What Is Encryption, And How Does It Keep Your Data Safe?

A diagram showing how encryption works in a nutshell.

Whenever you visit a website, like the one you're on right now, you might notice "https" in the address line. That little "s" in “https” stands for secure, and it’s an indication that encryption is being used to protect your online data. The way encryption works is that it translates information into a code that only certain people or systems with access can read, thus protecting it from being used by the wrong people. Encryption is used in things like passwords, messages, and credit card numbers, and it helps keep them confidential in a world where so much is online.

Encryption starts with unencrypted data, like a message you typed out or a file you're about to save. This data can be understood by whoever looks at it. To protect it, encryption uses a set of rules, in the form of an algorithm, to scramble up that data into something that cannot be read (this unreadable data is known as ciphertext). The algorithm is run with a specific key, which is like a secret code that is used to lock or unlock the data. Without the key, the ciphertext looks like jumbled letters and numbers and serves no purpose for anyone who lacks the authority to see the original data. If the information needs to be read again, the key reverses the process by transforming the ciphertext back into plain information using decryption. This configuration ensures that only those with the correct key are able to access the information.

Security through encryption is achieved because the algorithm and the key are hard to break. Algorithms are designed in a way such that they can’t be cracked, even if you have something like a supercomputer. A common algorithm, AES, utilizes keys that are large strings of bits, such as 128 or 256 bits. The bigger the key (more bits), the harder it’ll make it for any person to figure it out. If someone tried to crack a 256-bit key by testing every combination, it would take billions of years even with the world's fastest computers today. Encryption is thus a secure way to protect sensitive data from being accessed by unauthorized users.

Encryption protects data partly by locking up communication between devices. When you send emails or shop online, your data passes through dozens of networks and servers before it gets to its destination. Without encryption, someone could intercept it and have an idea of what you're sending or looking at. Encryption prevents this by securing the data as it is being transmitted from your device. For example, when you visit a website with "https," a process called TLS, or Transport Layer Security, encrypts the connection between the website's server and your computer. This creates a secure tunnel through which information travels. Even if the information is intercepted, it cannot be read without the key, which only the recipient of the information will have. All of this might seem complicated, but this is all done automatically, so you won't have to do anything about it when you surf or shop.

Encryption also protects data on devices like phones, laptops, or hard drives. For example, someone might be able to access your photos, messages, or bank information if they steal your phone and it isn't encrypted. Fortunately, most phones today encrypt the data stored on the phone. For example, when you lock your phone with a password, the phone encrypts its storage so that only your password can unlock it. If someone steals your phone and attempts to bypass the lock screen, the data will be scrambled and unreadable without the password. This adds an additional level of security, so your personal information is safeguarded from physical theft or unauthorized use.

A more important aspect of encryption is how it verifies identity. When you log in to a site, encryption verifies you're logging in to the true site and not a fake created by fraudsters. This is done through digital certificates, which are created by a certificate authority for sites to ensure that they are legitimate. When you access a site with your browser, it checks the certificate with encryption to confirm the site's identity. If the certificate is authentic, your connection continues securely. If there is a problem, your browser warns you not to access the site. This keeps attackers from tricking you into providing passwords or other confidential data on fake sites.

Keys are the heart of encryption, and there are two major types of encryption: symmetric and asymmetric. Symmetric encryption uses the same key to lock and unlock data. It's fast and good for encrypting a file on a hard disk or securing a phone call. Issues may come when distributing this type of key securely because if someone gets their hands on it, they can read the information. Asymmetric encryption, on the other hand, solves that problem by using two keys, a public key and a private key. It uses the public key to encrypt the data, and anyone can have it. The private key is used for decryption, and only the recipient has it. This type of encryption is slower but safer when sending more confidential stuff or authenticating individuals. Most systems blend the two and try to come up with a midpoint between speed and safety.

Key management is essential to making encryption useful. If a key is lost, the encrypted data can likely never be accessed again, while if a key is stolen, the data won’t be secure. To address this, systems implement cautious practices to store and distribute keys. Secure servers known as key management systems store keys in safeguarded environments. When keys need to be distributed, they're typically encrypted by themselves when traveling. Other systems also periodically switch keys; they generate new ones after some time to prevent people from using a stolen key for long periods of time.

Encryption, despite its benefits, has its vulnerabilities. For one, finding the right balance between security and usability is difficult. While good encryption is great at protecting against data theft, it can slow down systems or make it harder to recover information if keys are lost. Another issue is keeping up with new technology. As computers get faster, older encryption methods may become easier to break. There is also the question of lawful access: governments sometimes want the authority to decrypt information for investigation, but providing that authority could undermine security for everyone.