What is encryption?
Encryption is the process of transforming information (referred to as plaintext) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a “key”. The result of the process is encrypted information. In many contexts, the word encryption also implicitly refers to the reverse process, decryption (e.g. “software for encryption” can typically also perform decryption), to make the encrypted information readable again (i.e. to make it unencrypted).
What is a key?
A key is a piece of information (or parameter) that controls the operation of the encryption process. In encryption, a key specifies the particular transformation of plaintext into encrypted text.
Most encryption solutions offer the option to create an ’emergency disk’ that contains this key, which enables professionals to decrypt the data. In turn, this key contains the ‘cypher’, which dictates how the data is encrypted.
What is a cypher?
A cypher is an algorithm for performing encryption and decryption — a series of well-defined steps that can be followed as a procedure. There are many different ways in which plaintext can be encrypted, but essentially there are two main processes used: symmetric key algorithms and asymmetric key algorithms
Symmetric key algorithms
This uses the same key to encrypt and decrypt the plaintext into cyphertext.
Asymmetric key algorithms
This uses different keys to encrypt and decrypt the plaintext into cyphertext.
Levels of encryption
In addition to different cyphers and key structures, there are also different levels of encryption; depending on the security requirements of the user.
There are two main types of encryption, as we can see below:
|File-Level Encryption||Sector-Level Encryption|
|This type of encryption only encrypts user files or directories, and not any system files. In this case, the operating system is unsecured, so data is vulnerable from unauthorized users.||This type of encryption encrypts all user files, directories and system files. In this case, the operating system is secure, so data is safe from unauthorized users.|
Problems with sector-level encryption
Full disk encryption for the boot disk has the issue that you have to decrypt the blocks where the operating system is stored before you boot the OS (i.e. before you load Windows, for example) meaning that the key has to be available before there is a user interface to ask for a password. This also means that an attacker may be able to use the same mechanism to recover the key, rendering the encryption software useless.
Possible solutions to this include:
- Using a dongle to store the key, assuming that the user will not allow the dongle to be stolen with the laptop/desktop
- Using a boot-time driver that can ask for a password from the user
- Using a network interchange to recover the key, for instance as part of a boot environment that does not need to access the hard disk
Is encrypted data recovery possible?
As with any other job, if the drive/tape etc., is not too severely damaged then a recovery may be possible. However, if there has been some kind of corruption whereby the data has not been encrypted correctly, then you might have to say good-bye to the data. This is because applying the decryption cypher will not translate the encrypted information correctly.
Remember – encryption brings its own set of risks!
As you can see, encryption is not a simple subject to tackle. There are many different ways data can be encrypted (and decrypted), but the most important thing to remember is that engineers cannot decrypt a drive unless they have the encryption credentials. This is either the username/password for the encryption or the emergency disk.
Furthermore, if the data has been corrupted in the process of being encrypted, there is no way of recovering this information, as the decryption process will not correctly translate the corrupted data. It is best to first consider carefully whether the data needs to be encrypted and what the level of encryption you require for it is.