Glass or adamantium shield?

--Originally published at The shield of the world

So after all this information let’s continue talking about the HW encryption, shall we?

giphy

Single-user file/folder level

When an individual wishes to encrypt a single file or group of files there are several options. Most encryption software has the ability to encrypt files individually using a password or other key. Many encryption programs have the ability to create an encrypted “virtual drive”. This is an encrypted file that, when opened with the key, looks like another drive attached to the computer allowing the user to easily open and save files into an encrypted area. Some other applications, like MS Office and OpenOffice, have built-in, single-file encryption features.

Depending on how the encryption software is used, this approach can provide protection from data disclosure when transferring information over the network. E.g. an individual file can be encrypted and then sent as an email attachment, assuming the recipient has the ability to decrypt it.

Multi-user file/folder level

Allowing multiple users to simultaneously access encrypted information is more complicated than a single user. The encryption software must allow the use of either multiple keys (i.e. one for each user) or a shared key (e.g. a shared password). Additionally, the software must deal with multi-user file locking issues (this is usually a problem with the virtual drive approach mentioned in the last section).

This approach can provide an additional layer of protection against the disclosure of highly confidential data on file servers in the event they are compromised. I can also help protect against disclosure on backup media as the files would remain encrypted when backed up.

This approach can get complicated if not all users have the encryption software installed, or they are not configured consistently. This could lead users being unable to access encrypted information or incorrectly believing they

giphy (1)
giphy (2)
giphy (3)
giphy (4)
encrypted information when they have not.

giphy (1)

 

We have AES which is a type of HW encryption, this type of encryption has been around for a while, but you and me are wondering how this works? How this protects the data on USB flash drives, hard drives and SSD’s?

giphy (2)

AES stands for Advanced Encryption Standard, and is a specification standard by the NIST for security data. AES is a widely recognized and adapted cryptographic module used in the U.S., Canada and worldwide by military, government, financial institutions, and organizations all around the world as the standard for encrypting and decrypting of data.

Ok is a Standard, but doesn’t this make this less secure?

Yes and no, there are different degrees of AES hardware encryption, for example 128-bit, 192-bit, and 256-bit, with each key size proving an increased level of protection and complexity.

To put it plainly, AES encryption is a block of algorithms that “scrambles” the data into unreadable code for transport them when reconnected to the user, is unscrambled again by the same algorithm when the right keys are provided.

But this is secure? This bit things you said why are important to me? Well yes, is secure and this bit thing should import to you because it adds complexity to the encryption.

To put it into perspective as one researcher at Leuven University puts it, “if a hacker were to attempt to “break the code” to gain access to an AES 128-bit encrypted flash drive, the number of steps he would have to take is an 8 followed by 37 zeros.  This would take a trillion machines, testing a billion keys per second, two billion years to uncover an AES-128 key.”

WE ARE INVINCIBLE!

giphy (3)

 

Mmm again, yes and no. Have you encrypted your disks? Do you know how to? We will talk about this later.

Let’s continue this topic on Jordini post!!

The Dark Side of the Code

giphy (4)