Encryption is the process of transforming information so that a third party cannot read it. These days we share photos of our family and friends on social media platforms and that’s fine. Photos we share on social media don’t need to be encrypted as they don’t contain sensitive information. On the other hand there is stuff we do need to encrypt. Most people will have on their computer or mobile device, documents, photos or passwords that we would not like to share either publicly or have stolen. In the wrong hands, theft of this information could lead to identity fraud, access to our social media profiles or private medical records displayed publicly online. This is the kind of information we don’t share and need to encrypt.
Let’s say our laptop or mobile device was stolen, encryption prevents the thief from accessing the device. A pin on our mobile device or password on our laptops, for instance will safeguard an intruder from accessing sensitive data on our hard drive, but sometimes this can be guessed or broken and access gained to the device. The media is full of reports from business employees who misplace laptops containing sensitive customer information, including credit card numbers – if only they had used encryption, they would not have embarrassed their employers and given their customers’ information over to identity thieves.
This is quite a dramatic scenario but it’s a reality. It may not happen to you but there’s always the chance that it might. If you store financial data, business plans, or other sensitive documents, such as scans of tax returns with your social security number and other sensitive data on them, you should ensure your computer’s hard drive – or at least the sensitive files – are stored in an encrypted form. Encryption can also help protect any other type of private data that you don’t want someone else seeing.
Your bank and online-shopping websites all use encrypted connections (the HTTPS URL with a lock in your browser indicates a secure, “encrypted” connection). When you access an HTTP website, your browsing activity is viewable in plaintext form. For example, if you’re sitting in a café using public Wi-Fi and performing Google searches while not logged in, anyone on the Wi-Fi network could monitor your Google searches and any other website activity taking place over HTTP. Even if you used HTTPS to access websites, people could still see the HTTPS website you access.
To avoid having your browsing activity tracked on public Wi-Fi, you could use a VPN or Tor to “tunnel” your browsing activity through an encrypted connection.
Encryption can also be used to protect emails and instant messages against prying eyes. Email is sent over the wire in plain text form, so particularly sensitive data should be sent in encrypted emails – or not over email at all. If you’re sending an important file via email, you can encrypt the file before mailing it. Encrypt Files is an example of one of the easiest
applications you can use to accomplish that task. All you have to do is select the files that you want to encrypt, and click on “Encrypt” in the left panel. You’ll be prompted for the password you want to use to encrypt those files.
Afterwards, a new copy of that file will appear that is encrypted. You can tell the software to use one of 13 cryptography algorithms, and you can tell it to either leave, delete or shred the original files.
Another use for encryption is over-reaching government surveillance. This may seem a bit paranoid but it’s the world we live in today. Your data and information is valuable to governments. In the U.S emails are considered ‘abandoned’ after opening or 180 days unopened. This allows the government to read these emails without a warrant. If the emails were encrypted the government would require an extra warrant and a good reason to decrypt those emails. In certain states a police officer can look through your phone without a warrant after arresting you. Another warrant would be needed to decrypt the phone if you used encryption.
This is just the USA – the situation is even worse in countries like China or Iran, where repressive governments will monitor all the unencrypted communications they can get their hands on.
It’s not paranoid to realise that governments are building massive databases of our communications and personal data. Encryption can be a way to help prevent your data from being accessed without a warrant or automatically logged in a database.
The virtual encrypted disk (VED) is the quickest and easiest type of encryption to set up. It works by creating a file of a specified size that can then be mounted. Basically, it acts just like an external hard drive. When you unmount the VED the files inside are invisible – only the VED file itself is visible and appears as random data when analysed at the hardware level.
Partition/drive encryption covers an entire drive (or one of its partitions, if your drive happens to be divided up). It’s a little more complicated to set up than a VED, but it has its own rewards. For example, as the encryption covers the entire hard drive it is arguably less conspicuous while casually browsing files, and it is a lot harder to accidentally delete your important files. You also don’t need to worry about the size of a virtual drive, as the entire partition is encrypted.
The last main form of encryption goes one step further than encrypting your data – it encrypts the entire operating system and all the data on that partition with it, requiring you to enter your password before you get to the operating system (this is known as pre-boot authentication).
Which type of encryption is best for me?
The vast majority of users will want to use either the virtual encrypted disk or encrypt a whole drive or partition. Which one is “better” depends on how much you want to encrypt. If you only have a couple of GB or less of sensitive data there’s little point in encrypting an entire drive, especially as it makes it a lot harder to move the encrypted data around. You’re probably best off using a virtual encrypted disk unless you have a lot of sensitive data, in which case you might as well encrypt the whole thing.
By QuBits 13th April 2016
Linux Security Blog 