DeMISTIfying Infosec: Encryption

December 1, 2015
By Katherine Teitler

In the modern era, what most security professionals refer to when discussing encryption starts with B. Whitfield Diffie and Martin Hellman. Prior to the publication of their book, "New Directions in Cryptography" and the Diffie-Hellman key exchange in 1976, most cryptography was used by military or government entities. Diffie and Hellman's advancements brought encryption to the commercial and consumer realm.

Today's encryption is generally divided into two categories:

• Symmetric Key Encryption
• Public Key Encryption

Time's running out - register for InfoSec World 2016 Conference & Expo by 1/22/16 and save $200!

In Symmetric key encryption, the same key is used to turn plaintext into ciphertext and back again so the recipient can decrypt and read the message. The most common form of symmetric key encryption today is, AES, the Advanced Encryption Standard, which uses 128-, 192-, or 256-bit keys, making AES technically challenging to crack, or decrypt without the approved key. Symmetric key encryption is faster than asymmetric, but it requires the sender to exchange the key before it can be used to decrypt the message, and this can create a security issue.

Public key encryption, created by RSA shortly after the Diffie and Hellman's invention, uses two keys in the key exchange, the encryption key is public and available for use by anyone encrypting messages. The difference between public and symmetric key encryption is that in public key encryption, only the recipient has the key to decrypt. The two keys are separate – one public, one private – but are mathematically linked and based on prime numbers of long length. Despite this, asymmetric key encryption is a less secure method than symmetric key encryption.

Encryption in either form is used to secure data at rest – data stored – or data in motion – data being transmitted electronically from one system to another.

prestitial ad