cryptographic protocol across technical components like cipher suites, record protocol, message authentication, and handshake process. HTTP over SSL or HTTP over TLS, dubbed HTTPS, wasnt immediately adopted by the masses.

Thanks to an industry campaign led by the Electronic Frontier Foundation (EFF) for users, website owners, and hosting providers to prioritize secure web traffic, HTTPS has overcome its less secure older sibling. In 2016, only 40% of websites protected their web pages and visiting users with HTTPS. Five years later, that number is more than 90% of websites, protecting users en masse from web attacks.

Before computer science, two individuals could use an identical key to unlock a shared mailbox or gate. Today, symmetric encryption via block ciphers or stream ciphers works much the same way, offering two or more users the ability to encrypt and decrypt messages with a single, shared key between stakeholders.

Users can establish a symmetric key to share private messages through a secure channel like a password manager. Unfortunately, while symmetric encryption is a faster method, it also is less secure.

Symmetric models rely on the integrity of the private key, and sharing it in plaintext over text or email leaves users vulnerable. Phishing and social engineering are common ways threat actors can obtain a symmetric key, but cryptanalysis and brute force attempts can also break symmetric key ciphers.

In the 1970s, the demand for more secure cryptographic systems was met with computer scientists from Stanford and MIT developing the first examples of asymmetric encryption.

Unlike symmetric cryptography, asymmetric encryption is a complex mathematical process in which two users exchange public and private components to create a shared, unique key. Though more complicated and expensive to implement, asymmetric encryption uses thousands of bits and a robust key generation process to ensure secure communications over distributed networks.

Software developers and organizations increasingly use symmetric and asymmetric encryption methods to give users speed and security in communication.

Also known as hybrid encryption, the bundle of the two methods usually starts with a handshake between users through asymmetric cryptography to establish security. Within the asymmetric connection, parties then use symmetric algorithms for the faster processing of messages.

Cryptography challenges have been met by leading computer scientists, universities, and national security and intelligence agencies. The below section looks at the most substantial standards in the evolution of encryption.

The need for a government-wide standard to encrypt sensitive information was evident in 1973, when the U.S. National Bureau of Standards, nowadays the NIST, made a public request for potential ciphers. The algorithm dubbed the Data Encryption Standard (DES) was developed and proposed by IBM and lead cryptographer Horst Feistel.

By the 1990s, DES received wide criticism for its vulnerability to brute force attacks and its short key size. Triple DES, wherein the DES cipher algorithm ran over data blocks three times, proved to be more secure but insufficient for the online ecosystem and universe of data coming.

Shortly after the release of DES, three computer scientists Whitfield Diffie, Martin Hellman, and Ralph Merkle published their research on public-private key cryptography in 1976. As it came to be known, the Diffie-Hellman-Merkle (DHM) key exchange set a precedent for asymmetric encryption before the global networking boom.

Unlike symmetric encryption methods, which previously used few bits, the DHM key exchange provided for encryption supporting key lengths of 2,048 bits to 4,096 bits.

A year after DHMs findings, three cryptographers Ron Rivest, Adi Shamir, and Leonard Adleman developed the RSA public-key cryptosystem.

The three innovators and MIT patented the RSA algorithm, a proprietary system available through RSA Security until its public release in 2000. Standing the test of time, the RSA algorithm remains the most popular public key cryptographic system today and introduced the concept of digital signatures for authentication.

In 1997, the NIST renewed its call to the public cryptography community for the successor to DES. Two Dutch cryptographers Joan Daemen and Vincent Rijmen submitted the eventual pick known as Rijndael. By 2001, the NIST dubbed it the Advanced Encryption Standard (AES) and officially replaced the use of DES.

AES offered larger and different key sizes with a family of ciphers to choose from and remains one of the most popular standards over 20 years later.

While both DES and AES use symmetric block ciphers, AES uses a substitution-permutation network wherein plaintext goes through multiple rounds of substitution (S-box) and permutation (P-box) before finalizing the ciphertext block. Similarly, a client or application can decrypt the AES message by reversing these S-box and P-box transformations.

Professors at the University of Washington and Columbia University independently published research in 1985 on elliptic curve cryptography (ECC), but it didnt come into widespread implementation until the mid-2000s.

