encryption

The use of encryption/decryption is as old as theart of communication. In wartime, a cipher, often incorrectlycalled a "code," can be employed to keep the enemy fromobtaining the contents of transmissions. (Technically, a codeis a means of representing a signal without the intent of keepingit secret; examples are Morse code and ASCII.) Simple ciphersinclude the substitution of letters for numbers, the rotation ofletters in the alphabet, and the "scrambling" of voicesignals by inverting the sideband frequencies. More complexciphers work according to sophisticated computer algorithms thatrearrange the data bits in digital signals.

In order to easily recover the contents of anencrypted signal, the correct decryption key isrequired. The key is an algorithm that "undoes" thework of the encryption algorithm. Alternatively, a computer canbe used in an attempt to "break" the cipher. The morecomplex the encryption algorithm, the more difficult it becomesto eavesdrop on the communications without access to the key.

Encryption/decryption is especially important in wirelesscommunications. This is because wireless circuits are easier to"tap" than their hard-wired counterparts. Nevertheless,encryption/decryption is a good idea when carrying out any kindof sensitive transaction, such as a credit-card purchase online,or the discussion of a company secret between differentdepartments in the organization. The stronger the cipher -- thatis, the harder it is for unauthorized people to break it -- thebetter, in general. However, as the strength ofencryption/decryption increases, so does the cost.

In recent years, a controversy has arisen overso-called strong encryption. This refers to ciphers thatare essentially unbreakable without the decryption keys. Whilemost companies and their customers view it as a means of keepingsecrets and minimizing fraud, some governments view strongencryption as a potential vehicle by which terrorists might evadeauthorities. These governments, including that of the UnitedStates, want to set up a key-escrow arrangement. Thismeans everyone who uses a cipher would be required to provide thegovernment with a copy of the key. Decryption keys would bestored in a supposedly secure place, used only by authorities,and used only if backed up by a court order. Opponents of thisscheme argue that criminals could hack into the key-escrowdatabase and illegally obtain, steal, or alter the keys.Supporters claim that while this is a possibility, implementingthe key escrow scheme would be better than doing nothing toprevent criminals from freely using encryption/decryption.

Getting started with encryption

To explore how encryption is used in the enterprise, here are some additional resources:

Data encryption and classification in practical cryptography: There are many factors to consider when it comes to data encryption and classification in practical cryptography. In this security school lesson, administrators can learn the importance of each and get tips on how to properly tackle both processes.

Understanding all aspects of corporate database encryption: Encrypting a corporate database can be daunting. Get information and advice on database encryption before attempting the task, including encryption for media protection and for separation of duties.

Windows BitLocker: Enabling disk encryption for data protection: Windows Bitlocker disk encryption technology can be an essential tool for organizational data protection. Get information about what the technology can and can't do and how it can help you to avoid a data breach.

Preventing encryption bad practices: When is comes to encryption, it seems like IT administrators are constantly repeating bad practices. Learn how to avoid and prevent some of the biggest encryption mistakes, such as using WEP encryption, failing to encrypt laptops and ignoring patches and updates.

Read more about encryption: - SearchSecurity.com provides more information about encryption. - The Electronic Frontier Foundation has more about encryption/decryption, along with the latest legal updates concerning the key-escrow issue.

Do you have something to add to this definition? Let us know. Send your comments to techterms@whatis.com

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Should UTM and Web security filtering software be used together? Michael Cobb explains what is best for your business: either standalone security appliances or unified threat management devices. McAfee adds NAC module, appliance for unified policy enforcement McAfee addresses its NAC gaps while customers seek ways to meld network and endpoint security technologies. IBM announcements mark two years of ISS marriage The ISS unit has produced a number of updates, including unified threat management for small businesses and a virtual appliance for its network...

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Data Encryption Standard  (SearchSecurity.com) denial of service  (SearchSoftwareQuality.com) A denial of service (DoS) attack is an incident in which a user or organization is deprived of the services of a resource they would normally expect...