Why do we Encrypt?
The only data that shouldn’t be encrypted is in your head.
Unfortunately, that’s not a reality for most organizations. Sometimes poorly implemented systems require the transmission of unencrypted or poorly encrypted data. It’s still important to do as much as possible, within the confines of practicality.
Symmetric vs. Asymmetric-key Algorithms
Algorithms like AES and 3DES are symmetric. They provide high speed and security at relatively low key lengths. They’re used to store files that one party needs access to and to encrypt high volumes of data, for example, web traffic.
But how can server and client securely share the same key?
That brings us to asymmetric-key algorithms like RSA, which work with two keys: A public key to encrypt sensitive information and a private key that decrypts. This is an effective way to send small amounts of sensitive data without requiring trust.
Asymmetric-key algorithms require longer key lengths and are slower than symmetric-key algorithms. It would be impractical to use them to encrypt web traffic. But they do play a role.
Problems with Encryption
Take DES, which has a short key length of 56 bits. It was once secure, but now can easily be cracked. 3DES improved its security by performing the DES algorithm 3 times. While it is more secure, it isn't totally secure. Since Sweet32 came out, it’s not recommended for high volumes of data.
The Real Problem with Encryption
Encrypting data does not ensure its security forever. Technology will continue to evolve, bugs will emerge, and new attacks come out every year. Despite this, encryption is an essential layer of security. One that everyone should use, from hotels to the government.
As Alfred Lord Tennyson so famously said* - “‘Tis better to have encrypted and lost than never to have encrypted at all.”
Come back soon to learn more about securing your network, and check out our research on TP-Link routers, where we encountered DES in the wild.
*He didn’t, but we think it’s an accurate statement.