Without getting into the nitty-gritty, just understand that the Data Encryption Standard (DES) that was adopted in the 1970s used a 56-bit key, which was considered unbreakable. By the 1990s, however, modern computers were able to break these codes in days. DES was replaced with AES, (Advanced Encryption Standard). Today we can use up to 256-bit keys. Today’s most powerful computer would take approximately 1,000,000,000,000,000,000 years to crack just a 128-bit key. Every “bit” doubles the time, so, there isn’t enough room on this page to show how many years it would take to crack a 256-bit key. Yes, it’s secure.
A simple definition of data encryption states that the file or message in question has been encoded so that it can only be read by the people who are supposed to read it. This is accomplished by a software program called either an algorithm or a cipher. (Origin of the word “decipher.”) The encrypted file no longer contains the easy-to-read text or numbers you started with but has been transformed into gobbledygook that can only be read after it has been unscrambled using a “key”. This “cryptographic key”, which is a long data string, makes it understandable again.
Encryption takes two basic forms, using either symmetric keys or asymmetric keys. With symmetric encryption, only one key is used to both encrypt and decrypt. With asymmetric, we use two different keys: one that encrypts and another that decrypts. Asymmetric are also known as “public” and “private” keys because anyone who wants to receive encrypted data can allow others access to their public keys, while being the only ones who can decrypt the code using their private keys
As we stated above, SSL and TLS require a bit more explanation. Basic symmetric key encryption does a good job of encoding the data, but sending it securely is another story. If you need to send a secure document to someone, you would have to first make sure they had your key. SSL and TLS were created to solve this. When you are on an SSL or TLS protected site, your outgoing message is encrypted using your public key, then again with the recipient’s public key. Upon arrival, it is decrypted. A little convoluted, perhaps, but it works. Most of the time.
The truth is, neither SSL nor TLS works perfectly and the data only remains encrypted if the server being used supports the encryption. Older servers often have out-of-date versions of SSL or TLS, if they support them at all. This often allows emails to be captured by hackers, kind of defeating the whole purpose. They can do this by compromising the SSL/TLS or scamming a website by using a fake security certificate. This is why Client-Based Encryption is so important.
Based on what you just read, it should come as no surprise that the best way to keep data safe is to make sure it is encrypted as it is leaving your device and remains that way until it reaches the rightful recipient. To accomplish this, we use client-based (or client-side) encryption. An email should leave your device as a long, scrambled string so it won’t matter whether or not a server through which it passes supports encryption. Any nefarious hacker who captures your email can’t read it; they won’t have the correct encryption key.
PGP (Pretty Good Privacy – yes, that’s a real thing) and S/MIME (Secure/Multipurpose Internet Mail Extensions) are standards for public key encryption and signing of MIME data – (Wikipedia) have been around since the early to mid-1990s and do provide a “pretty good” level of protection for email, but they are inconvenient to use. The software for encryption has to be installed, then you have to use the software to create your public and private keys, register your own public key while receiving your recipient’s public key, put his/her public key on your “keyring”, and then, at last, encrypt and send your message. There are also built in protections to make sure you are receiving a valid decryption key, not a fake generated from a hacker.
PGP uses what they call a “Web of Trust”. As you share your key with people and they let the PGP people know they trust you, your “web of trust” grows and newcomers come to understand they also can trust you. If you trust everyone with whom you share it, and they keep it secure, you’re ok. If not, well…
There are drawbacks to both systems:
While either system may provide you with the protection you need, neither provides the convenience required to be truly effective in today’s technology world.