How Do Encryption Algorithms Work?

Encryption algorithms are mathematical formulas that transform plaintext into ciphertext. Plaintext is what the message looks like unaltered, but ciphertext scrambles the message to a point where its unreadableunless you have the right authorization to decrypt the code back into plaintext. Put simply, algorithms make encrypting and decrypting code possible, specifically between the correct users. These algorithms are written into software for computer systems and networks.

Before dissecting the different types of algorithms, lets review the difference between symmetric and asymmetric encryption.

When a message or file is encrypted, it can only be unscrambled and read if the receiver of the message has the correct password or code. Codes used to encrypt or decrypt are often referred to as keys, and without the proper cryptographic key, a recipient has no way of accessing an encrypted file.

With symmetric encryption, there is only one key that is used by both the owner and the recipient. Symmetric encryption uses either stream ciphers (encrypting bits of data one at a time) or block ciphers (encrypting a certain number of bits and grouping them into a single unit).

Think of it as sending someone a package thats locked. No one can open the package without the key, including hackers, but you also have to find a secure way to send or share the key. In the case of computers, both computers would need to have the key to open certain files.

One advantage of this type of encryption is how efficiently large amounts of data can be sent. Only having one key doesnt require as much mathematical computing. Symmetric encryption is also extremely secure if you have a trusted algorithm.

The issue with symmetric encryption is sharing the key with others without compromising security. If, for example, the owner of an encrypted file sends the key over email, a hacker can hack into their email and use the key to access shared information, defeating the purpose of encrypting something to begin with. The key is often shared in person to mitigate such risk, but this isnt always a realistic option for the extent of the internet. This issue calls for a key hierarchy or a way to manage the keys being used in huge bouts of data.

Asymmetric encryption, also known as public-key encryption, involves two keys. The key that encrypts a message or file is public, meaning it can be exchanged with anyone. However, the second key is private and is the only key that can decrypt the message or file.

Think of asymmetric encryption like a deposit box. Anyone can leave a letter, but only the owner of the private key can open the box to access the private information. This is most commonly used to exchange information and data on the internet.

The most obvious advantage of public-key encryption is its security and convenience. Instead of having a secret code that only two specific sources know, data can be safely exchanged with more people online. Asymmetric encryption also uses Public Key Infrastructure (PKI), which protects communications between the server and the client using digital certificates, which make it easier to verify that the recipient is coming from the correct sender.

The downside to asymmetric encryption is that the keys only go one direction, meaning a correspondence would require both parties to have their own set keys, one public and one private. In other words, every recipient needing to decrypt a message needs their own deposit box with a private key. Unlike symmetric encryption, the asymmetric encryption method is also more mathematically complex, which can slow down processing time.

With data being exchanged constantly online, both symmetric and asymmetric encryption is used today to verify, authenticate, and protect users. Depending on the level of security necessary, who needs access to data, the type of requests being made, etc., different encryption algorithms are better for certain scenarios. Some are more advanced than others, but the following systems are the most common and secure types of encryption.

One of the first main algorithms used was the Data Encryption Standard (DES), a type of symmetric encryption. It was the standard for electronic communications, but, though DES provided a solid foundation for encryption, it could be hacked in a matter of hours and couldnt keep up with modern computing.

Triple-DES was much more secure because it overcame the small keyspace of DES, and it eventually became the standard symmetric encryption algorithm for a time, specifically in the 1990s. It weaved its way into cryptographic protocols, too, such as SSH and TLS. Triple-DES (or 3DES) uses the cipher of DES three times over to encrypt data, which allows for multiple key lengths despite only using 56-bit keys.

Features

Triple-DES is one of the most efficient algorithms to implement. In its prime, 3DES changed security and helped resolve some of the biggest security leaks of DES. It still works for some hardware security encryptions.

In the face of more secure encryption algorithms, Triple-DES is becoming more and more obsolete. Though it can compute more than DES, 3DES can only work with 64-bit blocks, which doesnt keep up with most modern organizations. Most big companies and organizations use different symmetric encryption methods.

During the peak of Triple-DES use, big names like Microsoft and Firefox used Triple-DES for data security. Financial, payment, and other private services still use Triple-DES, though its unlikely they will continue using it.

