Encryption3:17 with Kenneth Love
How do you keep data safe but recoverable?
If you want to, you can go here to learn more about Project Callisto. It's a really interesting project and is open to contributions if you'd like to donate your time and knowledge to it.
If you'd like to know a bit more about asymmetric, or public key encryption, this is an excellent article from Panayotis Vryonis.
Okay so you have some data that you need to store. 0:00 You need to be able to get the data back at a later time. 0:03 Of course while it's stored it should be unreadable to anyone that doesn't have 0:05 the keys to the data. 0:08 This is where encryption comes into play. 0:09 Encryption is a very broad area of cryptography. 0:12 But we're going to define it as means of turning readable data into unreadable data 0:14 and back again. 0:18 Encryption, unlike hashing, is a two-way street. 0:19 Let me define a couple of terms real quick. 0:23 First is plaintext, this is the, well, plain text or 0:25 data that you want to encrypt. 0:29 This is your secret, if you will. 0:31 Second is ciphertext. 0:32 Ciphertext is text or data that is meaningless by itself. 0:35 Ciphertext is the encrypted version of your plain text. 0:38 Encryption is the process of turning plain text into ciphertext. 0:41 Decryption is reversing the process and turning ciphertext back into plain text. 0:45 Like we talked about before encryption and 0:49 cryptography is a pretty old area of study. 0:51 People have been writing secret messages for the vast majority of recorded history. 0:53 For now let's focus on common reasons for encryption and general methods for 0:57 doing so. 1:02 Like most secret messages like history, 1:02 encryption is most commonly used in communication. 1:04 When you connect your website, use an SSL certificate, your communication to that 1:07 website and it's to you about encrypted and the secret. 1:12 When you send a message to your friend in an app like WhatsApp or 1:15 Signal that message is also encrypted. 1:18 Communication between two parties is probably the most common use of encryption 1:21 on today's internet. 1:24 Wait, what's the harm on not using a secure HTTP connection? 1:26 When you request the URL maybe it includes some query string parameters or 1:30 has your password in the HTTP header as form data. 1:33 All of that is visible to anyone that's tapped in the connection between you and 1:36 the server. 1:39 If you're using HTTPS though, 1:40 that SSL certificate encrypts all of that data so no one can inspect it. 1:42 We'll cover SSL, in more detail, in a future course. 1:47 But, for now, check the teacher's notes for more info if you're interested. 1:49 You might also wanna encrypt data that you're storing for legal purposes. 1:52 For example, project Callisto is a college campus focus tool for 1:56 reporting sexual assault. 2:00 Callisto encrypts all reports before storing them securely so 2:01 that only the reporter can access them. 2:04 You may want to do the same with any sensitive information provided to you, or 2:06 your users, or internally. 2:09 There're two main styles of encryption that you'll likely to encounter. 2:11 Symmetric and Asymmetric encryption. 2:14 In symmetric encryption, the plain text is encoded and decoded using the same key. 2:16 Which means, everyone in the circles has to have the key. 2:21 If the key is ever compromised, all of the encrypted data can be unencrypted and 2:24 stolen or abused. 2:27 With asymmetric encryption, everyone has two keys one private and one public. 2:28 To send me an encrypted message, you encrypt it using my public key and 2:34 I would decrypt it with my private one. 2:37 Symmetric encryption seems to be declining in popularity lately. 2:40 But encryption methods such as AES, blowfish and idea all use it. 2:42 That isn't to say that asymmetric, or 2:46 public key encryption is impervious to attack of course. 2:48 But attacks on it are often more difficult than is economically viable. 2:51 Common public key encryption usages nowadays are things like the off 2:55 the record messaging feature that's built into mini chat programs. 2:58 Technologies like SSL and SSH are actually a combination of public and private keys. 3:01 Whatever encryption you decide to use, 3:05 it's often a good idea to keep keys fresh and stored in a safe place. 3:07 We'll talk more about encryption later but now is a good time to start thinking about 3:10 place that you might need to securely encrypt data. 3:14
You need to sign up for Treehouse in order to download course files.Sign up