As a Web Developer with 2+ solid years experience, I haven’t been exposed a lot to online cryptography in my career. Unfortunately, only just a bit here and there. A fog of mystery has always surrounded this subject and I assume for others too.
This is why I did some research into it and wrote this “simple” article. I put emphasis on the simple because this subject is a big one and I don’t have time to write a PHD thesis. There are people dedicating years of study and research to cryptography. This article is a what, where and why this sophisticated technology is important.
What is cryptography ?
Cryptography is basically the process of making information secret so only authorized people can see it.
First, we would take the information through an “encryption process”(popular synonym for cryptography) to turn it into ciphertext. Ciphertext is unreadable text made to make it secure so no unauthorized party can read it.
Second, the information is delivered to the person who has the key or permission to decrypt the ciphertext to readable information again. Pretty simple eh? Not quite. There are many ways information can travel through the internet, meaning there are many techniques to encrypt information.
Where does cryptography apply?
Communications between the client (you) and a web server without encryption, may be dangerous if you are sharing sensitive data like your SIN number, banking information or messages of your affair on Facebook. Many government, banking, and yes Facebook websites, use something called SSH encryption.
You might have seen that your URL say HTTPS sometimes. That’s when your browser has ‘handshaked’ with the server and agreed to share webpages in an encrypted manner. This will alleviate attacks like ‘man-in-the-middle’, eavesdropping (your affair) and tampering. Fun fact: As of 2014, 32.8% of the internets 151,509 most popular websites have HTTPS running.
The motive behind encrypting databases is to combat data breaches, data integrity and keep the database administrator from snooping around everyones medical records. A popular function in the almighty MySQL community is the AES (Advanced Encryption Standard) encryption algorithm. Again, there are many types of techniques to protect data in a database and vary with the law of the country, state or province.
Transactions of debit and credit cards must follow Payment Card Industry (PCI) Data Security Standards (DSS) guidelines for what merchants need to do to secure the sensitive data used in payment transactions.Some technologies that PCI suggest to use are Point-2-Point Encryption(P2PE) and Tokenization, to resolve data breach vulnerabilities in the payment process.
P2PE is a combination of secure devices, applications and processes that encrypt data from the point of interaction (at the point of swipe or dip) until the data reaches the solution provider’s secure decryption environment.
Tokenization is the procedure of replacing sensitive data with unique identification symbols that have preserved all the necessary information about the data without undermining its security. Please go see this awesome website explaining Tokenization : http://perspecsys.com/what-is-tokenization/
Why use cryptography on information?
Well, this one is pretty obvious. To keep sensitive data out of the reach of bad people to prevent identity theft and such. But a reason that was overlooked by the population before and became very popular these days is “Privacy”.
This is due to controversies with famous people having their photos leaked and the whistleblower Edward Snowden saying the NSA has a massive database of everyones input on the internet. I’m going to leave you with a very interesting TED talk about why privacy matters, and how it affects the human psyche to have our privacy revoked on the internet. http://www.ted.com/talks/glenn_greenwald_why_privacy_matters