The Advanced Encryption Standard (AES) is a type of symmetric encryption that is considered both the most unbreakable algorithm and the global standard of security. AES dethroned Triple-DES due to its higher computing capabilities and advanced security.

Features

There are no guarantees in the cyberworld, but to date, AES has yet to be cracked as far as anyone knows. With the ability to use a 256-bit key length, its one of the most secure forms of encryption. In fact, it would take billions of years to crack even a 128-bit encryption.

Even though its more powerful than both DES and Triple-DES, it is a bit harder to implement. Its also slower due to the key size, which can sometimes hinder communication.

The U.S. government uses this algorithm to keep all sorts of information private and secure. From government computers to cybersecurity, AES is an essential tool for keeping data classified. AES is truthfully used everywhere: solid-state drives (SSDs), WiFi in local area networks, cloud storage, internet browsers, and more.

Rivest-Shamir-Adleman (RSA) is a public-key encryption algorithm and is the primary way data is securely sent over the internet. As an asymmetric encryption method, RSA uses two keys, one for public encryption and one for private decryption. A defining element of RSA is how the algorithm is used: by factoring prime numbers.

Features

This is the best system for communicating with others online, especially when exchanging potentially sensitive information. Its especially used to verify digital signatures. Its easy to implement and sharing public keys to online users is relatively easy.

Because RSA is an asymmetric algorithm, its notably slower in comparison to symmetric encryption. It also requires more power compared to single-key encryption. Plus, though its great for security, if the private key is lost, the data cannot be decrypted.

RSA is used all over online, including web browsers, VPNs, emails, chats, and other communication servers.

Venafi is the leader of machine identity management and works behind the scenes to secure some of the largest networks in the world. Our technology protects cryptographic keys and digital certificates so that your business can safely succeed.

The machines used to communicate, streamline and process data are immensely helpful, but also at immense risk. Leaving machine communications unprotected leaves confidential and classified information unprotected, too. Thats why you need to efficiently manage the identities of all machines, which is why Venafi exists.

Want to learn more about how you can reduce risk at your organization? Download the Machine Identity Management for dummies Guide.

Read the original here:
Types of Encryption Algorithms - Security Boulevard

Problem-solving is one of the most common features of any top-tier cryptocurrency. Cryptocurrencies with this property can disrupt the cryptocurrency market. From Bitcoin (BTC) to Ethereum (ETH) and from Binance Coin (BNB) to Ripple (XRP), each of these giant cryptocurrencies ranks high in problem-solving capabilities. Logarithmic Finance (LOG) is a recently launched cryptocurrency aimed at overturning the crypto world. It has all the features that will eventually become the next big thing in the crypto market.

Logarithmic Finance (LOG)

Logarithmic Finance (LOG) aims for the next generation of decentralised financial and trading protocols, enabling seamless connectivity and interaction between early blockchain innovators and investors. The raising of funds in a decentralised world has always been considered a daunting task, with several models designed for this purpose criticised for deficiencies. These disadvantages include the high cost of time to market, lack of financial security, and low-budget innovators.

Taking advantage of these shortcomings, Logarithmic Finance (LOG) delved into this market and addressed the issues that existed at both ends. It proposes the idea of a liquidity pool that fills the gap and acts as a bridge. This idea of liquidity pools enhances the purchasing power of innovators seeking first market access across open blockchain networks. The basic idea behind the creation of this cryptocurrency is an interactive community, the development of advanced features for project innovators and liquidity providers, and a true wonder of DeFi innovation at a secure and scalable cost. Lets dig deep into its attributes to identify its true potential, and if it will be able to compete with giants of the crypto industry.

Fully Homomorphic Encryption

The goal is to provide strong security for the switching mechanism available to the end-user through full homomorphic encryption, eliminating the need to decrypt packets while the computational process is taking place behind the scenes. The possibility can be understood from the fact that fully homomorphic encryption allows arbitrary computation of encrypted data.

