Encryption, you know? This practice, far from being recent, makes it possible to protect the content sent from a sender to his or her recipients, in order to make it impossible to decipher if ever a third party were to get their hands on it.
In the world of the web, it is used almost everywhere: data storage in the cloud, exchanges between a computer and a server, e-commerce, instant messaging, etc.
Encryption, obfuscation, hashing… let’s take stock!
The IT world is full of security-related terms. Encryption, encryption, hashing, obfuscation, etc. So many elements that it is easy to confuse!
Before talking about web encryption, it is important to know the distinction between all these cybersecurity terms:
- obfuscation is a practice that consists in making elements (typically computer code) unreadable, without encoding them;
- the hash is used in particular to secure passwords. It does not use a key for this (we will talk about keys again), but an encryption algorithm, which is only used for encoding;
- encryption , or encryption , allows the protection of data thanks to a key, used both to encode and decode this data .
What is encryption?
Once this clarification is made, it’s time to talk about what interests us here: web encryption !
As we said in the introduction, encryption is nothing new! This practice aimed at limiting the number of people (or machines) capable of reading information did not wait for the digital explosion to find a use. Traces of it can be found from antiquity.
Today, its use in the digital world is ubiquitous, and necessary.
Indeed, more and more data transits from a machine to a server, either to be simply stored there, or to be redirected there to another machine.
Whether stored files , sensitive data exchanged , or private messages , these elements would be easily readable if these processes did not exist.
Technically speaking, encrypted data is encrypted using one or more encryption keys, used to encode this data and then decode it only when necessary, again using a key.
The different web encryption algorithms
This type of encryption is said to be symmetric because the sender and the recipient both have the same encryption key .
For example, if you encrypt a series of characters using a key, your recipient, to decode your message, will need this same key (or a copy of it).
Logically, asymmetric encryption will be the opposite of symmetric encryption. Here the encoding key and decoding key will be different .
On the sender side, a public key (sent by the recipient) will be used to encrypt the data. On the recipient side, a private or secret key will be used to decrypt them.
If the public key is, as its name suggests, public, the private key must remain secret and must not be shared or stored elsewhere than on the recipient’s terminal.
In this case, the keys being different and the process a little more complex, the asymmetric encryption will be a little more resource-intensive than the symmetric .
The different types of web encryption
We have seen the two different encryption algorithms, but these are not the only variables that define the type of encryption used. We can also distinguish three types of encryption: in transit, end-to-end , or at rest .
Encryption in Transit
You all know about encryption in transit without realizing it. It is indeed this security protocol that is hidden behind the famous ‘ https ‘. This operation, now ubiquitous, makes it possible to protect exchanges between a client (browser) and a web server, and therefore to secure a website .
The principle of encryption in transit is as follows: the data is encrypted by the browser using a symmetric key. This key itself is encrypted, with a public key, first generated and returned by the server. The latter can then decode the information via his private key .
The key generated by the server, shared by both the server and the client, will be used to protect future exchanges.
In this way, the data transits in encrypted ways: this is in particular what protects the sensitive information sent during a payment (the bank card number, for example).
Perhaps you have already seen this information: “end-to-end encrypted data”, without understanding what it meant? End -to-end (or end-to-end) is an encryption technique that allows information to be stored on a server, without the latter being able to decrypt it .
Only the client(s) have the (secret) key allowing access to this data. This makes it possible, in principle, to prevent the service provider from having access to the stored information.
This type of encryption is used in particular by password managers , but also by instant messengers, such as WhatsApp .
Encryption at rest
The last web encryption technique we are going to talk about is encryption at rest .
Here, the operation is simple: the data is sent from the client to the server in clear (unencrypted), and it is the server that takes care of this encryption.
It is therefore he who locks the data, thanks to a secret key, which he also keeps. This key will never be in the possession of the customer. On the server side, it is also kept separate from the physical space that stores encrypted data. This has the advantage of making the data unreadable in the event of theft of the discs .
On the other hand, the service provider can technically decode the information at any time, even if the internal security policies limit this risk.
This type of encryption is the one favored by cloud storage services.
The importance of web encryption
Through these examples, we were able to see the interest of encryption on the web: the protection of data, to prevent them from being read, in the event of interception, theft or hacking.
On a daily basis, you use encryption without even knowing it ; let’s see some of these uses.
As we have said, if you use WhatsApp or Signal type messaging , end-to-end encryption is applied: the storage server cannot theoretically access your data.
Telegram, on the other hand, applies encryption at rest by default, which theoretically makes it less secure than WhatsApp. But this theory does not completely work in practice; there are other factors to consider when talking about messaging.
When you send an e-mail, via Gmail for example, encryption in transit is generally applied: the data is sent encrypted.
And when you store items on Dropbox or Google Drive , encryption at rest is used; the cloud provider encrypts the data and keeps the secret key.
The various service providers therefore use different encryption techniques depending on the service offered. Not only for convenience and security reasons , but also according to the internal data protection policy.
If you are involved in the protection of your personal data, this last parameter should guide you in the choice of services to use.