Like RSA, ECC is an encryption algorithm for public key cryptography, but instead of prime numbers for generating key pairs, ECC uses elliptic curves. ECC is faster than RSA with a smaller key size while maintaining its security with the mathematics behind elliptic curves over finite fields.

ECC has proven to be a popular choice for web applications, blockchains, and mobile devices as a fast, lightweight yet secure alternative to RSA. ECC isnt immune to compromise, including threats like twist-security and side-channel attacks.

In 1978, Rivest and Adelman published additional research on a cryptographic method dubbed homomorphic encryption. However, it wasnt until 2009 that a graduate student published research on fully homomorphic encryption (FHE) and set off an exploration period.

Unlike conventional cryptography, homomorphic encryption allows for a set of limited operations on ciphertext without decrypting the message. Homomorphic models includes partial homomorphic (PHE) for a single operation, somewhat homomorphic (SHE) for two functions, and FHE for the broadest operational control over encrypted data.

More than a decade later, companies like Google, IBM, and Microsoft continue to explore FHE capabilities where an organization can process specific data within an encrypted message while maintaining the integrity of the data. FHE remains a maturing cryptographic system with little evidence to date of widespread adoption.

Based on quantum mechanics rather than mathematical operations, quantum computers utilizing Shors algorithm for finding prime factors can break asymmetric standards like DHM, RSA, and ECC within moments.

Post-quantum cryptography (PQC) describes the budding market working to address quantum attacks and secure the next generation of IT environments and data. Agencies like the NIST and NSA continue to release security guidelines against quantum threats, but theres still much to learn of quantum information science (QIS) and no official US standard.

Earlier this month, the White House released a national security memo outlining U.S. administrative objectives for adopting quantum-resistant cryptography. While initial standards are expected by 2024, a full mitigation architecture for federal agencies isnt expected until 2035.

The most common applications for cryptographic systems in IT environments include:

Cryptology long predates todays encryption algorithms for data stored in our pockets and moving across the web. From Julius Caesar to the Enigma code, cryptographic methods continue to become more complex to the benefit and detriment of various actors.

As cryptanalysts and threat actors poke holes in the latest implementations, its natural for the industry and users to upgrade to the most robust available algorithms. Outdated and inadequate cryptographic standards leave organizations and users vulnerable, giving those persistent or capable enough the ability to extract, sell, or ransom sensitive data.

The emergence of post-quantum cryptography is a reality stakeholders must grapple with sooner than later.

Read the original post:
Encryption: How It Works, Types, and the Quantum Future | eSP - eSecurity Planet

Data privacy has become absolutely crucial for businesses. And some businesses go to great lengths to protect their data, files, and communications.

But consumers and smaller businesses seem to think that adding extra security isn't worth the extra work required. The problem with this take is anyone who refuses to take the extra steps might find themselves on the wrong end of a data breach.

You might have sent some sensitive information in an innocent email, only to find some bad actor intercepted the message and was able to easily read the content of that email and extract the information.

You don't want that. Even if it does require an extra bit of work on your part, being safe is much better than being sorry.

So what do you do? You encrypt your email (or the email containing sensitive information).

What is email encryption?

Email encryption is a way to encrypt an email such that only the recipient can read it. This works by way of encryption key pairs like so:

If the email is intercepted on the way, it cannot be read without the matching private key. That, of course, brings up one crucial issue that cannot be stressed enough -- never share your private key with anyone.

Yes, adding encryption to email does add extra steps to your process, but when dealing with sensitive information, those extra steps will be well worth the effort.

How do you encrypt email?

Because every email client does this differently, I'm going to demonstrate using the open-sourceThunderbirdapplication. I'm also going to demonstrate how to create your GPG key (using GnuPG), so you can help your recipients generate the necessary key pairs so they can send you their private keys.

Here's how it works.

I'll be demonstrating on Pop!_OS Linux, but this will work the same way on any platform that supports GnuPG (Linux and macOS). For the Windows OS, you'll need to use Gpg4win.

