I spoke to several of my mother’s friends the other day. They were all worried about being on the web. Kudos to these ladies for being connected at all (they are in their 70’s and 80’s), They also get a gold star for being alert enough to recognize that something on the ol’ Intertubes has changed recently.
They hear that their information is being stolen at the banks and stores they frequent. One neighbor lady even said she was worried but the government stealing her data. I explained to the group that I too am concerned about how it seems everyone on the web is under attack lately.
I gave them the usual pointers. Don’t trust anything on the web. Have someone (not me!) help keep their anti-malware and systems up to date. And use encryption if possible.
Navajo Code Talkers
Of course, none of my mother’s neighbors had heard of encryption. I explained to the ladies that encryption means changing a message so that anybody who heard the message would not understand it unless they knew how the message was changed. I used the example of Ig-pay Atin-lay.
- An-cay ou-yay eak-spay Ig-pay Atin-lay? = Can you speak Pig Latin?
- I-way ave-hay a-way ecret-say = I have a secret.
Then of course I was outsmarted. One of the w
omen chimed out, Oh like the Navajo Code Talkers during World War II. (Next time I will start with the smart answer and then go to the Pig-Latin.) These ladies lived through the shhesh,
So that got me thinking, what does the end-user really need to know about encryption? Sure there are PKI’s, Salted hashes, Block-ciphers, and …. none of which mean anything to the end-user.
What users need to know about encryption
Miguel Leiva-Gomez at MakeTechEasier.com recently explained what beginners need to know about encryption. He says that encryption is a practice in cryptography where a piece of data is obfuscated (manipulated) in a mathematically predictable way. The manipulation makes it very difficult to recover its contents. The author says it is like my pig-Latin example, but much more complex. The mathematical equations used to encrypt (and decrypt/decode) things are called cryptographic algorithms.
These cryptographic algorithms are needed because hackers are getting smarter and sneakier. They’re compromising databases left and right. To protect your data from attacks system owners should use these algorithms to mathematically jumble up all your personal data Jumbling the data (encrypting) making it difficult (if not completely impossible) for a hacker to steal your data from that database. Mr. Gomez claims that encryption basically protects you from intrusion. If a hacker manages to break into a database and take your passwords, it would be reading something like “EAFC49BF4B496090EA2B7CA51674589” instead of “Mary_$mith.”
The article calls the jumbled-up text like “EAFC49BF4B496090EA2B7CA51674589” at the end of every algorithm is called a ciphertext. The decrypted equivalent is known as plaintext. These are very important words to remember when discussing cryptography.
The author explains that there are two ways that the plaintext “Mary_$mith” gets turned into the ciphertext to “EAFC49BF4B496090EA2B7CA51674589” and then back to plaintext “Mary_$mith.” The first method is called a symmetric algorithm:
Symmetric algorithms use a key to 
encrypt and decrypt data. The key is basically the “x” that will solve for “y” in the mathematical algorithm. The length of the key and some other properties of the algorithm determine its “difficulty.” The more difficult an algorithm is, the more difficult it is to crack it. A difficult algorithm requires immense amounts of computing power to crack. The kind of horsepower that is usually out of reach from run-of-the-mill hackers. More sophisticated attacks might use computer clusters to decipher your data. Even then, some symmetric algorithms might thwart these attacks.
The second-way plaintext gets turned into the ciphertext and then back to plaintext are called Asymmetric (public key) algorithms. Asymmetric algorithms split the key into two pieces. The first is a public one (usually stored in the server). The second piece is a private one (usually stored in your computer by software). Mr. Gomez writes that asymmetric algorithms get their strength from this particular technique since a hacker will not be able to read the contents of your data even if he gets his hands on the public key (it’s only half the key).
rb-
In the end, no algorithm is created equally. All of them have some flaw or another that will be discovered in the future, so it’s difficult to know what services you should rely on.
The best advice is still the oldest advice. Look for URLs that start with HTTPS and have a little green lock in the URL line. This means some part of the connection is encrypted with Secure Socket Layer (SSL) an Asymmetric (public key) algorithm. The Internet is on the verge of a move to a more secure Asymmetric algorithm called Transport Layer Security (TLS)
That’s why the age-old advice to keep your PC up to date is critical for keeping your personal data safe.
Related articles
- Navajo, Pawnee Code Talkers remembered on Veterans Day (KOB.com)
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.
