Encryption for beginners 2: PGP and hashing

If you want to prevent the wrong people from gaining access to an email with sensitive personal data, you cannot do without encryption. An interesting subject, but a complex one for those who do not come into contact with it on a daily basis. That is why we gave you a short introduction earlier (Encryption for Beginners 1) in which we discussed symmetric and asymmetric encryption. This blog will provide you with an explanation of two terms that regularly occur in this context: PGP and hashing.


Encryption and PGP


For a long time, email was only suitable for sending text, not for images, videos or encrypted messages. Most email programs therefore did not offer good support for encryption. Of course, this made it very difficult to secure messages.

This changed around 1992, with the arrival of the program PGP (Pretty Good Privacy). This not only provided a sound method of asymmetric encryption of messages, but also ensured that those encrypted messages could be included in an email. You can use PGP to encrypt emails for several people at once, provide messages with digital signatures and encrypt images and other files.

In the version of PGP for companies there is a kind of back door: you can set up the program so that it also encrypts each message with the public key of the company. If an employee leaves the company, dies or simply loses his key, the company can decrypt and view his/her messages. This construction prevents valuable data from being lost.

Because PGP was distributed free of charge and with source code, everyone could install it on their computer. This meant it quickly grew to become the standard for email security, and is probably the best-known encryption program in the world. A worldwide network of key servers has been set up, where people can offer their public key and request the public keys of others. In this way one can always send a secure message with the right public key.


Hashing


Then there is hashing. This is not actually an encryption, but an algorithm that scrambles data so that it is no longer possible to see what the original data was. With encryption it is possible to make data readable again, but with hashing this is not the case. Once made unreadable, it remains so.

Hashing is a three-part process: the input (a password), the algorithm (a mathematical formula) and the outcome (the hash). The system knows the algorithm and the hash. With each new input, the system compares the outcome with the original. If the original and the outcome match, then the same data have served as the basis.

The main application of hashing is the protection of passwords. If you enter a password on your computer, the system hashes the password. If the outcome is the same as the outcome that was already stored, you get access.

For example, Bob's password is '0l1fant'. After hashing, this is ‘$2a$04$o1K5mF8j.cj4rnzNuTD.Neaf8PpfbHVWt1oabbVIc5j/GDBaFPXfa’. The computer compares this hash with the hash it stored when the password was set. If they match, Bob gets access.

The biggest advantage of hashing is that a hacker cannot steal the stored password. The only thing the hacker can do is steal the hash. But it is not possible to use the hashed outcome to gain access. If you enter it, the result is again mixed up by the algorithm. If a hacker steals the hash from a computer, he cannot do anything with it.

RELATED
Corporate_guest_branding_secure_email_powered_by_ZIVVER_but with_your_organizations_visual_identity_blog_eng-1

Corporate guest branding: Secure email powered by ZIVVER but with your organization's visual identity

Your organization has its own visual identity and naturally wishes to have it reflected in all its products and services. That includes the secure email environment provided by ZIVVER. Therefore, organizations can personalize ZIVVER's guest experience in several ways.  […]

Read more
gdpr_it’s_gonna_be_fines_zivver_en_blog

GDPR: IT’S GONNA BE FINES!

With the inception of the GDPR in May 2018, several companies and their offices were not, and many are still not ready to be compliant with the enhanced European privacy rules and were scared for the potential high penalty payments. This fear was not without grounds. […]

Read more
Introducing-open-conversation-starters-A powerful-new-feature-live on ZIVVERs-platform-blog-eng

Introducing open conversation starters! A powerful new feature from ZIVVER.

One of ZIVVER's most convenient and unique features is the conversation starter. It allows people who don't have an account (guest users) to take the initiative for a conversation with a ZIVVER user, in the same secure email environment. It protects both senders and recipients from possible data leaks caused by guest users. […]

Read more
Introducing-open-conversation-starters-A powerful-new-feature-live on ZIVVERs-platform-blog-eng

Introducing open conversation starters! A powerful new feature from ZIVVER.

One of ZIVVER's most convenient and unique features is the conversation starter. It allows people who don't have an account (guest users) to take the initiative for a conversation with a ZIVVER user, in the same secure email environment. It protects both senders and recipients from possible data leaks caused by guest users. […]

Read more
shutterstock_395578309-2

Human error while emailing might be disastrous for your organization - Prevention is much simpler than you think!

  If hackers and cybercriminals are your biggest concern when it comes to cybersecurity, it might be time to look somewhere else for the cause of the vast majority of data leaks. It is well documented that the actual offender is that lovely and well-intended colleague sitting right next to you, and not a malicious individual in North Korea like the media often […]

Read more
Sending_or_receiving_credit_card_data_via_email_while staying_PCI_compliant

Sending or receiving credit card data via email while staying PCI compliant

To prevent cardholders’ information from falling into the wrong hands, the Payment Card Industry Data Security Standard (PCI DSS) was established to hold organizations to a common standard for securing cardholder information against unauthorized exposure and exploitation. […]

Read more