To generate a keypair, open a terminal window and issue the command:

You'll be asked the following questions (answer with the defaults):

When prompted, type y to verify the creation of the key. You'll then be required to add a real name, an email address associated with the key, and an optional comment. Finally, you'll be required to type and verify a password for the new key pair. After that, your key is created and ready for export.

Next, we need to export the public key so it can then be sent to the person who will need to send you an encrypted email.

To export the key, issue the command:

gpg --export -a "EMAIL" > public_key

Where EMAIL is the email associated with the key you just generated. Once you've generated the file (named public_key), send it to the person who will be encrypting the email to you.

Next, we need to import the public key that was sent to you. Open Thunderbird, click the Menu button and click Account Settings. In the left sidebar, click End-To-End Encryption and then click OpenPGP Key Manager (Figure 1).

Figure 1

Gaining access to the OpenPGP manager from within Thunderbird.

Click File > Import Public Key From File, and then make sure to select All Files from the drop-down at the bottom right corner of the window (Figure 2).

Figure 2

Importing the public key from within the OpenPGP Key Manager.

Locate the file you saved (the public key from the recipient that will receive your email) and click Open. In the resulting window (Figure 3), select Accepted (unverified) and click OK.

Figure 3

Importing Henry Jekyll's key might not be the best idea, but I'm going for it.

Click OK, and the key will be imported and ready to use.

Close the Key Manager and go back to the Thunderbird main window. Compose a new message to the email address associated with the encryption key, and then (in the email compose window) click the Security drop-down and click the checkboxes for Require Encryption and Digitally Sign This Message (Figure 4).

Figure 4

Encrypting and signing your new email.

Send the message as normal, and it will be encrypted such that the only person that can decrypt it is the owner of the private key that matches the public key you imported.

And that, my dear friends, is how email encryption works. I hope you find this to be much easier than you expect and will inspire you to start using this extra security layer in your email communications.

See the rest here:
How to encrypt your email and why you should - ZDNet

London, UK, May 24, 2022 (GLOBE NEWSWIRE) -- Hoping Club, a global asset management and investment organization, revealed that it will invest in a startup in the field of digital cryptoin Singapore, and the specific details are under negotiation.The investment is led by thunder flight, the Singapore Branch of Hoping Club, to help Hoping Club expand its investment business in the field of digitalcrypto. Singapore is a popular location for cryptocurrency companies and one of the pioneers in formulating a formal licensing framework in the world. Because the regulatory and operating environment is relatively clear, it has attracted many technology giants to settle down, and has also been favored by many financial investment fields.

Hoping Club is an investment organization founded on Wall Street by KobySadan, CEO of VikingLongFundMasterLtd. At the beginning, the company only did simple investment business. In just a few years, it went out of Wall Street and became a multinational organization. Its investment involves traditional and emerging fields such as real estate, financial bonds, heavy metals, energy and digital crypto.

Initial Stage Based on Local

Hoping Club is headquartered on Wall Street in Manhattan, New York. In July 2012, Koby Sadan, CEO of Viking Long Master Fund Ltd., founded Hoping Club in order to try to expand the investment field outside the fund's stocks. The early members of Hoping Club are composed of senior managers of major investment banks on Wall Street. The organization has three departments: stock investment, fund investment and futures venture capital. Koby Sadan has rich investment experience. With the support of Viking Long Master Fund Ltd., Hoping Club won its first battle in the financial market.

Medium Term Global Perspective& FutureChallenge Technology

In recent years, Hoping Club has also been involved in high liquidity digital crypto assets, digital art NFT collection and decentralized financial investment including technology, IT, blockchain and digital quantification. Hoping Club has established a digital team composed of 30 data scientists and engineers, which is responsible for the comprehensive digital upgrading of business model and technological innovation in the investment field, and applies big data analysis to the investment decision-making process. Hoping Club has become an organization focusing on practice and research. They will formulate a detailed investment strategy according to their own industry survey, and encourage the team to find new ideas.

Under this mechanism, the new technology and culture empower Hoping Club to achieve a win-win situation between members and the guild through a complete ecology, and achieve new breakthroughs in the wave of new technology.

Originally posted here:
Hoping Club will invest in startup in the field of digital encryption in Singapore - GlobeNewswire