Frequently Asked Questions - File Protection
What is Encryption?
Encryption is a process that encodes normal digital data (plaintext) into ciphertext, a format that is no longer be easily understood by unauthorized people. Decryption is the process of converting ciphertext back into its original form, so it can be understood.
All encryption products are fall within one of two encryption technologies: asymmetric and symmetric encryption. Asymmetric encryption uses a different key for encryption and decryption, while symmetric encryption is uses the same key for encryption or decryption.
Why do we need encryption?
There would be no digital security and privacy without encryption, because digital information and communication is inherently unsafe. Once unprotected digital data is exposed in public environments such as the Internet it is almost impossible to erase it.
How secure is encryption?
Most popular encryption programs are very secure unless the encryption key is exposed.
The strength of encryption can be represented by the number of bits in its encryption key, and based on the soundness of the encryption algorithm. To give you an idea of how big 256 bits is, it's roughly equal to the number of atoms in the universe! In the context of AES encryption(discussed below), it is predicted that it will be another 192 years before computers are fast enough to even attempt a massively distributed attack. However, if keys are not managed properly, the number of bits is irrelevant.
What is authentication? How do we do it?
Authentication is the process of determining whether someone or something is, in fact, who or what it is declared to be.
User authentication is conducted electronically through examining credential represented in one or a combination of the following factors: a) what you know, b) what you have and c) what you are. The popular method of authentication is username and password which falls within the first "factor".
Why do I need authentication in decryption?
Encryption makes sure the data can't be read or tampered with. Authentication ensures that protected data is accessed only by the authorized user.
What encryption algorithm is used in File Sentry?
File Sentry uses AES encryption.
The Advanced Encryption Standard (AES) is an encryption algorithm for securing sensitive but unclassified material by U.S. Government agencies; it has since been adopted as the de facto encryption standard in the private sector.
What is an encryption key?
An encryption key is typically a random string of bits generated specifically to scramble and unscramble data. In asymmetric encryption, the key used to encrypt and decrypt is different, while in symmetric encryption solution, the key used in encryption also be used in decryption.
Does where encryption key is stored matter?
Yes. Encryption transfer risks from the digital data to the encryption key. If the encryption key can't keep safe then encryptions will have little or no security benefits.
What is key management?
Key management is the management of cryptographic keys in a "crypto" system. This includes dealing with the generation, exchange, storage, use, and replacement of keys. It includes cryptographic protocol design, key servers, user procedures, and other relevant protocols.
Why is key management important in cryptography?
Users encrypt data in order to prevent unauthorized access to information that is sensitive or privateThe reason data is encrypted because the desire of preventing unauthorized accesses to privileged information. For a hacker, lLaunching a brute-force attacks at protected information can be a are very costly undertaking. However, , hence adversaries have focused at stealing encryption keys or user credentials to allow them gain access to encryption keys is far easier and, unfortunately, very common. Bad guys Adversary haves mastered the an art of stealing in thieving digital identities from user’s computers, networks or inside servers that sit inside the within the enterprise and even the cloud. Unless the encryption key is properly protected in storage, distribution and retrieval, encrypting something or everything does not equate to achieving digital security, confidentiality and integrity.
What happens if I lose or forgot my password?
Depending the design of an encryption solution, a user may a) lose access to protected files if the solution is generic client-side encryption; b) may recover a key from an encryption key escrow or safe repository service after user credentials are verified. c) or Recovering from backup; utilizing specialized password management software and have a backup pre-prepared prior to the loss.
How Does File Sentry Manages cryptographic keys?
File Sentry provides dual control of encryption key.
In File Sentry, every encryption key is built from a server-side token and a client-side token. The server-side token is created from the information about a user device that is provided by a service provider, and data identification that is provided by user; the client-side token is sourced from a user device (an equivalent to TPM), by processing the server token and a random number that is accompanied the request. The encryption key is decoded when File Sentry client application by cryptographically combines Server-side token and Client-Side token.