Privacy is a topic that the security community can never give too much attention. To. For those with an online presence, it is especially important to consider who has access to your information. One common method for doing so through an encryption method called Pretty Good Privacy (PGP)
What is Pretty Good Privacy (PGP)?
Developed by Phil Zimmermann in 1991, Pretty Good Privacy is an encryption program that allows cryptographic privacy and authentication for data communication. It is used for signing, encrypting, and decrypting data including files, emails, text and whole disk partitions.Pretty Good Privacy encryption works by leveraging a combination of “hashing, data compression, symmetric-key cryptography, and public-key cryptography. Each step uses one of several supported algorithms while each public key is bound to a user name and/or an e-mail address. The first version of this system was generally known as a web of trust to contrast with the X.509 system, which uses a hierarchical approach based on certificate authority and which was added to PGP implementations later. Current versions of PGP encryption include both options through an automated key management server.”
How does PGP work?
While it provides extremely high security, the workings of PGP
is fairly difficult to understand to those unfamiliar with hashing and cryptography
. Essentially, an original message gets converted to a much more complex message as it travels. Although man can see it, they cannot understand. The intended receipt, however, has a key that allows them to unlock the message.The keys are actually large numbers with mathematical properties that connect the public and private keys. According to Surveillance Self- Defense, “You can create a public/private key pair with it, protect the private key with a password, and use it and your public key to sign and encrypt text. It will also let you download other people's public keys, and upload your public keys to ‘public key servers,’ which are repositories where other people can find your key.”
Why learn encryption and hashing techniques?
Encryption is useful for everything from sending sensitive information, securing your email, protecting your cloud storage, and hiding your operating system.Security professionals may be tasked with answering questions like ‘Do I encrypt only sensitive files?’ or ‘Do I encrypt the entire drive?’ These decision makers will also have to consider encryption best practices and the benefits of using one form of encryption over another.In an increasingly complex cyber landscape, there is a growing need for information security leaders who possess the depth of expertise needed to establish capable security programs and protect an organizations’ critical information assets using the techniques described.Among the skills covered on the CISSP
exam, encryption and hashing is among them. Start by learning the basics so you can work your way to becoming the security leader the industry needs.Obtaining your CISSP certification
signifies that you possess the ability to design, engineer, implement, and manage their overall information security program to protect organizations from growing sophisticated attacks.Olivia Lynch (@Cybrary_Olivia)
is the Marketing Manager at Cybrary. Like many of you, she is just getting her toes wet in the infosec field and is working to make cyber security news more interesting. A firm believer that the pen is mightier than the sword, Olivia considers corny puns and an honest voice essential to any worthwhile blog.