Notes on Encryption

Apple released its 1st iPhone in 2007.

At this time people mainly saw it as a processor-based gadget for mobile gaming.
At the time, just five years later, our devices are interconnected, and that linking where everything can access everything is the dark side of this technology. All that connectivity makes it much easier for an attacker to compromise all our data, no matter where it is.
Tons of bits are streamed through the ether containing some useful information for bad guys. It often seems that most of the users don’t care. Around the world there was and is and intensive discussion about Google’s Street View infringing the privacy. On the other hand people send unencrypted E-Mails with data worth being protected. What is the reason for this contrariness?
Even well informed people often turn off the brain-settings for security. Why?
Well, following all these security advices hampers fast communication and provision of information. To enter your credentials 50 times a day is hard work, if you don’t let the browser save it for you.
Howsoever, everybody has to go the way he wants to go.

For those, who always hear the word ENCRYPTION but do not really know what it is should continue reading this post.

A simple encryption method …


When you see this encryption you might say: forget it, encrypting my password with Caesar’s cipher is like committing hara-kiri.
If you think so, try to decrypt this encrypted word where the shift is not 3 … PWOVUL
I will help you. You are on so there can only be one iOS device with 6 letters.
This is a well-known product name and for real words it is not so difficult to decrypt. But think about your password which might be an artificial combination of letters. Then you have to start a brute force attack that means: try all possible shifts for digits (9) at an ATM until you get money or starve to death.

Here you can try a more complex method online …

A fully secure encryption method does not exist.
But you can extend the time someone finds out the right key with a powerful computer to millions of years. So we can talk of a secure technique.

Symmetric and asymmetric encryption …

There are two basic techniques for encrypting information: symmetric encryption (also called secret key encryption) and asymmetric encryption (also called public key encryption).

Symmetric Encryption

Symmetric encryption is the oldest and best-known technique. A secret key, which can be a number, a word, or just a string of random letters, is applied to the text of a message to change the content in a particular way. This might be as simple as shifting each letter by a number of places in the alphabet. As long as both sender and recipient know the secret key, they can encrypt and decrypt all messages that use this key.

Asymmetric Encryption

The problem with secret keys is exchanging them over the Internet or a large network while preventing them from falling into the wrong hands. Anyone who knows the secret key can decrypt the message. One answer is asymmetric encryption, in which there are two related keys a key pair. A public key is made freely available to anyone who might want to send you a message. A second, private key is kept secret, so that only you know it.

Any message (text, binary files, or documents) that are encrypted by using the public key can only be decrypted by applying the same algorithm, but by using the matching private key. Any message that is encrypted by using the private key can only be decrypted by using the matching public key.

About Digital Certificates

To use asymmetric encryption, there must be a way for people to discover other public keys. The typical technique is to use digital certificates (also known simply as certificates). A certificate is a package of information that identifies a user or a server, and contains information such as the organization name, the organization that issued the certificate, the user’s e-mail address and country, and the user’s public key.

When a server and client require a secure encrypted communication, they send a query over the network to the other party, which sends back a copy of the certificate. The other party’s public key can be extracted from the certificate. A certificate can also be used to uniquely identify the holder.

How to use certificates for a secure E-Mail communication see my blog

S/MIME Secure E-Mail communication

Further information …

1 Password Password Management App

Apple about iOS-Security

Ars Technica Apple Holds the Key

MIT Technology Review