Sign in with
Sign up | Sign in

Types of Encryption

Why Drive-Based Encryption Is Safest and Best
By
Brought to you by What's this

Back in 1976, the United States government standardized on the Data Encryption Standard (DES) as the main means for protecting data. As with all cryptographic methods, DES uses a key (with a length of 56 bits, in this case) in coordination with a cipher algorithm to convert plaintext (regular, intelligible data) into ciphertext (scrambled nonsense). With the key, ciphertext can be converted back into plaintext.

Back in the early 1970s, when DES was developed, a 56-bit key seemed far beyond robust—and it was. Not until the late ‘90s could specialists crack DES, and by 1999 the feat was accomplished in 22 hours by a $250,000 cracking machine in conjunction with distributed.net. Three years later, the the National Institute of Standards and Technology (NIST) adopted the Advanced Encryption Standard (AES), a far more complex specification with key sizes in 128, 192, or 256 bit lengths. This is the technology that now protects America’s most top secret digital files.

The NIST has total reliance in all three key lengths, stating publicly that they will remain fully adequate through 2031. Seagate crunched its own numbers and came up with an alternative illustration for 128-bit AES: Assume that Earth has seven billion people. Each of those people has 10 computers. Each of those computers can test one billion key combinations per second. Further assume that all of those computers will find the correct key after only 50% of the total possible keys has been tested. That correct key would be discovered in 77,000,000,000,000,000,000,000,000 years. Mind you, that’s to find the 128-bit key. A 256-bit key would take much, much longer. Suffice it to say that a crack of AES within anything close to the near future remains computationally infeasible.[1]

At the simplest level, there are two ways to implement encryption: via software or hardware. Software-based encryption is now essentially universal. A feature called BitLocker ships in the Enterprise and Ultimate versions of Windows Vista and Windows 7, offering simple and convenient AES-128 encryption for any files in the system. A far more flexible and powerful solution for Windows, Mac, and Linux is the free, open source program TrueCrypt.

There are two main problems with software-based encryption, though. First, because the encryption is being done as part of an application process, the raw computation must be done by the CPU, and encryption computation (particularly 192- and 256-bit) can be extremely taxing. Programs such as TrueCrypt are designed to leverage the AES-NI enhancements made in many late model Intel processors, and AES-NI will generally yield a 4x to 8x performance improvement. Without this, however, software encryption can seriously impair a system’s work capacity.

Second, when keys are managed through resident software, they are kept higher up in the data stack and are thus more accessible to skilled hackers. Invaders don’t try to break the encryption; they merely go after the keys buried on the system.