Encryption for beginners 2: PGP and hashing

If you want to prevent the wrong people from gaining access to an email with sensitive personal data, you cannot do without encryption. An interesting subject, but a complex one for those who do not come into contact with it on a daily basis. That is why we gave you a short introduction earlier (Encryption for Beginners 1) in which we discussed symmetric and asymmetric encryption. This blog will provide you with an explanation of two terms that regularly occur in this context: PGP and hashing.


Encryption and PGP


For a long time, email was only suitable for sending text, not for images, videos or encrypted messages. Most email programs therefore did not offer good support for encryption. Of course, this made it very difficult to secure messages.

This changed around 1992, with the arrival of the program PGP (Pretty Good Privacy). This not only provided a sound method of asymmetric encryption of messages, but also ensured that those encrypted messages could be included in an email. You can use PGP to encrypt emails for several people at once, provide messages with digital signatures and encrypt images and other files.

In the version of PGP for companies there is a kind of back door: you can set up the program so that it also encrypts each message with the public key of the company. If an employee leaves the company, dies or simply loses his key, the company can decrypt and view his/her messages. This construction prevents valuable data from being lost.

Because PGP was distributed free of charge and with source code, everyone could install it on their computer. This meant it quickly grew to become the standard for email security, and is probably the best-known encryption program in the world. A worldwide network of key servers has been set up, where people can offer their public key and request the public keys of others. In this way one can always send a secure message with the right public key.


Hashing


Then there is hashing. This is not actually an encryption, but an algorithm that scrambles data so that it is no longer possible to see what the original data was. With encryption it is possible to make data readable again, but with hashing this is not the case. Once made unreadable, it remains so.

Hashing is a three-part process: the input (a password), the algorithm (a mathematical formula) and the outcome (the hash). The system knows the algorithm and the hash. With each new input, the system compares the outcome with the original. If the original and the outcome match, then the same data have served as the basis.

The main application of hashing is the protection of passwords. If you enter a password on your computer, the system hashes the password. If the outcome is the same as the outcome that was already stored, you get access.

For example, Bob's password is '0l1fant'. After hashing, this is ‘$2a$04$o1K5mF8j.cj4rnzNuTD.Neaf8PpfbHVWt1oabbVIc5j/GDBaFPXfa’. The computer compares this hash with the hash it stored when the password was set. If they match, Bob gets access.

The biggest advantage of hashing is that a hacker cannot steal the stored password. The only thing the hacker can do is steal the hash. But it is not possible to use the hashed outcome to gain access. If you enter it, the result is again mixed up by the algorithm. If a hacker steals the hash from a computer, he cannot do anything with it.

RELATED
Sending_or_receiving_credit_card_data_via_email_while staying_PCI_compliant

Sending or receiving credit card data via email while staying PCI compliant

To prevent cardholders’ information from falling into the wrong hands, the Payment Card Industry Data Security Standard (PCI DSS) was established to hold organizations to a common standard for securing cardholder information against unauthorized exposure and exploitation. […]

Read more
Sending_or_receiving_credit_card_data_via_email_while staying_PCI_compliant

Sending or receiving credit card data via email while staying PCI compliant

To prevent cardholders’ information from falling into the wrong hands, the Payment Card Industry Data Security Standard (PCI DSS) was established to hold organizations to a common standard for securing cardholder information against unauthorized exposure and exploitation. […]

Read more
We_are_happy_to_introduc _ou _new_VP_of_sales_Chris_Brown_ZIVVER_eng_blog_update

We are happy to introduce our new VP of Global Sales: Chris Brown

"ZIVVER is entering new markets at high speed. We intend to lead in those markets. With Chris, we bring in a senior leader who has done this before multiple times. We love that he is not ‘just’ about sales. Chris has a deep, hands-on understanding of the problems our customers face and of the market space and a very inspirational and credible leader for our fast […]

Read more
We_are_happy_to_introduc _ou _new_VP_of_sales_Chris_Brown_ZIVVER_eng_blog_update

We are happy to introduce our new VP of Global Sales: Chris Brown

"ZIVVER is entering new markets at high speed. We intend to lead in those markets. With Chris, we bring in a senior leader who has done this before multiple times. We love that he is not ‘just’ about sales. Chris has a deep, hands-on understanding of the problems our customers face and of the market space and a very inspirational and credible leader for our fast […]

Read more
Cloud_based_office_support tools_that_are_U.S._rooted_fail GDPR_complianc_ZIVVER_Eng_blog

Cloud-based office support tools that are U.S. rooted, fail GDPR compliance

It is estimated that the U.S.A. supplies 80% of the global cloud computing services. And nearly all most-used cloud-based solutions for email and word processing are from the US. This causes a big issue for European companies using these vendors since they are not GDPR compliant. This is the conclusion of a research performed by the Swedish National Public Procurement […]

Read more
Cloud_based_office_support tools_that_are_U.S._rooted_fail GDPR_complianc_ZIVVER_Eng_blog

Cloud-based office support tools that are U.S. rooted, fail GDPR compliance

It is estimated that the U.S.A. supplies 80% of the global cloud computing services. And nearly all most-used cloud-based solutions for email and word processing are from the US. This causes a big issue for European companies using these vendors since they are not GDPR compliant. This is the conclusion of a research performed by the Swedish National Public Procurement […]

Read more