Encryption 101: Understanding Encryption

A hands-on approach for those of us who aren't good at math

Jorg Greuel/Getty Images

WPA2, WEP, 3DES, AES, Symmetric, Asymmetric, what does it all mean, and why should you care?

All these terms are related to encryption technologies used to protect your data. Encryption and cryptography in general, can be difficult topics to wrap your head around. Whenever I hear the words cryptographic algorithm, I picture some nerdy professor writing equations on a chalkboard, muttering something to himself about the Medulla Oblongata as my eyes glaze over from boredom.

Why should you care about encryption?

The main reason you need to care about encryption is because sometimes it's the only thing between your data and the bad guys. You need to know the basics so that you will, at the very least, know how your data is being protected by your bank, e-mail provider, etc. You want to make sure they're not using outdated stuff that hackers have already cracked.

Encryption is used just about everywhere in all kinds of applications. The main purpose for the use of encryption is to protect the confidentiality of data, or to aid in the protection of the integrity of a message or file. Encryption can be used for both data 'in transit', such as when it is being moved from one system to another, or for data 'at rest' on a DVD, USB thumb drive, or other storage medium.

I could bore you with the history of cryptography and tell you how Julius Caesar used ciphers to encode military messages and all that type of stuff, but I'm sure there are a million other articles on the net that could provide far more insight than I could give, so we'll skip all that.

If you're like me, you want to get your hands dirty. I'm a learn-by-doing type of person. When I started my study of encryption and cryptography before I took the CISSP exam, I knew that unless I could "play" with encryption, then I would never truly understand what was happening behind the scenes when something is encrypted or decrypted.

I'm not a mathematician, in fact, I'm horrible at math. I didn't really care to know about the equations involved in the encryption algorithms and whatnot, I just wanted to know what's happening to the data when it's encrypted. I wanted to understand the magic behind it all.

So, What's the best way to learn about encryption and cryptography?

While studying for the exam, I did some research and found that one of the best tools to use to get hands-on experience with encryption was am application called CrypTool. CrypTool was originally developed by the Deutsche Bank back in 1998 in an effort to improve its employees understanding of cryptography. Since then, CrypTool has evolved into a suite of educational tools and is used by other companies, as well as universities, and anyone else who wants to learn about encryption, cryptography, and cryptanalysis.

The original Cryptool, now known as Cryptool 1 (CT1), was a Microsoft Windows-based application. Since that time, there have been several other versions released such as Cryptool 2 (a modernized version of CrypTool, JCrypTool (for Mac, Win and Linux), as well as a purely browser-based version called CrypTool-Online.

All of these apps have one goal in mind: make cryptography something that non-mathematician-type folks like me can understand.

If studying encryption and cryptography still sounds a little on the boring side, fear not, the best part of anything crypto-related is the part where you get to code-break. Cryptanalysis is a fancy word for code-breaking, or trying to figure out what the decrypted message is, without having the key. This is the fun part of studying all this stuff because everyone likes a puzzle and wants to be a hacker of sorts.

The CrypTool folks even have a contest site for would-be code-breakers called MysteryTwister. The site lets you try your luck against ciphers requiring only pen and paper, or you can step up to more complicated challenges that require some programming skills coupled with some serious computer power.

If you really think you've got what it takes, you can test your skills against the "Unsolved Ciphers". These ciphers have been analyzed and researched by the best of the best for years and have still not been cracked. If you crack one of these then you might just earn yourself a place in history as the guy or gal who cracked the uncrackable. Who knows, you might even land yourself a job with the NSA.

The point is, encryption doesn't have to be a big scary monster. Just because someone is awful at math (like me) doesn't mean they can't understand encryption and have fun learning about it. Give CrypTool a try, you could be the next great code-breaker out there and not even know it.

CrypTool is free and is available at the CrypTool Portal