![]() Keeping clients' computers safe and profitable for over 30 years | |||
Home Forms About Current Newsletter subscribe Search All Articles
Browse by Category
![]() |
Three categories of encryption:Or who has your keys? Article for: All Computer Users Difficulty: Moderate Importance: Very important ![]() Sales pitches frequently claim they have wonderful "256bit encryption" or how safe your data is because the company uses "Military grade encryption". How can normal people judge these claims? It isn't hard to make basic and probably good judgments quickly. The basic question you need to answer is: Who holds your keys?
Encryption locks up your data with a key. Instead of a physical key, it is a data key. That key is used to lock up your information. It is also used to unlock your information. If you have the key, then no one else can access your data, assuming you have a good key. If they hold the key, then they can access your data and they will also allow you to access your data. Often, a key is used only to transport the data, with no protection at all while it is on your computer or on their server. This is encryption while in transit. It is useful to prevent someone between you and the other party from monitoring your interaction, but does not protect while the data is at rest.
1. They hold your keysIf the company you are dealing with, a bank or store or backup company has your keys, it is a bit like them having keys to your house. They compromise your security if they get hacked. There are 3 types of potential hacks:
This isn't necessarily bad. I know other people hold the keys to my medical records. My doctor, nurses, receptionists and others will all have access. If I get in an accident, the hospital I'm taken to will have access. Many other people have access to my records. This makes me happy. The hospital should have access to my medical records. They might get hacked, but the benefits outweigh the risk. I also want to get proper help from bank, credit card and investment company employees, if something isn't working right.
Only You have your keysPersonally, as much as possible, I want the encryption done on my machine first, then upload after encryption. I like to be the only one with the keys. This means that even if one of these companies has a corrupt employee or is hacked, they still can't get my information because only I have the keys. I give my keys to a couple of trusted friends in case I am incapacitated.
Spideroak One backup, Signal message app, Bitwarden Online password safe all do this. Keepass doesn't need to because it stays local. Even if placed on Dropbox, it is safe, because Keepass encrypts the data before saving it to Dropbox.
If you have good passwords, then without your keys, no one can get in. However, remember, this can be a problem if you die, are incapacitated, or just forget your key. No one will be able to help you unless someone else you trust also has your keys.
Encrypted in transit:Sales pitches often claim they use 256 bit encryption, or they secure your mail with TLS or SSL encryption. This only means that while the mail travels between computers, they encrypt it. They are not claiming it is secure once it arrives at the destination or on their servers. Their employees could still read it. Simply encrypted in transit was something important 10 or 15 years ago before everyone did it. Now, if someone isn't doing it, run.
Further reading:
Date: September 2021
![]() This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License. |
||
|