Employees pose the greatest security risk. Do you know why? Learn more about this in our meet the team-series, with today’s blog covering Stressed...
Encryption for dummies (and pizza lovers!)
Let's take a moment to appreciate the miracle that is ordering pizza online: a pizza is only a few clicks away!
It's amazing we live in a world where we can use our fingers to summon food. But have you ever wondered what happens to your order before it arrives at your doorstep? How many people know what pizza toppings you like, or where you live? And who can touch your food before you get to?
Similar questions pop up every time you send and receive an email. Fortunately for us, we do have the ability to encrypt our emails. So what is email encryption exactly?
The word encryption is a staple in the cybersecurity narrative. To most people, encryption is yet another IT enigma too complicated for the average computer user to be bothered with.
That's a shame, because email encryption plays a big part in protecting your data! That's why we are more than happy to bring you up to speed on everything you need to know about encryption. All in the time it takes to order a pizza.
So what is encryption?
When you encrypt an email, you encode it, giving you two versions: the original message (called 'plaintext') and its encoded, unreadable counterpart (called 'ciphertext'). As an example, here's a very simple encryption of your food order:
- Plaintext: Hawaiian pizza
- Ciphertext: 🍕🍍
Of course actual email encryption is way more complex, but the premise is the same: it takes an understandable message and makes it unreadable. Unless of course you have the right encryption key, more on that later.
Who gets to see what?
Now that we know that your content can be encrypted and decrypted with an encryption key, the question is: can we be sure only the right person gets to decrypt your message?
The short answer: it depends.
An encrypted message in and of itself is unreadable. To translate ciphertext back to plaintext, you need the encryption key. In a perfect world, only you and your intended recipient have access to this key.
Want to read more about encryption? You can find everything you need to know about encryption here.
The not-so-perfect encryption: encryption-in-transit and encryption-at-rest
The word encryption can give you a sense of security. Unfortunately, that's not always the case: Not every type of encryption is made equally secure or trustworthy.
Let's have a look at encryption-in-transit. As the name implies, it will protect your data as it travels from, for example, your laptop to the cloud. As soon as your message has arrived at its destination, that data is no longer encrypted.
In terms of your Hawaiian pizza, it prevents anyone from meddling with your food as it makes its way to your house. It does not protect your pizza from anything that might happen to it before or after.
That's why encryption-in-transit is often combined with encryption-at-rest, which encrypts your data whenever it's stored.
On the surface it might seem encryption-in-transit and encryption-at-rest together do a good job protecting your data.
Unfortunately it has a major downside: the encryption key - the one thing you don't want falling into the wrong hands - is stored in the cloud. If a hacker attacks the cloud, that means game over. Your encryption keys, and your data, are now out in the open.
Encryption-in-transit and encryption-at-rest therefore are great if you want to feel safe, but not so great if you want to be safe.
So, don't store your encryption key in the cloud, got it. That makes end-to-end encryption a step in the right direction: By using end-to-end encryption, only you and your recipients get access to the keys and its protected along the way.
Pizzawise, imagine the pizza place sealing the pizza box with a combination lock and giving you the code once your pizza's been delivered.
No one, not the delivery driver nor anyone eyeing your pizza on its way to your house, has access to your dinner. No one but you.
This leads many to embrace end-to-end encryption as the gold standard of secure communication. After all, what could happen to your pizza if it's protected at the pizza place, on its way to your house, all the way to your doorstep?
Well, imagine if someone could hack your doorstep. It sounds funny, but that is exactly what could hypothetically happen when using end-to-end encryption.
Zero knowledge end-to-end encryption
The unnerving reality is that cybercriminals will exploit every possible loophole in getting your data. End-to-end encryption, while elegant, has one glaring flaw in its design: it's based on trust.
When someone delivers pizza to your house, how do they know you're not an impostor? Likewise, how do you know for sure the person knocking is bringing pizza?
Cybercriminals abuse our trust when given the chance, so we need a solution that can't be fooled: math.
When you send a message using zero knowledge end-to-end encryption, you and the recipient engage in an exercise where one person has to prove they have the encryption key, over and over and over again. The setup is such that the sender watches from a safe distance as the recipient cracks the code again and again, until it's statistically impossible for the recipient to be an impostor.
If that last part had you scratching your head, here's what it would look like with your pizza order:
When you order from the "Zero knowledge end-to-end encryption pizza place", your dinner will be locked up every step of the way. However, when the delivery driver arrives, they want to be absolutely sure it's you.
You tell the driver you have the key for your pizza, but you don't want to share it with them, because you too want to be absolutely sure the driver is who they say they are.
What happens next is the driver lets you use your key to open a lock, but without hearing or seeing the combination themselves.
This way you're repeatedly demonstrating you have the right key, without actually showing it.
The driver now knows beyond any doubt you're you and proceeds to give your pizza, which you then unlock.
Want to know more about how and why you should protect your data with zero knowledge encryption? Click here then!
Final thought before dinner
There's one more important thing to know about zero knowledge end-to-end encryption, also known as zero knowledge proof. We all think of scary hackers when it comes to protecting your data, but they are far from the only interested party. Zero knowledge end-to-end encryption also serves to protect you from any government, authority or service provider so your favourite pizza topping preferences, or anything else, are kept private.
It's a common misconception that regular end-to-end encryption guarantees your privacy. It however offers no protection at all when a government wants to get its hands on your data. The US CLOUD act for instance allows the US to simply subpoena any American cloud provider that's encrypted your data and there's nothing you can do about it. In most cases they are not even allowed to notify you.
The only thing you can do about it is using zero knowledge end-to-end encryption. It's the only type of encryption that prevents any authority from accessing your data - not even the service provider itself can decrypt it.
Encryption can be complicated, but the most important thing to remember is that the word encryption in and of itself doesn't guarantee your data is adequately protected. If you want to be absolutely sure the emails, files and messages you send are protected, zero knowledge end-to-end encryption is the one option where nothing is left to chance.
Curious on how whether American cloud providers are safe and how you can best protect your data? Click on the link below!