In this video from ITFreeTraining I will look
at the two basic types of encryption that
are used in computing. I will also look at
how these two types of encryption can be used
together in order to improve performance and
security. These fundamentals will help you
deploy encryption later on and improve your
understanding of how certificates work.
In today's environment, encryption is an
important part of computing. In order to keep
your files secure and have secure communication
you need to use encryption. Encryption is
the process of taking data and encoding it
into a form that cannot be read by unauthorized
people. There are two types of encryption
schemes that are used. These are symmetric
key and public key encryption. First of all
I will start with Symmetric key as this is
the easiest to understand.
Symmetric key encryption uses the same key
to encrypt data as to decrypt data. This generally
makes it faster than public key encryption.
The problem with this method of encryption
is in order for data to be decrypted, the
key must be available. This causes two problems.
The first problem is the key needs to stored
securely. If an attacker were to gain access
to this key they could decrypt any data that
key was used to encrypt. It is common for
Symmetric keys to be stored in a safe place
and only accessed when required.
The next problem is if another party needs
to decrypt the information. In order for this
to occur, a secure channel needs to be used
to transfer the key. For example, a common
practice is for the key to be transferred
using the telephone.
Public key encryption uses two keys, a public
and private key. To illustrate, imagine that
two people want to communicate with each other.
In between them is a 3th party that is trying
to eavesdrop on their conversation.
With traditional encryption that uses the
same key, the problem is getting the key to
the second party without the 3rd party obtaining
the key. With public key encryption, the public
key is required to encrypt traffic however
it does not need to be secured. If a 3rd party
was to obtain the public key, they would not
be able to decrypt any data that was encrypted
using it.
In order to decrypt the data you require a
private key. The private key does need to
be stored Securely, but the advantage is the encryption
can occur without the private key. This means
the private key never needs to be transferred
and thus there is no chance that it can be
intercepted by a 3rd party.
You may wonder exactly how a system like this
can work, the mathematics behind it are complex
and beyond the scope of this video but I will
give you summary of how it works. When data
is encrypted using the public key it is done
in a way where there is a large number of
possible solutions available. In order to
decrypt the data, you would need to test every
single solution until you find the right one.
Although possible, depending on how big the
key is that is being used, the process could
take 100 years. If you have the private key,
the private key adds enough information to
the puzzle so that there is only one solution.
It is kind of like having a prize behind a
series of numbered doors. If you know which
door the prize is behind, it is easy to find
the prize. Without this information, you are
force to try every door or choose one at random.
Public Key Encryption is generally slower
when compared with Symmetric key encryption
and thus even though it has advantages over
Symmetric key, you will find, for reasons
of performance Symmetric key will be used
instead of Public Key Encryption. Like a lot
of things in computing, it comes down to a
tradeoff between performance and security.
In order to get a good mix of performance
and security it is possible to combine Public
Key Encryption with Symmetric key encryption.
In some cases, Public Key Encryption is used
to exchange keys and Symmetric key used to
encrypt the data. The principal is that a
strong algorithm with a large key should be
used to encrypt the key. Public Key encryption
is very useful to perform key exchanges securely.
Once the key exchange is performed, another
encryption algorithm can be used that is faster
and uses a smaller key. This could be another
Public Key Encryption algorithm or a symmetric
key algorithm.
The next use of Public Key encryption with
symmetric keys is to protect the symmetric
key. Encryption, like Windows file Encryption,
uses a symmetric key that is stored in the
file. To protect the symmetric key, it is
encrypted using a public key. This gives you
a fast algorithm for encrypting files and
keeps the key safe. Encryption systems like
BitLocker use simpler methods. This is why
when you reformat a computer or delete a user
you may lose access to encrypted files. The
new OS or user does not have the private keys
that were associated with the user or OS
that are required to access the symmetric
key.
For these reasons, symmetric key encryption
is often used when performance is required.
Public Key Encryption is used when you do
not want to have decryption occur without
the private key. You will find that some systems
combine the two to give multiple users access.
For example, Windows File Encryption uses
a combination of both encryption types so
that multiple users, including recovery users,
can access the symmetric key. When multiple
users require access, the symmetric key is
simply encrypted multiple times with each
of the public keys required.
It should be pointed out that either method
can meet the needs of data encryption and
communication, but combining the two does
often give a good tradeoff between performance
and security.
Thanks for watching this video from ITFreeTraining.
For the latest videos please feel free to
subscribe. Thanks and see you next time.
