Data Obfuscation
Data obfuscation is when data in a dataset is transformed into a format that is unreadable. One method is by hashing the data. However, hashing the data still leaves it vulnerable to rainbow table attacks. You can prevent these rainbow table attacks by salting the data.
Another method of data obfuscation is tokenization. With this method, sensitive information is replaced with a unique string using a lookup table. For example, you might replace a name or parts of a name with a randomly generated number and add that number and the name to the lookup table. However, you need to keep the lookup table very secure if you use this method.
Lastly is masking. This method works great if you don't actually need to retrieve this data later. With this method, you replace the sensitive information with blank values. You may recognize this method from shopping receipts--oftentimes, receipts will print credit/debit card numbers with asterisks or x's replacing all but the last four numbers.
Symmetrical Encryption
Symmetrical encryption methods are encryption methods where the same key is used for both encryption and decryption. One example of a very well-known symmetric encryption method is Data Encryption Standard (DES), a historic algorithm made in the 1970s. It works on 64-bit blocks, only taking 64-bit input and pushing out 64-bit output. When using this method, the input is put through the Feistel function 16 times, combining it with a 56-bit key each time. However, DES is now considered insecure.
A variation of DES is Triple DES (3DES), which is exactly the same as DES except you run it three times over the same data, using a different key each time. It is decrypted by using the keys in opposite order. However, this method is still limited to the vulnerabilities of DES, and is therefore still considered insecure.
Let's finally get to some more modern methods. Advanced Encryption Standard (AES) came about through a competition held by National Insitute for Standards and Technology (NIST) with the goal of replacing DES. AES was the winner of this competition. AES is widely used today, and you may recognize it if you've ever set up a home router. Much like DES, AES is a symmetric algorithm and a block cipher. However, it works with 128-bit blocks and allows three different key lengths: 128-bit, 192-bit, or 256-bit. All of these key lengths are considered secure.
Another example of a modern symmetric encryption algorithm is Blowfish. This algorithm works on 64-bit blocks, much like DES, however you can use any key length between 32 and 448 bits. However, blowfish is no longer considered secure due to known attacks against some weak encryption keys.
An alternative to Blowfish is Twofish. This algorithm is still considered secure and was even recommended by Bruce Schneider, the creator of Blowfish. This algorithm is also public domain. It works on blocks of 128-bits (like AES) and uses keys that are 128, 192, or 256 bits long.
Name
Block Length
Key Length
Secure?
DES
64 bits
56 bits
No
3DES
64 bits
112 bits
No
AES
128-bits
128, 192, or 256 bits
Yes
Blowfish
64 bits
32-448 bits
No
Twofish
128 bits
128, 192, or 256 bits
Yes
Assymmetrical Encryption
Unlike symmetric cryptography, assymmetric cryptography produces a pair of keys instead of just one. This solves many scalability issues present with symmetric encryption. RSA is an encryption method published in 1977 and still used today. It was named after its creators: Ron Rivest, Adi Shamir, and Len Adleman. When a new user wants to use RSA, they create a key pair. This pair is made using complex math involving prime numbers. From the resulting two keys, one is selected as the public key, and the other is made the private key. This public key can be shared with others freely, while the private key is to be kept secret and secure.
When someone wants to use RSA to encrypt a message, they will use the receiver's public key to encrypt it before sending it. This is because only the private key can decrypt something that was encrypted with the public key and vice versa. Since only the reciever has the private key, this means only they can decrypt the message.
The main drawback of RSA is that it's slow. To get around this, RSA is not often used for directly encrypting long messages. It can instead be used to safely exchange a symmetric key, and then that symmetric key can be used to encrypt communications for the rest of that session.
Some key facts on RSA: it uses a key length range of 1024-4096 bits. However, only key lengths of 2048 bits or higher are still considered secure.
