Encryption for beginners 2: PGP and Hashing

If you want to prevent unintended recipients from gaining access to emails containing sensitive personal data, it is imperative to use encryption. Encryption is an interesting and yet complex subject, not widely understood by the general public. We started covering the topic with the encryption for beginners 1 blog post, in which we highlighted the differences between both symmetrical and asymmetrical encryption. In this follow up post, we go a step further and introduce two additional terms that frequently appear in the context of email encryption: PGP and hashing. 

Encryption and PGP

For many years, at the beginning of the internet era, email was only suitable for text message exchange, it was not ideal for sending images, videos, or encrypted messages. Most email clients did not provide adequate support for encryption. This made it very challenging to ensure that messages could be adequately secured. 

The situation started to evolve in 1992 with the arrival of the PGP (Pretty Good Privacy) program which addressed an important issue regarding online data protection. This program offered a sound technique for asymmetric encryption of messages, while also ensuring that those encrypted messages could be included in an email. With PGP, you can encrypt emails for several people at the same time, provide messages with digital signatures or images, as well as encrypt other files.

There is a type of PGP for companies that include a form of back door access: the system can be set to encrypt every message with the company's public key. If an employee leaves the job (for whatever reason), or simply loses their key, the company will have the ability to decrypt and view their messages. A system designed this way prevents valuable data from being inadvertently lost under those circumstances.

Because PGP was initially distributed for free and included the source code, anyone could install it on their computer. Consequently, it quickly became the standard for email security and is probably still the best-known encryption program in the world. A worldwide network of servers was set up, where people can offer their public keys and request the public keys from others. This way, one can always send a message securely by using the correct public key.

Hashing

Another familiar term is hashing. This is not actually a form of encryption. Instead, it's a cryptographic function, which is a fancy way of saying it's a method of coding an email for data security. Hashing takes a piece of data, like an email address or password, and converts it to a 32-character hexadecimal string. Email addresses and passwords become an unrecognizable jumble of numbers and letters. Every time this email address or password is run through the hashing algorithm, the same result is delivered. 

A hashing algorithm transforms pieces of data into strings. Each email address becomes an unrecognizable jumble of numbers and letters. In other words, a hashed email can be used to obtain data about an individual's online behavior without obtaining the email address. 

Hashing is a three-part process: 

1) The input (a password or email address)

2) The algorithm (a mathematical formula)

3) The outcome (the hash)

The system is always aware of both the algorithm and the hash. With each new entry, the system compares the result with the original. If the original and the outcome are the same, the same data is used.

The most powerful application of hashing is in the protection of passwords. If you enter a password on your computer, the system retains it. If the result entered is the same as what is currently saved, access will be granted.

For example: Bob's password is "0lfant". After hashing the paswword becomes "$ 2a $ 04 $ o1K5mF8j.cj4rnzNuTD.Neaf8PpfbHVWt1oabbVIc5j / GDBaFPXfa".

The computer compares this hash with the hash saved when the password was initially set. If there is a match, Bob's password will be accepted, and he will be able to log-in to the system.

The most significant advantage of hashing is that a hacker is unable to steal a saved password. The only action that could possibly be done do is stealing the hash. However, the hashed outcome is rendered useless and cannot be used to breach access to any stored data. If the hash information is entered again, the result will be scrambled by the algorithm. Essentially if hackers are in possession of a computer's hash, it's entirely useless to them. 

Encryption and privacy by design of ZIVVER

Would you like to know how ZIVVER uses asymmetric encryption and our approach to privacy by design? Download the whitepaper below to find out technical and detail information regarding our innovative security solutions for email communication.

Download whitepaper encryption and privacy by design

RELATED
man_holding_arms_out

CCPA, NTA, DPA, GDPR, WTF?

While the General Data Protection Regulation (GDPR) in the EU has been in place for a few years now, other countries and regions have adopted their own version of enhanced privacy legislation to keep up with the pace of change.  One such region is California. The California Consumer Protection Act (CCPA), is modeled after the GDPR in many respects, but there are also […]

Read more
Doctor_laptop_telemedicine

8 reasons telemedicine is making headlines now

It should come as no surprise that telemedicine, sometimes referred to as telehealth or eHealth, has been featured prominently in the news lately. That’s because healthcare systems and professionals are seeking safe alternatives to provide patient care in the wake of the COVID-19 pandemic. While only a fraction of people worldwide have used telemedicine for […]

Read more
Doctor_laptop_telemedicine

8 reasons telemedicine is making headlines now

It should come as no surprise that telemedicine, sometimes referred to as telehealth or eHealth, has been featured prominently in the news lately. That’s because healthcare systems and professionals are seeking safe alternatives to provide patient care in the wake of the COVID-19 pandemic. While only a fraction of people worldwide have used telemedicine for […]

Read more
ZIVVER_safety_locks

ZIVVER’s secure communication platform is a market leader

When it comes to safeguarding data, you have to first look at the root cause of most breaches. Around the globe, human error is consistently the top cause of data leaks, so it’s important to have a security platform that can effectively tackle this. Many companies claim to offer solutions, few actually deliver on providing top flight security alongside […]

Read more
Encryption for Beginners_locks_ZIVVER_email

Encryption for Beginners 1: (A)symmetric encryption

Most people don't realize how easily an email can be sent to the wrong recipient. A typo in the address, a mistake in the configuration of a server, the wrong name selected from the automatic address book: they are all simple and common mistakes. In addition to the human error element, there is always a risk that hackers could compromise the mail server of a provider […]

Read more