If a computer is shared by several people, encryption can make your data unreadable by other users. The same also applies to anybody who gains unauthorised access to your computer. As long as the data stored on mobile devices such as laptops or USB storage media (for example) is encrypted, then it cannot be misused by third parties if the device is stolen or goes missing.

[VIDEO]

If you want to encrypt your communications - like your email - rather than data stored on some sort of drive, then take a look at the "Encrypted communication" section.

How does encryption work?

Any encryption method consists of two elements: a key and a cipher - the encryption "rules". The encrypted message is created by applying this first set of rules along with the key to the information to be encrypted. Another set of rules is applied in order to decrypt the encrypted information with the key.

In general, the idea is to achieve at least the following goals:

1. Encrypting and decrypting messages must be a straightforward procedure (for a computer programmed appropriately) when the key is known
2. Without knowledge of the key, decrypting messages should be effectively impossible, even if an attacker has significant resources at their disposal and also knows which cipher was used

Monoalphabetic substitution: a simple encryption technique

A simple example of an encryption technique is a procedure whereby the letters in the text to be encrypted are replaced with other letters from a substitution table. In this scenario, the substitution table constitutes the key and the cipher consists of the instruction to apply this substitution table to each letter in the text to be encrypted (the "plain text") in order to obtain the encrypted text (the "cipher text").

While the number of potential keys is very large (in the case of an alphabet consisting of numbers and capital letters, roughly of the same order of magnitude as found in modern alphanumeric keys), closer inspection nonetheless reveals serious weaknesses in this encryption technique. One simple attack is simply to count the frequencies of the individual letters in the cipher text. By comparing the frequencies found for letters in the cipher text with the frequencies found in longer pieces of comparable plain text (assuming that a sufficiently long piece of text is available encrypted with the fixed key), a large part of the substitution table can be reconstructed directly.

In this example, only the first of the two basic goals for an encryption technique have therefore been achieved, namely: simple encryption and decryption with knowledge of the key.

Modern ciphers

In the case of modern encryption techniques, we assume that they offer a high level of security even against attempts by attackers with extensive resources at their disposal. One example of such a technique is the Advanced Encryption Standard (AES).

This technique is utilised as a core component in many widely used cryptographic solutions. AES was developed as part of a public process, and was investigated for potential cryptographic vulnerabilities by a large number of experts both before and after its standardisation. As of this writing, research on AES has revealed significant cryptographic issues only in considerably compromised versions of the standard.

While AES is an important technique for data encryption in its own right, when used as part of other systems it constitutes just one component that is supplemented by other encryption techniques, which also offer a high level of security.

It's all about trust

Trust is an important factor when selecting an encryption technique or a piece of encryption software. A number of techniques are suspected of having incorporated potential backdoors. As a result, it could be possible for developers of an encryption technique to utilise a kind of "universal key" that could be applied in order to decrypt any information encrypted with the cipher. The modern "gold standard" of trust therefore involves techniques and software whose principles and code are publicly known.

Passwords: the weakest link

In many encryption solutions, the encrypted data is effectively protected by a single password: anyone who knows the password can gain access to the cryptographic key without any further difficulties. Using secure passwords is therefore crucially important. But even secure passwords can be sniffed out - by malware that records the keystrokes entered on a keyboard, for example. Malware is therefore always a risk to effective encryption! Accordingly, generally recommended countermeasures such as virus scanners and firewalls, as well as ensuring regular updates to the operating system, are therefore also important for systems with encrypted data.

At the same time, keys and passwords must also be stored securely. Just as with a physical keyring, the media on which they are stored must be protected effectively from thieves. Redundancy is also recommended here: one copy of the key should be stored on one storage medium, while another copy should ideally be stored somewhere else, under (physical) lock and key.S This ensures that even if one copy of the key or password is lost (as a result of a faulty USB memory stick, for example), then the other copy is still available.