What is encryption?

A padlock icon next to a woman working on a laptop
(Image credit: Shutterstock)

The online world can be a dangerous place, where it seems like just about everyone is trying to spy on your activities and steal personal data. Fortunately, you're protected by a science so powerful that even nation-states struggle to get around it: encryption.

Dig into the low-level details of how encryption works, and it's easy to be intimidated. ECC is an important technology in VPNs, for instance, but one site describes it as 'public-key cryptography based on the algebraic structure of elliptic curves over finite fields.' When reading an explanation leaves you feeling even less knowledgeable than you did in the first place, it's tempting to give up.

But in reality, you don't need any great mathematical expertise to have a good understanding of encryption. Just learning a few basic concepts can help you see how the technology works to keep you safe, and what else you can do to protect yourself online.

How does encryption work?

Encryption is the process of scrambling data into an unreadable form, to protect it from unauthorized access.

Technically, this is sometimes described as converting 'plaintext' to 'ciphertext.' Don't be distracted by the word 'text', though - the process works with all kinds of data and file types.

Encryption may be carried out using many different encryption algorithms, each with their own set rules on exactly how the process works.

Only someone who knows which algorithm you're using, and exactly how it's set up, will be able to decrypt the data and restore its original form. Even if snoopers can access your data, they'll only see the scrambled version.

That's the theory, anyway. In practice there are possible privacy risks, but we'll talk about those later.

A manual device for scrambling text

(Image credit: Shutterstock)

What is an encryption algorithm?

An encryption algorithm is a defined formula for scrambling data into an unreadable form, and unscrambling it later.

Encryption can be very simple. You could encrypt text by shifting letters one character forward, for instance, so 'a' becomes 'b', 'b' becomes 'c', and so on. Applying this to the text 'sell the house' transforms it to 'tfmm uif ipvtf.' Casual readers might be confused, but if you know the secret, you can shift the letters back and figure it out.

The problem is this algorithm performs the same simple transformation every time, which makes it much easier to crack. Our message has an f in every word, for instance. E is the most commonly used letter in English words, so a smart attacker might recognise we'd encoded each E as an F, wonder if we'd applied the same one-character-forward trick each time, and so decode the entire message in just a few seconds.

Fortunately, modern encryption algorithms avoid this weakness by adding an extra value, called a key.

A graphic of a key on a circuit board-style background

(Image credit: Shutterstock)

What is an encryption key?

An encryption key is a string of characters used by an encryption algorithm to scramble data, making it appear random.

Instead of encoding data using a simple fixed rule, like our 'shifting one character forward' scheme ('a' becomes 'b', 'b' becomes 'c'), keys allow us to build far more complex rules. In one session we might shift the first character forward by 5; the next one back by 17; the next back by 2; the next forward by 25 – you get the idea. And these rules would change every time we started a new session or got a new key, making it far more difficult for others to decode.

A snooper might still try to break your encryption using a 'brute force attack', trying every possible combination of characters until he finds the key and can decrypt your data. But modern encryption schemes use keys with so many possibilities that even the most powerful computer in the world would take trillions, and trillions, and trillions of years to do it.

Although the basic idea of keys is simple and effective, there are some complications. If you and your recipient can only encrypt and decrypt data if you're using the right key, for instance, how can you decide what that key should be? There are two main approaches used today.

What is symmetric and asymmetric encryption?

Symmetric encryption is a straightforward process where everyone uses the same secret key. It's simple, fast, and requires a minimum of CPU power. AES (Advanced Encryption System) uses symmetric encryption to protect you on SSL/TLS web connections, via Wi-Fi, on VPN connections and more.

Asymmetric encryption uses two keys. A public key, available to everyone, encrypts the data. A private key, which is kept securely and not shared, is used for decryption. RSA and ECC are the two main types of asymmetric encryption algorithms.

Although asymmetric encryption is more complex and requires additional CPU time, it has benefits of its own. For example, because data can only be encrypted by the private key, this authenticates the connection, and confirms that only the person or organization you expect can decode your messages.

A padlock icon and the HTTPS text at the beginning of a URL

(Image credit: Shutterstock)

How can encryption protect me?

Most websites use SSL (Secure Sockets Layer) connections to encrypt your data and protect it from attackers. Chrome now highlights websites which doesn't support SSL as 'insecure', so they're normally easy to spot, but it's still worth paying attention if you don't see the padlock icon to the left of the address bar.

If you have a website of your own, make sure you install an SSL certificate to reassure and protect your visitors. Many hosting companies now offer certificates for free: look for anyone mentioning support for Let's Encrypt's free scheme.

Whatever's happening with websites, some apps and system traffic, such as DNS queries, may not use encryption. Sign up with a VPN, though, and the service routes all traffic through its own encrypted tunnel, ensuring your entire system is protected.

Keep in mind that all VPNs don't necessarily offer the same protection. This varies depending on the VPN protocol they're using, for instance, as some of the older options are now regarded as insecure. They might support vulnerable encryption algorithms such as 3DES, for instance, or use shorter encryption keys.

Fortunately, there's usually an easy fix: just choose a modern protocol such as WireGuard, OpenVPN, NordVPN's NordLynx or ExpressVPN's Lightway, which each offer state-of-the-art, industrial-strength encryption which does everything possible to keep your data safe.

Mike Williams
Lead security reviewer

Mike is a lead security reviewer at Future, where he stress-tests VPNs, antivirus and more to find out which services are sure to keep you safe, and which are best avoided. Mike began his career as a lead software developer in the engineering world, where his creations were used by big-name companies from Rolls Royce to British Nuclear Fuels and British Aerospace. The early PC viruses caught Mike's attention, and he developed an interest in analyzing malware, and learning the low-level technical details of how Windows and network security work under the hood.