If you click on “forgot my password” on any site that requires authentication, they still send the password originally provided by email, forget about this site! He doesn’t even have the most basic safety precautions and doesn’t deserve your visit, let alone your trust.
The administrators behind it must not know what encryption is and its importance in the modern world.
It is not our purpose to be a complete or even very brief guide on the subject, which is vast, but if you don’t want to make the same mistake of storing any valuable information without properly encrypting it, you need to read this article.
What is encryption?
It consists of an algorithm to which any data and a secret or a key are submitted and which produces a profound alteration in that data in order to make the data unreadable by someone who does not have access to the secret or key necessary to revert the data to its original format.
This type of encryption, which requires the same key or secret to revert content to its initial state, is called symmetric cryptography.
When a different key is used than the one used to encrypt or encrypt the data, to decrypt or decode it, it is called asymmetric cryptography.
Algorithm, in turn, is a set of actions or steps that must be adopted on top of a data, to produce a result or an output, and in this case, it is the “shuffling” of these data in order to make them indecipherable by part of third parties.
Encryption is not new and it was not born with the Internet or digital transformation . Probably the oldest historical account we have, it is attributed to the Romans and was used by the dictator Gaius Julius Caesar, born in 100 BC and for that reason he received the name of Caesar’s cipher.
It is a very simple method and consists of advancing 3 positions in the Latin alphabet – the key or the secret – the letters used, in such a way that the word “Caesar”, using this rudimentary method, would be “Fhvdu”.
For the time, it served very well, when its creator saw the need to transmit secret messages and that if they were intercepted by enemies, their content would not be discovered.
How does encryption work?
Modern cryptography transforms, through the application of advanced mathematical concepts and even some more basic ones, such as binary and hexadecimal numbers, human readable and known data, into encrypted data that does not have a recognizable and decodable pattern and therefore understandable to those who are not authorized. for access.
It is important to note that in many cases, having knowledge or deciphering the original content is not necessary, as in the case of passwords. This is called one-way encryption. It is not reversible.
When you enter any password when logging into your free email service , the system does not compare your real password with the one stored in the database, but the result of the encryption of both, so that even if the database data is invaded, its use is not possible.
For this, different methods, technologies and algorithms are used, such as RSA , Diffie-Hellman , elliptic curve , GUID , PBKDF2 , among others, sometimes combining them and applying them successively in order to strengthen the result and decrease close to zero the chances of its breaking by sufficiently powerful computer systems.
You don’t need to know what all these concepts are (Diffie-Hellman or elliptic curve), but you do need to know what you mean by using them and, if so, there is a lot of technical literature on the subject.
What is Internet encryption?
Internet encryption is the submission of data that travels on the network or is stored on servers and that are considered sensitive or in need of secrecy, to a set of algorithms that make such data unreadable if obtained by third parties without authorization for their use or access.
Encryption is one of the main pillars of security in the digital world .
Access to banking systems, the software you install on your notebook or smartphone apps, the purchases you make on e-commerce sites , authentication to access your social networks or email service, and more list of services and features we use, make use of encryption to strengthen security.
Thus, when you access a website that uses the HTTPS internet protocol , the “S” added to the HTTP protocol indicates that there is an SSL certificate installed on the website and that, among other things, causes all data exchanged between your device ( smartphone or notebook) and the server on which the website is hosted, is encrypted.
This is necessary, so that if a hacker – in fact a cracker – intercepts the communication between the points, he is not able to know the information being transmitted and that at a given moment can be your username and password, or the data credit card or any other data that must be kept secret.
For this purpose, among many technologies, the aforementioned asymmetric cryptography is used.
In what situations is encryption used?
Encryption is present in almost every website we access, in the download and installation of the notebook or smartphone operating system , through verification hashes, in the software we install, in the storage of a lot of information that we keep in different services.
That is, whenever there is a need for confidential communication, financial transactions, protected customer data, industrial secrets, it is used.
When using SSH to access your VPS server or even a shared hosting account , you don’t need to use the traditional username and password. Using the keygen, a pair of keys is generated – one public and one private – for authentication and consequent SSH access.
The private key is stored on the server on a partition with strict privileges and not even the root administrator has access.
If you have a digital certificate from a class entity (ex: CREA, OAB, CRM, etc), it uses encryption for authentication every time the card is used in a reader and also to store confidential data associated with the professional’s registration with to the issuing agency.
The APIs and systems behind payment gateways , whether in virtual stores where you shop or even in physical store machines, make extensive use of encryption for communication with banks or payment service.
When using Telegram, WhatsApp or Signal , what is known as end-to-end encryption is used, which in practice means that no one other than the people involved in the communication can read the messages exchanged or understand the audio, sent, using asymmetric cryptography.
Bluetooth devices do symmetric encryption for pairing and communication. A warning is in order here, since some versions of the protocol have a bug that allows the replacement of the key by another provided by the attacker and, therefore, makes security vulnerable by allowing a type of attack known as “man in the middle”.
DRM or Digital Rights Management, which in Portuguese is digital rights management, uses content encryption in such a way that it can only be reproduced from the original media and by software with the access key, preventing piracy.
Cryptocurrencies and the blockchain network have their bases of operation and security in cryptography. And if you have a cryptocurrency wallet or have private keys relating to your bitcoins , that is also used.
Why is encryption important?
In times when information has so much value and when data confidentiality and privacy are so important, instituting layers of security and minimizing the probabilities of misuse should be the biggest concern of every company that deals with data from the 3rd.
In security, one should not assume if there will be a breach that will allow data theft, but when it will happen. Examples of leaks from large companies abound to prove this claim.
Based on this basic premise, the job of those responsible for information security is to postpone this event as much as possible and when it does occur, make the attacker’s job as difficult as possible.
Cryptography is a necessity in the modern world in which so much valuable and sensitive information circulates through digital media, as a way of guaranteeing increasing and satisfactory levels of security for users and holders of this circulating information.