Encryption

Encryption is the process of hiding the contents of information, which is particularly important as you send and receive information (e.g. passwords, credit card information, other personal information, etc.) on your computing devices.

Encryption strength is measured in bits (e.g. 64 bit, 128 bit, 256 bit, 512 bit, etc.) The larger the number, the stronger the encryption. Currently 256 bit encryption is considered strong (i.e. difficult to decrypt without a key).

As an example, “dpnqvufs” is a simple form of encrypting the word “computer” by shifting each letter to the next one in the alphabet (i.e. “c” becomes “d”, “o” becomes “p”, etc.).

The diagram below shifts each letter 3 to the right (i.e. “a” becomes “d”. “B” becomes “e”, etc.) and encrypts “hello” as “khoor”.

In the above two examples, the encryption would be considered very weak, as it could be decrypted extremely easily by a computer program.

When you are using a web browser on the Internet, ideally you only deal with encrypted web sites (so that someone intercepting the communications between you and the website can’t easily decipher these communications).

How do you tell if the website uses encryption? Look at the address bar in the web browser, it’s where the web site address appears, e.g. www.capilanou.ca If the site uses encrypted communication, you will either see “https://” before the website address and/or see the image of a locked padlock. If the site is unencrypted you will see either “http://” before the website address and/or see the image of an unlocked padlock. E-Commerce sites (banks, retailers, etc.) have typically always used encryption to protect financial transactions; however, there is a trend to having all websites use encryption.

In addition to encrypting Internet communications, some people choose to encrypt the personal data stored on their devices. This is desirable for employees working with sensitive company information should their device ever be stolen; however, encryption can also be used by criminals and terrorists to mask their activities. As such, there is a debate in many governments around the world as to whether encryption should be allowed for use by private citizens, and whether “backdoors” (i.e. a way in) should be mandated to assist law enforcement.

When traveling, be aware that different countries have different laws & regulations with respect to the ability of government border agents to demand decryption keys to encrypted information (as well as passwords to social media accounts) on electronic devices that people are bringing as they cross a border.

Public Access Points

If you have ever been in a coffee shop, hotel lobby, or other location where they offer free Wi-Fi, be cognizant of the type of Wi-Fi connection (encrypted or unencrypted) being offered, and adjust the type of activities you are doing on your device accordingly.

Unencrypted Wi-Fi networks don’t require a password to join them. Encrypted networks will have a password.

Encrypted public networks (those with a password) are preferred, as any personal information you reveal while connected would be unreadable by someone intercepting your device’s communications with the coffee shop’s router. Similarly to a web browser, when you display a list of available Wi-Fi networks, you should see a closed padlock beside the networks that are encrypted.

If you are connected to a Wi-Fi network without encryption, be aware that all communications between your device and the coffee shop’s router could be read by others, typically it’s hackers who would be interested in doing this. If this is the type of connection you have, stick to reading the news and checking weather, and consider not doing anything where you are transmitting personal information (e.g. email, banking, user-IDs, passwords, etc.).

There have been isolated instances of hackers parking in a hotel parking lot and creating an unencrypted Wi-Fi hotspot using the hotel’s name in the SSID (the name you see for the Wi-Fi network). This makes it appear to any hotel guest that they are connecting to the hotel Wi-Fi, but in fact they are connected to the hacker’s Wi-Fi. The goal is to steal login credentials and other information to enable identity theft. If you ever see two Wi-Fi networks with very similar names and one is encrypted and one is not, always connect to the encrypted Wi-Fi (the one that requires a password).

Media Attributions

• “Caesar cipher Encode and Decode” by Meilani.conley is licensed under a CC BY-SA 4.0 licence.
• “Internet2” by Fabio Lanari is licensed under a CC BY-SA 4.0 licence.
  
• “Free Wi-Fi | Didn’t work, but I picked up the free wifi next… | Flickr” by Ken Hawkins is licensed under a CC BY 2.0 licence.