NetAction's Guide to Using Encryption Software

What are the vulnerabilities in encryption, and how do I guard against them?

If you lock your door with a deadbolt instead of a chain, you make it more difficult for a burglar to get inside your home. Similarly, there are differences in the level of security that encryption software provides. Most of the well-known encryption algorithms that are considered "good" are mathematically complex enough to be difficult to break; otherwise, they wouldn't be so widely used. But even good algorithms are vulnerable to being broken if someone is persistent enough. In this section, we discuss the general vulnerabilities in encryption software, and offer tips that you can use to combat them. If you'd like more information on the vulnerabilities of a particular algorithm or software program, search the Web for reviews on its effectiveness.

General vulnerabilities include:

"Brute Force" Cracking

"Brute force" is another way of saying "trial and error." With this method, a "cracker" tries every possible key until he or she stumbles upon the correct one. No encryption software program it is entirely safe from the brute force method, but if the number of possible keys is high enough, it can make a program astronomically difficult to crack using brute force. For example, a 56-bit key has 256 possible keys. That's up to 72,057,594,037,927,936 – seventy-two quadrillion – keys that a cracker may have to try in order to find the correct one.

TIP: The more bits in a key, the more secure it is, so choose software with as many bits as possible. If you have a choice between 56-bit encryption and 128-bit encryption, for example, use the 128-bit encryption.

For more information on brute force cracking, please see Appendix A: "Brute Force" Cracking.

"Back Doors"

A "back door" is a security hole in a piece of software. A "back door" may be present because someone created it in the software with malicious intent, or by accident. Whatever the reason, if a malicious "cracker" discovers a "back door" in a program, he or she may be able to discover your key or password.

TIP: Make sure that the encryption software you choose has been rigorously tested. Read online reviews, and consider how long the software has been available. Visit the software's Web site periodically to check for patches and updates, and install them.

Making Good Keys

In every kind of encryption software, there is some kind of password that must be created so that the intended recipients of the information can read it. Creating a password that "hackers" or other malicious parties cannot easily guess is just as important as choosing a good algorithm or strong encryption software.

TIP: Take care to make a strong key. Use a varied set of characters, including lowercase and uppercase letters, numbers, and symbols (like spaces, colons, quote marks, dollar signs, etc.). A good password should be longer than eight characters; the longer it is, the harder it is to crack.

If you're concerned about remembering a long password, don't be. Even a long password made up of different types of characters can be easy to remember. Instead of using your daughter's name, "sally," for example, use "S411y is: #1 i/\/ mY b00k!!!". (Many password-guessing programs (see "Brute Force" Cracking) employ a database of English words that guesses passwords from various combinations of words, so it's a good idea not to use passwords made up exclusively of English words. Note that in the example above, numbers and characters are interspersed with letters.) Even better is to use a series of random letters, numbers, and symbols, so that it can't be guessed easily.

TIP: If you forget your password, you will not be able to decrypt data that you have encrypted. Be sure to make a backup copy of your password and store it in a safe place, such as on a floppy or zip disk, a CD, or a separate hard drive. You can also copy and paste your password into a new document, print the document, file the paper somewhere safe, and delete the document from your computer.

Next: Where can I get more encryption software? | Back to Guide