Photo courtesy of unsplash.com
The Internet is a wonderful tool to access all kinds of information. Many use it to access some of their most sensitive information, from messaging and emailing to full control over their bank account. The Internet, however, consists of many interconnected computers, meaning it is possible for a computer besides the intended recipient to receive a message. This is why encryption is so important.
When sending an encrypted message, the transmitting computer combines the easily readable original message with a key that only it knows, turning it into a random-looking message. An unencrypted message is referred to as plaintext, while the encrypted message is referred to as a cipher. This cipher is then sent to the receiver, which can only decrypt the message back into plaintext if it knows which key is used.
In addition to being important for transferring data, encryption is important for saving local information so that only the intended user of the data can access it. This is how a website keeps its users’ passwords and other sensitive information secure. Unfortunately, not all websites do this. In a March 2019 article, MakeUseOf estimated that about 30 percent of websites store passwords in unencrypted plaintext.
Fighting for encryption has put many companies at odds with various global governments. In January of 2020, the FBI asked Apple to unlock a pair of encrypted phones belonging to a high-profile criminal, but, due to the nature of encryption, neither Apple nor the FBI could access the phone’s stored data without the user’s passcodes. Several of these governments have asked producers of encrypted devices, such as Apple, and encrypted messengers, such as WhatsApp, to add “backdoors” into the encrypted data. These backdoors would allow the producers to access encrypted data using a key only they would have access to. These governments cite that they require access to this encrypted data in order to learn more about criminals after their phones have been seized. However, companies are hesitant to comply, since adding a backdoor could be a worrying precedent for the security and privacy of their users. Adding a new way for legitimate parties to access encrypted information also adds a new potentially exploitable way for nefarious parties to access the data.
If some modern encryption is so strong that even the FBI can’t break it, why are accounts still hacked? A security system is only as strong as the weakest part of it, and while the encryption is extremely strong, the weak link is often users’ passwords. There are currently two types of attacks most likely to break passwords: brute force and dictionary.
A brute force attack tries to use every possible combination of characters to guess a user’s password. This is extremely fast for short passwords, but as the password lengthens, the time needed to test every combination grows longer as well. In February of 2019, tomsguide.com reported that a standard-length password of eight characters could be cracked by a brute force attack within a couple of hours and recommended that any new passwords be at least twelve characters long.
The other major type of attack is a dictionary attack, where a computer tries to use a dictionary of words or common passwords with slight variations to them. Passwords that include common words, even long words, are extremely susceptible to this kind of attack.