On-chain Data

In addition to waterfall project management, DevOps best practices, and implementation of fully homomorphic encryption, the platform collects feedback on on-chain data from time to time. Logarithmic Finance (LOG) is critical because it helps engineering and UI/UX design teams make the necessary changes to the interface and other features to provide a seamless experience for users on the platform.

Multi-chain

Logarithmic Finance (LOG) is becoming a fully decentralised Layer 3 exchange protocol. In this regard, it is important to combine interoperability between heterogeneous blockchains with interchain communication. Since this is a complex implementation, these integrations should be done in a multi-step deployment before replacing the pseudo-centralised bridge with a fully distributed consensus mechanism.

Cross-chain

Cross-chain integration facilitates multiple use cases and extends the reach of innovators and investors on the platform. For example, innovators will be able to auction Ethereum (ETH) tokens to the NEO network to take advantage of low-cost transaction fees and scalability. In addition, cross-chain integration also supports P2P transactions between different blockchains.

Inexpensive Gas Fee

Its experienced development team followed a minimal approach, including a clean modular code structure, to design a robust code architecture for the platform. In addition, the platform ensures that only critical data is pinned to the blockchain, optimising the resources deployed. By combining all these practices, you can balance all transactions made in journal finance and reduce gas charges.

NFT Integration

Introduction of the NFT auction function to the platform, dedicated to LOG token owners. Various cryptocurrencies or stable coins can be exchanged for irreplaceable tokens by project innovators. After the cross-chain integration rollout is complete, more stable coins and networks will be introduced, which ultimately results in enhancing the NFT exchange experience.

Disclaimer: This article is a paid publication and does not have journalistic/ editorial involvement of Hindustan Times. Hindustan Times does not endorse/ subscribe to the contents of the article/advertisement and/or views expressed herein.

The reader is further advised that Crypto products and NFTs are unregulated and can be highly risky. There may be no regulatory recourse for any loss from such transactions.

Hindustan Times shall not in any manner, be responsible and/or liable in any manner whatsoever for all that is stated in the article and/or also with regard to the views, opinions, announcements, declarations, affirmations etc., stated/featured in the same. The decision to read hereinafter is purely a matter of choice and shall be construed as an express undertaking/guarantee in favour of Hindustan Times of being absolved from any/ all potential legal action, or enforceable claims. The content may be for information and awareness purposes and does not constitute financial advice.

Subscribe to Mint Newsletters

* Enter a valid email

* Thank you for subscribing to our newsletter.

Read more:
Logarithmic Finance Might Be The Next Big Crypto In World Like Ethereum And Bnb | Mint - Mint

At a glance.

A state audit has determined that the personal information of nearly 2 million individuals who filed compensation claims with the Texas Department of Insurance (TDI), an agency that oversees the states insurance industry, was exposed for nearly three years. According to the audit, released this week, the compromised data includes Social Security numbers, addresses, dates of birth, phone numbers, and employee injury info and was publicly accessible online from March 2019 to January 2022. The Texas Tribune reports the leak was the result of a flaw in the programming code in the web application used by TDI to manage workers compensation data. TDI spokesperson Ben Gonzalez explained, We found the issue was due to programming code that allowed internet access to a protected area of the application. We fixed the programming code issue and put the TDI web application back online. We began an investigation to find the nature and scope of the issue. Gonzalez added that the investigation did not uncover any evidence that the data had been misused. Nonetheless, Insurance Business America adds, TDI will send notification letters to the impacted individuals including instructions on how they can enroll for free credit monitoring.

Amit Shaked, CEO, Laminar, finds the kind of error implicated in this incident regrettable. He wrote, "This event is truly unfortunate as it is not due to an attack or malicious activity. It was due to a missed code glitch that left personal data exposed for years. Todays digital world requires layering on data-centric security where policies are at the data object level, like detecting excessive exposure in this case. To combat the growing threat to data protection in the cloud, data security teams require a set of cloud native tools that are automated and always continuously monitoring. These automated solutions will transform security teams from gatekeepers to enablers of data democratization."

