Encryption is a form of security that turns information, images, programs, or other data into unreadable cipher by applying a set of complex algorithms to the original material. These algorithms transfer the data into streams or blocks of seemingly random alphanumeric characters. An encryption key might encrypt, decrypt, or perform both functions, depending on the type of encryption software being used.
There are several types of encryption schemes, but not all are secure. Simple algorithms can be easily broken using modern computer power, and yet another point of weakness lies in the decryption method. Even the most secure algorithms will decrypt for anyone who holds the password or key.
Symmetric types of encryption schemes use a single password to serve as both encryptor and decryptor. Supplying the encryption key, one can “mount” the drive and work in an unencrypted state, then return the drive to cipher when finished.
The algorithms used are considered very secure, with one of this type adopted as the Advanced Encryption Standard (AES) used by the U.S. Government for storing classified and top secret information. The one weakness of symmetric encryption programs is that the single key must necessarily be shared, presenting an opportunity for it to be leaked or stolen. Part of key management involves changing the key often to improve security.
Public asymmetric encryption schemes also use highly secure algorithms with a different method of encrypting and decrypting. This software uses two keys, known as a key pair. One is the public key, and can be freely shared or given to anyone because its only job is to encrypt. The other key is the private key, and is not shared. The private key is required to decrypt anything that has been encrypted by the public key.
Asymmetric encryption software is widely used for making email and instant messaging private. Users can install one of many available encryption programs, and the program generates a key pair for the user. The encryption key, or public key of the key pair, can be sent to others who are also running a compatible encryption program.
Once another person has the public key, he or she can send encrypted messages to the owner of the public key. After a message has been encrypted, even the author cannot decrypt it. In the encryption process, the algorithms are based on the key pair, and only the private key of that specific key pair can reverse the encryption process. The mail or message is then sent to the owner of the public key.
Upon receipt of the mail, the private key will request a passphrase before decrypting. For maximum security, this passphrase should be supplied manually, but software will allow a user to store the passphrase locally so that messages can be decrypted automatically. Asymmetric encryption is considered more secure than symmetric encryption, because the key that triggers decryption is not shared.
Regardless of the type of encryption, if someone gains access to a computer, the data is only as secure as the passphrase that protects the encryption key. The best passphrases are alphanumeric and random, though these are harder to remember. If someone must pick something recognizable, he or she should avoid addresses, license plate numbers, names, pets, or other easily cracked passwords, and include numbers plus characters that are neither letters nor numbers. Most importantly, each password should be completely unique from all others in use, as adopting a single password or a "theme" on passwords vastly reduces security and increases vulnerability.