Heads up! To view this whole video, sign in with your Courses account or enroll in your free 7-day trial. Sign In Enroll
Preview
Start a free Courses trial
to watch this video
How do you keep data safe but recoverable?
If you want to, you can go here to learn more about Project Callisto. It's a really interesting project and is open to contributions if you'd like to donate your time and knowledge to it.
If you'd like to know a bit more about asymmetric, or public key encryption, this is an excellent article from Panayotis Vryonis.
Okay so
you have some data that you need to store.
0:00
You need to be able to get
the data back at a later time.
0:03
Of course while it's stored it should be
unreadable to anyone that doesn't have
0:05
the keys to the data.
0:08
This is where encryption comes into play.
0:09
Encryption is a very broad
area of cryptography.
0:12
But we're going to define it as means of
turning readable data into unreadable data
0:14
and back again.
0:18
Encryption, unlike hashing,
is a two-way street.
0:19
Let me define a couple
of terms real quick.
0:23
First is plaintext, this is the,
well, plain text or
0:25
data that you want to encrypt.
0:29
This is your secret, if you will.
0:31
Second is ciphertext.
0:32
Ciphertext is text or
data that is meaningless by itself.
0:35
Ciphertext is the encrypted
version of your plain text.
0:38
Encryption is the process of
turning plain text into ciphertext.
0:41
Decryption is reversing the process and
turning ciphertext back into plain text.
0:45
Like we talked about before encryption and
0:49
cryptography is a pretty
old area of study.
0:51
People have been writing secret messages
for the vast majority of recorded history.
0:53
For now let's focus on common reasons for
encryption and general methods for
0:57
doing so.
1:02
Like most secret messages like history,
1:02
encryption is most commonly
used in communication.
1:04
When you connect your website, use an SSL
certificate, your communication to that
1:07
website and it's to you about
encrypted and the secret.
1:12
When you send a message to your
friend in an app like WhatsApp or
1:15
Signal that message is also encrypted.
1:18
Communication between two parties is
probably the most common use of encryption
1:21
on today's internet.
1:24
Wait, what's the harm on not
using a secure HTTP connection?
1:26
When you request the URL maybe it
includes some query string parameters or
1:30
has your password in the HTTP
header as form data.
1:33
All of that is visible to anyone that's
tapped in the connection between you and
1:36
the server.
1:39
If you're using HTTPS though,
1:40
that SSL certificate encrypts all of
that data so no one can inspect it.
1:42
We'll cover SSL, in more detail,
in a future course.
1:47
But, for now, check the teacher's notes
for more info if you're interested.
1:49
You might also wanna encrypt data that
you're storing for legal purposes.
1:52
For example, project Callisto is
a college campus focus tool for
1:56
reporting sexual assault.
2:00
Callisto encrypts all reports
before storing them securely so
2:01
that only the reporter can access them.
2:04
You may want to do the same with any
sensitive information provided to you, or
2:06
your users, or internally.
2:09
There're two main styles of encryption
that you'll likely to encounter.
2:11
Symmetric and Asymmetric encryption.
2:14
In symmetric encryption, the plain text is
encoded and decoded using the same key.
2:16
Which means, everyone in
the circles has to have the key.
2:21
If the key is ever compromised, all of
the encrypted data can be unencrypted and
2:24
stolen or abused.
2:27
With asymmetric encryption, everyone has
two keys one private and one public.
2:28
To send me an encrypted message,
you encrypt it using my public key and
2:34
I would decrypt it with my private one.
2:37
Symmetric encryption seems to be
declining in popularity lately.
2:40
But encryption methods such as AES,
blowfish and idea all use it.
2:42
That isn't to say that asymmetric, or
2:46
public key encryption is
impervious to attack of course.
2:48
But attacks on it are often more
difficult than is economically viable.
2:51
Common public key encryption usages
nowadays are things like the off
2:55
the record messaging feature that's
built into mini chat programs.
2:58
Technologies like SSL and SSH are actually
a combination of public and private keys.
3:01
Whatever encryption you decide to use,
3:05
it's often a good idea to keep keys
fresh and stored in a safe place.
3:07
We'll talk more about encryption later but
now is a good time to start thinking about
3:10
place that you might need
to securely encrypt data.
3:14
You need to sign up for Treehouse in order to download course files.
Sign up