http://www.wsj.com/articles/encryption-uncoded-a-consumers-guide-1429499476?tesla=y
What Exactly Is Encryption?
Encryption turns messages into a string of unreadable characters. Photo: Getty
Images
By
Elizabeth Dwoskin
April 19, 2015 11:11 p.m. ET
In times like these, it’s easy to be paranoid.
Concerned by reports of hacking, data breaches and government spying, companies
and consumers are looking for better ways to protect their data. Many are
turning to encryption, a method of encoding messages that goes back millennia.
Encryption is commonly used to secure online banking sessions and to protect
credit-card data. But for the average computer user, it remains a mystery.
Here’s a brief guide to help readers unlock its secrets.
How does encryption work?
If you saw the recent movie “The Imitation Game,” you’ve seen a rudimentary, by
modern standards, form of encryption. During World War II, the Germans used a
machine to turn military messages into coded strings of symbols. These days,
computers running complex mathematical formulas can do the same thing much
faster, and the codes are much harder to crack.
What’s it used for?
If you’ve ever done banking online, you may have noticed a “lock” icon in the
address bar, or that the bar turned green. That means the browser session is
encrypted by your bank.
Consumers can download a growing crop of encryption tools for texting, browsing
sessions and video and phone calls. Users usually must download an app or
install software that scrambles messages as they are sent. (The recipient needs
to be using the same app or software to unscramble the message.)
Apple has started encrypting personal data on its latest mobile operating
system, iOS 8. This means an outsider who hacks into a device or into Apple’s
servers would see a string of unreadable characters instead of actual messages
or FaceTime videos.
Can I encrypt email messages?
Yes, but it’s tricky. Sender and receiver must use the same type of encryption.
If you have encryption switched on, but the friend you’re emailing doesn’t have
it, he or she won’t be able to read your message.
Since the revelations of former National Security Agency contractor Edward
Snowden about electronic eavesdropping by the NSA, big tech companies have made
moves to add encryption. Yahoo Inc. and Google Inc. both have announced plans
to begin encrypting emails of users of their services, but the projects are
moving slowly.
Can encryption really protect me from getting hacked?
ENLARGE
Maybe. If a hacker obtains the encryption keys, or the formula that unlocks the
code, all that encrypting was for naught. And that happens all the time in
corporate data breaches, says Avivah Litan, a vice president and senior analyst
focusing on security issues at market-research firm Gartner Inc. For example,
as part of the 2007 breach at TJX Cos., hackers stole a TJX point-of-sale
card-reader system and brought it home. The hackers were able to break the code
used to encrypt card transactions and stole data from tens of millions of
customer accounts.
How can I get started?
In addition to Apple’s built-in encryption in its new mobile devices, Android
users can download WhatsApp, which encrypts text messages. WhatsApp, a company
owned by Facebook Inc., says it is working on offering encryption for all
communication sent between WhatsApp users, including images, audio and text.
A number of vendors—including Voltage Security Inc., Protegrity and RSA
Security, a unit of EMC Corp. —offer encryption of corporate data, including
email and credit-card records. Silent Circle’s Blackphone is a phone for
corporate users that can send encrypted voice calls, text, emails and other
data—if both parties are using a Blackphone.
Why isn’t everything encrypted?
There are plenty of reasons. Encryption is time-consuming and difficult to
implement. It’s hard to properly manage who has access to encryption keys, and
it slows system performance.
Ms. Dwoskin is a reporter in the San Francisco bureau of The Wall Street
Journal.
