Encryption, a term you’ve likely come across in various contexts, refers to the mathematical process of converting a message into an unreadable format, decipherable only by someone with the right key. Historically, encryption was used to send secret messages. Today, with the advent of computers, its application has expanded to include verifying the authorship of messages.

Two primary applications of encryption are to protect data at rest and data in transit.

1. Encrypting Data At Rest:

Data “at rest” refers to information stored on devices like mobile phones, laptops, servers, or external hard drives. One common method to protect such data is “full-disk” encryption, which encrypts all information on a device. However, simply locking your device doesn’t always mean it’s encrypted. It’s essential to ensure your operating system supports and manages full-disk encryption. Some systems, even when encrypted, might store unencrypted data on RAM, which can be vulnerable to sophisticated attacks. Full-disk encryption is especially useful against unauthorized physical access, theft, or loss of devices. Other methods include “file encryption” (encrypting specific files) and “drive encryption” (encrypting specific storage areas).

2. Encrypting Data In Transit:

Data “in transit” is information moving across a network. For instance, when you send a message or browse a website, the data travels from your device to servers and vice versa. Two main methods protect data in transit: transport-layer encryption and end-to-end encryption.

  • Transport-layer encryption (e.g., HTTPS) protects data as it moves from your device to servers and back. However, the service provider can see unencrypted copies of your messages. While HTTPS hides specific pages you visit, it doesn’t hide the main website. Using tools like EFF’s browser extension HTTPS Everywhere can enhance HTTPS protection. Another example is a Virtual Private Network (VPN), which encrypts traffic between you and the VPN provider.
  • End-to-end encryption ensures that only the sender and receiver can read the message. Even the app or service provider can’t decrypt the content. This method is the gold standard for privacy, ensuring complete confidentiality of the message content.

However, encryption isn’t a panacea. While it protects the content of your communications, it doesn’t hide metadata, like who you’re communicating with or the duration of communication. For optimal security, it’s recommended to use encryption consistently, not just during sensitive times.

In conclusion, for comprehensive security, it’s ideal to encrypt data both in transit and at rest. This multi-layered approach, known as “defense in depth,” ensures protection against a broader range of potential risks.

Find out more on the great post from the Electronic Frontier Foundation on using encryption for “data at rest” and “data in transit”.
The next frontier is encryption for “data in use” so that unnecessary decryptions don’t happen: https://ssd.eff.org/en/module/what-should-i-know-about-encryption

 

Cosmian makes no tracking for advertising and does not collect any personal data. Cookies are used for statistical or operational purposes, as well as for analysis, allowing for continuous improvement of the website. Cosmian uses the Matomo Analytics tool, an audience measurement solution that uses cookies with a configuration that complies with the data protection legislation and the recommendations of the CNIL (Commission Nationale de l'Informatique et des Libertés). This configuration allows to anonymise visitor's data and to limit the storage period of this data to a maximum of 13 months. With this configuration, the prior consent to the deposit of Matomo Analytics cookies is not required. However, you can still choose not to allow these cookies (by clicking here ) or at any time by consulting our Privacy Policy.

For more information please consult our Privacy Policy