Encryption is the transformation of electronic data in another form so that it cannot be understood or interpreted easily by any person, or even certain software, except those authorized and who know the encryption.
The main objective of carrying out encrypted is to protect the confidentiality of the data stored in the computer systems or those that are sent through the internet or any type of network. Along with confidentiality, encrypting data protects other basic principles such as authentication, since the origin of a message can be verified, and integrity, since it is proof that what the message contains has not been changed from the moment it was sent. Normally, encryption is based on algorithm systems capable of converting data.
The operation of the encryption is quite simple: the data is encrypted, as has been mentioned before, by means of an encryption algorithm and a key is assigned to it. This generates an encrypted text from the data that can only be seen in its real form if it is decrypted with the previously assigned key. Deciphering is the inverse process to encrypting, following the same steps, but with reverse order. There are two types of encryption algorithms: symmetric and asymmetric.
With the extended and personal use given today to the internet, the encryption of data on the web is necessary to protect many personal data of users that may be within the reach of attackers and attempt against the integrity and confidentiality of the person, accessing data very personal and, therefore, very sensitive.
Sensitive data in encryption
One of the most sensitive data and where encryption is most centered is on user names and passwords, which is called credentials. As we say, the encryptions are focused on them because, through this data, you can have access to a lot of personal information. The passwords must always be stored in the corresponding database, encrypted, so that possible attackers do not have access. There is a method of encryption called “double direction” for the app or web to remember the data and can decipher them too. But this method is not advisable, the advisable thing is a one-direction algorithm, that can not be deciphered.
To encrypt a password, it is passed through a summary function such as SHA, MD5… Once passed through the function, the content obtained is saved in the database and, finally, the password is discarded. And if the password is discarded, how do we know if the user has entered this correctly? The method is simple. It is also encrypted what was entered by the user and the encryption is compared with the one that has been saved in the database. Through this encryption technique, even if an attacker accesses the web’s database, he will not be able to know the passwords and he will have to use brute force attacks to try to get them.
The management of sensitive data of users by applications and websites, requires that they have security techniques and systems to protect such data as they can be very relevant and, therefore, the use of encryption techniques is essential. data.