Encrypting Data - 1.4
Summary
Encrypting data involves protecting data-at-rest and data-in-transit using techniques like symmetric and asymmetric encryption, with specific algorithms such as AES, while also employing password hardening methods to ensure robust data security.
Notes:
Encrypting Stored Data (Data-at-Rest)
Encrypting data-at-rest involves transforming data stored on physical media (e.g., hard drives, volumes, files) into an unreadable format to prevent unauthorized access when it is not actively used or transmitted.
Encrypting Data Transfer (Data-in-Transit)
Encrypting data in transit ensures the confidentiality and integrity of data while it is being transferred between devices or over networks. Technologies such as VPNs create a secure tunnel for data transfer, while HTTPS, SSL/TLS, IPSec, and SSH are commonly used to encrypt communication.
Encryption Algorithms
Encryption algorithms are mathematical formulas used to convert plaintext data into an unreadable format to protect it from unauthorized access. The two main types of encryption are symmetric (using one key for both encryption and decryption) and asymmetric (using a public and private key pair).
It is crucial for all parties to agree on the encryption algorithm being used, as different methods are not compatible. For example, DES cannot decrypt data encrypted with AES.
Protecting the private key is extremely important for maintaining security.
Block Cipher
A block cipher is a symmetric encryption technique where plaintext is divided into equal-sized blocks (e.g., 128-bit blocks), potentially requiring padding to fit the designated size. The blocks are then subjected to a series of operations based on a secret key. Block ciphers use different modes of operation (such as ECB, CBC, and GCM) to provide security for larger datasets.
AES (Advanced Encryption Standard)
AES (Advanced Encryption Standard) is a highly secure block cipher widely used across government and private sectors for its efficiency and strength. It supports key lengths of 128, 192, or 256 bits, making it versatile for different security needs.
Password Strengthening / Hardening
Password strengthening or hardening involves using longer passwords, hashing them multiple times, and adding unique random values called salts before hashing. These measures make passwords harder to break, even with modern computing power, by reducing vulnerabilities to dictionary or brute-force attacks.