It's also another case of abused privileged credentials, Arti Raman, CEO and Founder of Titaniam, wrote. As this incident proved, information can be accessed using privileged credentials, or strictly from a code glitch, allowing not only the general public to see this information, but hackers to steal underlying data. To keep customer PII safe and minimize the risk of extortion, encryption, specifically data-in-use encryption, also referred to as encryption-in-use, is recommended. Data-in-use encryption provides unmatched immunity. Should adversaries break through perimeter security infrastructure and access measures, or simply gain access through a technical error, data-in-use encryption keeps the data and IP encrypted and protected even when it is being actively utilized. This helps neutralize all possible data-related leverage and limits the need for breach disclosure.

Neil Jones, director of cybersecurity evangelism at Egnyte, notes that the data maintained by this agency inevitably includes a great deal of PII. "The recent data breach at the Texas Department of Insurance is especially concerning because worker's compensation data inherently includes PII (Personally Identifiable Information) and PHI (Protected Health Information), which are potential treasure troves for cyberattackers. Although there's no current evidence that the breached information has been used maliciously, it is not uncommon for attackers to wait for just the right time to post their breached data to the Dark Web," he writes. "There are several key lessons that can be learned from this incident:

Erfan Shadabi, cybersecurity expert with data security specialists comforte AG, notes the special responsibility of state agencies: We depend on the state agencies to provide us with a basic level of security against all threats. The recent incident with the Texas Department of Insurance in which the personal information of 1.8 million workers has been exposed should underscore the need for data-centric security such as tokenization or format-preserving encryption to be applied to sensitive data wherever it resides in order to render that data incomprehensible and thus worthless for exploitation if bad actors get ahold of it. Preventing attacks and breaches is not 100% foolproof, so we can only hope that governmental agencies have instituted the mitigating measures of data-centric security applied directly to data in case sensitive information falls into the wrong hands.

On Tuesday the Irish Council for Civil Liberties (ICCL) released a report including new data on what its calling the biggest data breach ever recorded: the real-time-bidding (RTB) systems abuse of web users info for tracking and ad targeting. According to the report, through the use of RTB, a surveillance-based ad auction system, Google and other tech giants have been processing and sharing user data billions of times per day. The ICCL explains, [RTB] tracks and shares what people view online and their real-world location 294 billion times in the U.S. and 197 billion times in Europe every day.

Figures in the ICCLs report, obtained from a confidential source, show that users in the US state of Colorado and the UK are among the most exposed by the system, with 987 and 462 RTB broadcasts respectively per person per day. Americans have their online activity and real-world location exposed 57% more often than Europeans, likely due to differences in privacy regulations across the two regions. The biggest culprit, Google, allows 4,698 companies to receive RTB data about US users, while Microsoft says it may send data to 1,647 companies. Questions have been raised about how RTB could be exposing sensitive data individuals share online, from womens fertility cycles stored in period tracking apps, to Black Lives Matter protestors locations, to the romantic histories of users of Grindr and other dating apps.

The report could have repercussions for European regulators in particular, given that the General Data Protection Regulation (GDPR) has been in place since May 2018 but regulators have been seemingly reluctant to penalize the adtech industry. Johnny Ryan, senior fellow at the ICCL, told TechCrunch, As we approach the four year anniversary of the GDPR we release data on the biggest data breach of all time. And it is an indictment of the European Commission, and in particular commissioner [Didier] Reynders, that this data breach is repeated every day.

An FBI Flash noticewarns that unidentified threat actors were scraping credit card data from an unnamed US business by injecting malicious PHP Hypertext Preprocessor code into the business online checkout page. The scraped data was being sent to an actor-controlled server spoofing a legitimate card processing server. The attackers also established backdoor access to the victims system by modifying two files within the checkout page. The notice details new indicators of compromise for e-commerce sites and lists recommended mitigations, which include updating and patching all systems, change default login credential, monitor e-commerce environment requests for possible malicious activity, segregating network systems, and secure all websites transferring sensitive information by using secure socket layer (SSL) protocol.

Read more here:
Data exposure at the Texas Department of Insurance. ICCL report details RTB ad tracking. Credit card scraping operation. - The CyberWire

Quantum computers may one day break encryption. So might stochastic magnetic tunnel junction machines, also known as spintronics. But we don't need next-generation computing power to break encryption. Its successfully happening right here and now.

