Encrypting files keeps information away from attackers and prevents identity theft, fraud and other crimes. Encryption is especially relevant now because of two trends:
- Data breaches are becoming more common.
From 2005 to 2020, the annual number of data breaches in the U.S. rose by 537.58% according to statista.com.
- More confidential data is in clouds.
According to Palo Alto Networks, 70% of companies are now hosting more than half of their workloads in the cloud.
Encryption is a method of making information unreadable to anyone besides the intended recipient. For example, a credit card number sent in plaintext could look like this:
1234 5678 9101 2345
A credit card number sent in cipher text could look like this:
The encrypted string is gibberish — no one intercepting communications could figure out the number unless they crack the code. Once the true recipient receives the data, they can decrypt the message and see the real number.
As a managed file transfer (MFT) company, we give our customers access to several types of encryption, including PGP encryption, encrypted protocols and encryption at rest. We’ll go into more details about those encryption types below.
What are the three types of encryption?
The three types of encryption are symmetric encryption, asymmetric encryption and hashing.
1. Symmetric Encryption
With symmetric encryption, the sender and recipient use the same key to encrypt and decrypt data. For example, Bob uses his key to encrypt the data he wants to send to Alice. When Alice receives the data, she decrypts it with Bob’s key.
Symmetric encryption is sometimes with asymmetric encryption to make it more secure. For example, you can encrypt a symmetric key with asymmetric encryption so that you can send the symmetric key securely.
- Less overhead than asymmetric encryption
- Faster to use than asymmetric encryption
- Not as secure as asymmetric encryption — if a key gets leaked or stolen, the data can be read easily
- Difficult to distribute symmetric keys to everyone who needs it without compromising security
2. Asymmetric Encryption (also known as Public Key Cryptography)
With asymmetric encryption, the sender and recipient use two or more mathematically related keys to encrypt and decrypt data.
There are two types of keys used in asymmetric encryption:
- Public key — can be shared with anyone and is used to encrypt data.
- Private key — can’t be shared with anyone and is used to decrypt data.
For example, if Bob wanted to send a file to Alice, he’d use his public key to encrypt it and she’d use her private key to decrypt it.
Because asymmetric encryption uses two or more keys, it’s more secure than symmetric encryption. It can be used on its own, or the sender and recipient can combine their public and private keys to create a symmetric key.
- More secure than symmetric encryption
- More overhead than asymmetric encryption
- Slower to use than symmetric encryption
Hash functions are used to ensure data integrity, protect against unauthorized modifications and protect stored passwords.
Hashing takes a message of any length and converts it into a fixed length of text. It uses an algorithm like MD5, SHA-1, SHA-2, NTLM or LANMAN to do so.
To put it in more technical terms, hashing takes an input (the message) and uses a hash function (the algorithm) on it to get the hash value (output).
Hash algorithms should:
- Work fast — but not too fast
- Provide a unique hash for each unique message
- Avoid hash collision
It should be able to turn a big file into a hash value within a couple seconds. But if a hash algorithm works too quickly, it’s easier to break.
If any part of the message is changed, the whole hash should be completely different.
A hash collision is when there are two or more documents that have the same hash value. This happens because hash values are always a fixed length of text, and there are millions, if not billions of inputs a user could have.
If an algorithm is weak and attackers can create hash collisions on demand, they can make their malicious files look like they’re coming from the true sender. Malicious files can infect a network and damage the devices on that network.
- No need to compare files word-for-word to determine they’re the same — hashing is faster
- Can make sure a transferred file isn’t corrupted
- Hash collisions present security risk
- Hashing randomizes data and retrieves it well, but it won’t sort it
What is the difference between hashing and encryption? Which is better?
|Purpose||Verify integrity of a file||Ensure the right person receives a file|
|Result||Fixed-length string||Any length of string|
So, is hashing or encryption better?
It depends on what you’re doing. If you’re storing passwords, hashing is probably better because a hacker wouldn’t be able to see the passwords in plaintext. Encryption is better for protecting files while they’re being transferred.
What is end-to-end encryption (E2EE)?
End-to-end encryption (E2EE) describes a situation in which a file is encrypted all the way from the sender to the receiver. It includes encryption in transit (while the file is being transferred) and encryption at rest (while the file is sitting with the recipient).
What is encryption in transit?
Encryption in transit is encryption as the file is being transferred. For a file to be encrypted in transit, the sender must use a secure protocol like HTTPS, FTPS or SFTP, which scrambles data before it’s transferred.
We recently phased out support for file transfer protocol (FTP) client and server endpoints in our platform because FTP does not encrypt files during transfer. Anyone who uses FTP is at a higher risk for a man-in-the-middle attack or other types of eavesdropping attacks.
SFTP uses SSH, or Secure Shell, to encrypt the files and send them over a secure channel. To transfer files with SFTP, the user logs into a client to authenticate themselves.
FTPS encrypts the username and password and sends files over an encrypted channel. Specifically, FTPS uses Transport Layer Security (TLS) to secure the channel. TLS uses certificates to check that the user is connected to the right server.
HTTPS and HTTP are both used to send data between web browsers and websites. Unlike HTTP, which sends information in plain text, HTTPS uses TLS to encrypt data.
You can see an example of HTTPS in most website browsers if you click the padlock icon next to the URL bar. If you click “Certificate,” you can view details such as who it was issued to, who it was issued by, etc.
What is encryption at rest?
Encryption at rest is encryption when the file has landed at the recipient’s end. Encryption at rest should be done with strong encryption algorithms like Advanced Encryption Standard (AES) or Rivest-Shamir-Adleman (RSA) encryption.
Some of our customers store their files in the cloud for weeks, months or years to satisfy legal or business requirements. All data stored in Thru is encrypted by AES 256-bit encryption to protect our customers’ data.
What is PGP encryption?
In addition to encrypting files at rest, we encourage our customers to use PGP, or file-level, encryption to protect the file itself. PGP stands for Pretty Good Privacy, and it was invented in 1991.
PGP works by using two keys – one public and one private. The public key is shared with anyone and used to encrypt the message. The private key is never shared and decrypts the message.
Here is an example:
- Bob wants to send a file with Alice, so he asks for her public key.
- He uses her public key to encrypt the file before it is transferred.
- He transfers the file with SFTP.
- Once she receives it, she uses her private key to decrypt the message.
By using an encrypted protocol and PGP encryption, Bob’s file transfer to Alice is protected from end-to-end.
Go Beyond End-to-End Encryption (E2EE)
Thru provides end-to-end encryption for files, but that’s not everything you need for secure file transfers. Additional security features that Thru includes are:
- Automatic quarantine of infected files
- Whitelisting of Thru’s server endpoints protects against security scanning and denial of service attacks
- Multi-factor authentication
- Role-based access controls
- PGP encryption
For more information about Thru’s security features, please visit our Security page.