Encryption is the translation of data into a secret code. Encryption is the most effective way to achieve data security. To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it. Unencrypted data is called plain text ; encrypted data is referred to as cipher text.

There are two main types of encryption: asymmetric encryption (also called public-key encryption) and symmetric encryption.

Confidentiality ensures that data is only viewable by authorized users. Encryption provides confidentiality of data, including data at rest (any type of data stored on disk) and data in transit (any type of transmitted data).

Symmetric encryption uses the same key to encrypt and decrypt data. As an example, Remote Authentication Dial-In User Service (RADIUS) uses a shared key for symmetric encryption.

Block ciphers encrypt data in fixed-size blocks. Advanced Encryption Standard (AES) and Twofish encrypt data in 128-bit blocks.

Stream ciphers encrypt data one bit or one byte at a time. They are more efficient than block ciphers when encrypting data of an unknown size, or sent in a continuous stream. RC4 is a commonly used stream cipher.

Data Encryption Standard (DES), Triple DES (3DES), and Blowfish are block ciphers that encrypt data in 64-bit blocks.

AES is a popular symmetric block encryption algorithm, and it uses 128, 192, or 256 bits for the key.

DES is an older, symmetric block encryption algorithm. 3DES was created as an improvement over DES and is used when hardware doesn’t support AES.

One-time pads provide the strongest encryption when compared with other encryption methods.

Asymmetric encryption uses public and private keys as matched pairs:

  • If the public key encrypted information, only the matching private key can decrypt it.
  • If the private key encrypted information, only the matching public key can decrypt it.
  • Private keys are always kept private and never shared.
  • Public keys are freely shared by embedding them in a certificate.

RSA is a popular asymmetric algorithm. Many cryptographic protocols use RSA to secure data such as email and data transmitted over the Internet. RSA uses prime numbers to generate public and private keys.

Elliptic curve cryptography (ECC) is an encryption technology commonly used with small wireless devices.

Diffie-Hellman provides a method to privately share a symmetric key between two parties. Elliptic Curve Diffie-Hellman Ephemeral (ECDHE) is a version of Diffie-Hellman that uses ECC to re-create keys for each session.

Steganography is the practice of hiding data within a file. You can hide messages in the white space of a file without modifying its size. A more sophisticated method is by modifying bits within a file. Capturing and comparing hashes of files can discover steganography attempts.

Transport encryption methods protect the confidentiality of data sent over the network. IPsec, TLS, and SSL are three examples.

IPsec uses HMAC for authentication and integrity and AES or 3DES for encryption.

TLS is the replacement for SSL. Both require certificates issued from a CA.

Encryption is the most effective way to achieve data security. To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it.

Unencrypted data is called plain text ; encrypted data is referred to as cipher text.