Encryption is the process of securing information and translating it into unreadable data. Encryption is a two-way process, which means anything that is encrypted can be decrypted too. It is often used to secure users’ passwords or to secure sensitive data over transmission.
Websites have to save your passwords somewhere, usually within a database, so that when you sign in they can verify that the password you have supplied matches the password they have stored. Encryption can be used to save your password in an unreadable format so that anyone who accesses the database cannot understand or know your password.
Imagine taking a simple word and changing each letter for the next letter in the alphabet, so ‘a’ becomes ‘b’, ‘b’ becomes ‘c’, etc. Using this system the word ‘password’ would become ‘qbttxpse’. This is a very simple type of encryption as it can be reversed but when some plaintext (the original word) is encypted it is no longer presented in a readable format. This process is called a Caesar Cipher and the encryption algorithms used on websites to secure passwords are usually a lot stronger (harder to decrypt).
Encryption can be used for a lot of things, not just passwords, such as securing emails, instant messages or data during transmission. This means when you send an email or an instant message it will be encrypted, then sent across the internet to the intended receiver and decrypted at the other end.
Unfortunately, encryption isn’t the most secure process and is susceptible to various attacks and vulnerabilities. Due to encryption being reverisble it is possible for an attacker to access the encrypted message and be able to decrypt it if they know the algorithm used. This process is called reverse engineering, as they reverse the encryption algorithm used to access the plain text. Another approach used by attackers is called a rainbow table where the attacker has a list of plain text values and their encrypted counterparts. This is why it is advised to use an uncommon password. Another approach is just to brute force the decryption, try every possible password value to find the desired result. This is why it is advised to use a combination of lower case, upper case, special character, etc when creating a password as it will exponentially increase the time needed for a brute force attack.
There are different types of encryption that try to overcome these vulnerabilities, such as symmetric and asymmetric encryption that rely on the use of secret keys to encrypt the information. This means the encryption is only reversible is the attacker has access to the secret key(s). Imagine you use a Caesar Cipher but you only tell the receiver how many steps each letter takes, instead of ‘a’ going to ‘b’ (one step) you could take 3, 4, 17 steps. This means the attacker would have to know how many steps you used to decrypt the data.