Why Does Encryption Fail?There are many factors that contribute to encryption weaknesses and create vulnerabilities ready for exploitation by cybercriminals or state-sponsored actors. Chief among them is poorly implemented cryptography in terms of both the crypto libraries themselves and the way they are used. Bugs such as Heartbleed or the recent implementation error of the Elliptic Curve Digital Signature (ECDS) algorithm in Java versions 15 and above, undermine all programs based on them. The incorrect use of a library, insufficient entropy, or use of weak ciphers is a daily occurrence that impacts specific applications, making bugs even harder to find. Other encryption failings include weak passwords and certificates taken from compromised machines. Combine these techniques with harvest-now-decrypt-later attacks, and encryption technology is no longer what it used to be.

Mathematics, the Cornerstone of Encryption Extremely difficult mathematics underlie our encryption. RSA, the gold standard for public key encryption, is based on the complexity of breaking down a large number into its constituent primes. The forward problem is easy and quick to solve: Take some primes and multiply. But the reverse problem is much harder: Given an integer, which primes were multiplied to make it? Attempts to solve the problem of prime factorization dates back centuries, with Euclid of Alexandria working on specific properties of prime numbers more than 2,000 years ago.

Although no solutions have been found that work on conventional binary computers, that does not mean none exist. After more than 2,000 years of work, most mathematicians agree a prime-factorization algorithm used by a classic computer wont be here anytime soon. Peter Shor proposed an algorithm that could do composite number decomposition in polynomial time on a quantum computer breaking RSA and Diffie-Hellman ciphers but a quantum computer of this kind has not been publicly demonstrated at sufficient scale. Yet.

To prepare for the day when Shors algorithm is in play, the National Institute for Standards and Technology (NIST) has sponsored a post-quantum cryptography (PQC) competition. Now in its sixth year, the competition that began with 82 submissions is expected to announce its four finalists this year.

The remaining candidates are asymmetric-key algorithms (similar in concept to RSA) believed to be capable of withstanding the computational power of a stochastic algorithm that might run on a scalable quantum computer. The mathematical problems upon which these newer algorithms are based are much younger and have not been studied extensively.

In the field of complex mathematics centuries are common time frames. For example, Fermats last theorem took 358 years to be proven. By that logic, its no wonder we have already seen a previously unknown or unforeseen weakness revealed in Rainbow what had been the most peer-reviewed quantum-resistant algorithm now deemed unsuitable for use by NIST. Its only a matter of time, then, before new encryption standards are weakened or outright broken. This is why NIST is encouraging organizations to embrace crypto agility in their post-quantum preparedness planning.

What complicates this matter further is that we don't and won't know which methods are bearing fruit and which techniques are being used, and by whom, to break the encryption we rely on to secure our digital universe. For all we know, large-scale quantum computers are already in use. If you were a nation state or criminal mastermind and had the ability to factor large numbers into their primes, would you tell the world? This is the fundamental problem with modern encryption: We often dont know which, when, or how ciphers are compromised. However, we can say with certainty that encryption is being broken and will be broken.

Look to Wall Street and Diversify To harden IT environments and digital assets in the face of such uncertainty, we can look to Wall Street for strategic advice. To combat the uncertainties and risks associated with loans and stocks go bad, financial institutions embrace diversification. By diversifying investments across multiple asset classes, geographies, and industries, the risks of an entire portfolio imploding are minimized.

This approach can, and should, be applied by enterprise IT and SOC teams when it comes to encryption. Using and mixing/stacking multiple encryption techniques helps to keep data traveling securely even if a flaw is uncovered in one of the encryption layers. We wont always know which part of a crypto stack has been defeated and how, but it wont matter if the cryptography is sufficiently diversified.

As an industry, we need to support the simultaneous use of multiple approaches, anticipating that new crypto methods will come and go. We must mix asymmetric key technology with symmetric key technology, and transmit keys through out-of-band channels. Most importantly, we must develop agreed-on metrics and industrywide benchmarks to measure exactly how diversified our crypto strategy is.

Go here to see the original:
Take a Diversified Approach to Encryption - DARKReading