VPN and general encryption Tutorial
Encrypting Traffic and Data Encryption
Encryption or encrypting is the process of scrambling data so that it becomes un-readable and confidential. Another name for encrypted data is ciphertext. Decrypting is the opposite and it is the process of transforming the ciphertext back into the original plain text. VPN gateways use encryption, so that data in transit will be secure and unreadable. Hackers like to sniff networks usually for usernames and passwords, using some kind of network packet sniffer. However if data is encrypted then it would be secure and sniffing encrypted data would prove to be useless to the hacker.
When encrypted data reaches the peer VPN gateway, or any entity for this matter that encrypts data in transit, the remote peer will have an identical key and use this key to decrypt the data.
Two types of encryption methods used today;
Asymmetric encryption -
Two keys are used, a public key and a private key. Data is encrypted using the public key and decrypted with the private key. Asymmetric encryption is used for communication over in-secure networks such as the internet. Asymmetric encryption is also known as public key encryption.
More information is available on asymmetric public keys within the asymmetric encryption page. This page is dedicated to symmetric encryption algorithms.
Symmetric encryption -
A single key is used to encrypt data and decrypt data. There are a number of symmetric encryption algorithms as follows;
One of the first encryption algorithms. Has been replaced by 3DES. See DES page for more information.
A replacement for DES, a stronger algorithm. Read 3DES page for more information.
AES encryption algorithm is the standard today. See the AES page for more information.
One of the proposed replacements for DES. Blowfish is a block cipher of a 64 bit block size. It produces 16 rounds of computation and consists of a key size from 32 to 448 bits. An advantage with Blowfish it is an un patented software and can be used by anyone.
Twofish is a block cipher with a 128 bit block size, and a key size of up to 256 bits. Twofish was one of the contenders to fill in the boots as an algorithm for AES, but did not eventually reach this far.
IDEA which stands for International Data Encryption Algorithm is another block cipher, as size of 64 bit blocks and uses a 128 bit key size. The 64 bit block size is actually broken down into 16 sub-blocks, and each sub-block has 8 rounds of computations performed on. IDEA is used in PGP and some other software products. IDEA can be used for non-commercial use.
CAST which is named after the developers, Carlisle Adams/Stafford Taveres comes in two key sizes, 128 and 256 bit key size. CAST was also a candidate for AES.
Safer (Secure and Fast Encryption Routine) is another block cipher which comes in two sizes of 64 and 128 bit key sizes. This encryption algorithm was another candidate for AES.
Another block cipher, which uses an 80 bit key and 64 bit block size. It was developed to be used with clipper chip (chipset for voice communication).
Family of Rivest Cipher alogrithms
RC4 – A stream cipher with a variable key size and is used in SSL and wireless technology in WEP. RC4 is a quick, simple and effective algorithm.
RC5 – A fast block cipher which uses various key and block sizes.
RC6 – A block cipher and an improved version of RC5. RC6 was another candidate for AES.
Symmetric encryption algorithms are used in a broad range of products today and are essential to keeping data secure, whether in transit or resting in storage. External memory devices for example sometimes come with encryption software. Good examples would be on USB memory sticks and external hard drives. A good example of encryption software which employs most of the above encryption algorithms is TrueCrypt, and the big bonus is it is also free to use.
Wikipedia's guide to Encryption