Information security is provided on computers and over the Internet by a variety of methods, but the most popular form of security relies on encryption. So what’s encryption? It’s the process of encoding information in such a way that only the person (or computer) with the key can decode it.
Nowadays, it's easy to buy and sell goods all over the world from your computer or mobile device. But privacy and security are major concerns, especially when sending sensitive information between parties.
There's a whole lot of information that we don't want other people to see, such as credit card information, Social Security numbers, private correspondence, personal details, sensitive company information, and/or bank account information. Encryption keeps those sensitive items safe from prying eyes.
History of Encryption
The Data Encryption Standard (DES) is a block cipher (a form of shared secret encryption) that was selected by the National Bureau of Standards as an official Federal Information Processing Standard (FIPS) for the United States in 1976 and which has subsequently enjoyed widespread use internationally.
Concerns about security and the relatively slow operation of DES in software motivated researchers to propose a variety of alternative block cipher designs, which started to appear in the late 1980s and early 1990s. Some examples include RC6, Serpent, MARS, and Twofish.
The successor to DES was the Rijndael encryption algorithm, adopted by the US Government as standard symmetric-key encryption, or Advanced Encryption Standard (AES). AES was announced by National Institute of Standards and Technology (NIST) on November 26, 2001, after a 5-year standardization process.
Many encryption algorithms exist but the two main characteristics that identify and differentiate one encryption algorithm from another are its ability to secure the protected data against attacks and its speed and efficiency in doing so.
How Encryption Secures Communication on the Web
For many years, the SSL (Secure Sockets Layer) protocol has been securing web transactions using encryption between your web browser and a web server, protecting you from anybody that might be snooping on the network in the middle.
Here’s a simple explanation of the process:
- The browser requests a secure page (usually https://)
- The web server then sends its public key with its certificate.
- The browser checks that the certificate was issued by a trusted party (usually a trusted root CA), that the certificate is still valid, and that the certificate is related to the site contacted.
- The browser then uses the public key to encrypt a random symmetric encryption key, and sends it to the server with the encrypted URL required, as well as other encrypted http
- The web server decrypts the symmetric encryption key using its private key, and uses the browser’s symmetric key to decrypt its URL and http
- The web server sends back the requested html document and http data encrypted with the browser’s symmetric key. The browser decrypts the http data and html document using the symmetric key and displays the information.
Sounds complicated, but it works to keep those pesky cybercriminals from having all-you-can-eat buffet access to your information. And it makes sense to the computer, which is the most important part. Don’t ask questions, just be glad it all happens to your benefit.
For the rest of our Internet days, security and privacy will always be a concern. Why? Because there will always be a battle between developers who are engaged in improving security and privacy, and hackers who are seeking to undermine it and grab a quick paycheck. So stay vigilant, friends.