Most people don't realize it, but we rely on network encryption almost every time we go online. For everything from banking and shopping to checking email, we like our Internet transactions to be well-protected, and encryption helps make that possible.
What is Network Encryption?
Encryption is a popular and effective method for safeguarding network data. The process of encryption hides data or the contents of a message in such a way that the original information can only be recovered through a corresponding decryption process.
Encryption and decryption are common techniques in cryptography - the scientific discipline behind secure communications.
Many different encryption and decryption processes (called algorithms) exist. Especially on the Internet, it's very difficult to keep the details of these algorithms truly secret.
Cryptographers understand this and design their algorithms so that they work even if the their implementation details are made public. Most encryption algorithms achieve this level of protection by using keys.
What is an Encryption Key?
In computer cryptography, a key is long sequence of bits used by encryption and decryption algorithms. For example, the following represents a hypothetical 40-bit key:
00001010 01101001 10011110 00011100 01010101
An encryption algorithm takes the original un-encrypted message, and a key like the above, and alters the original message mathematically based on the key's bits to create a new encrypted message. Conversely, a decryption algorithm takes an encrypted message and restores it to its original form using one or more keys.
Some cryptographic algorithms use a single key for both encryption and decryption. Such a key must be kept secret; otherwise, anyone who had knowledge of the key used to send a message could supply that key to the decryption algorithm to read that message.
Other algorithms use one key for encryption and a second, different key for decryption.
The encryption key can remain public in this case, as without knowledge of the decryption key messages cannot be read. Popular Internet security protocols use this so-called public key encryption.
Encryption on Home Networks
Wi-Fi home networks support several security protocols including WPA and WPA2. While these are not the strongest encryption algorithms in existence, they are sufficient to protect home networks from having their traffic snooped by outsiders.
Determine whether and what kind of encryption is active on a home network by checking the broadband router (or other network gateway) configuration.
Encryption on the Internet
Modern Web browsers use the Secure Sockets Layer (SSL) protocol for secured online transactions. SSL works by using a public key for encryption and a different private key for decryption. When you see a HTTPS prefix on the URL string in your browser, it indicates SSL encryption is happening behind the scenes.
The Role of Key Length and Network Security
Because both WPA/WPA2 and SSL encryption depend so heavily on keys, one common measure of the effectiveness of network encryption in terms of key length - number of bits in the key.
The early implementations of SSL in the Netscape and Internet Explorer Web browsers many years ago used a 40-bit SSL encryption standard. The initial implementation of WEP for home networks used 40-bit encryption keys also.
Unfortunately, 40-bit encryption became too easy to decipher or "crack" by guessing the correct decoding key. A common deciphering technique in cryptography called brute-force decryption uses computer processing to exhaustively calculate and try every possible key one by one. 2-bit encryption, for example, involves four possible key values to guess:
00, 01, 10, and 11
3-bit encryption involves eight possible values, 4-bit encryption 16 possible values, and so on. Mathematically speaking, 2n possible values exist for an n-bit key.
While 240 may seem like a very large number, it is not very difficult for modern computers to crack this many combinations in a short time period. The makers of security software recognized the need to increase the strength of encryption and moved to 128-bit and higher encryption levels many years ago.
Compared to 40-bit encryption, 128-bit encryption offers 88 additional bits of key length. This translates to 288 or a whopping
309,485,009,821,345,068,724,781,056
additional combinations required for a brute-force crack. Some processing overhead on devices occurs when having to encrypt and decrypt message traffic with these keys, but the benefits far outweigh the cost.