Joel Lord is a developer advocate at MongoDB passionate and curious about the web and technology in general. He also is a math lover who enjoys digging deep into topics and one of them is data encryption.
What does encryption have to do with Spartans?
Once upon a time at WebExpo 2023, Joel opens his talk unconventionally with a historical tale full of intrigue caused by the conflict between Persia and ancient Greece. And believe it or not, it was all centered around the secrets of data encryption. At that time they had very limited options yet they were inventive minds using for example wax tablets, messenger’s scalp that they shaved first and waited for the hair to grow back, or encryption by transposition to hide their messages.
Evolution of encryption: As time went by
To understand how we got to where we are today (not only when it comes to cryptography) it’s important to understand the historical roots.
The Caesar Cipher – a classic substitution
Probably even you remember using it when you were a kid in primary school and didn’t want your teacher or classmates to understand messages you exchanged with your partner in crime. It’s based on the principle of shifting the alphabet by a fixed number of positions, which creates a new coded message. In its time this method was effective yet it was relatively easy to decrypt, even for chat GPT.
The Vigenere Square – secret key code needed
This technique is a significant advancement from the Caesar Cipher. It’s a square that consists of 26 Caesar Ciphers and it requires a secret key that acts as a code to encode messages for both parties. As repetition is the enemy of most encryptions, even this one was quite easy to eventually decrypt.
The Enigma Machine – a mechanical marvel
Invented in 1918 in Germany, this mechanical wonder revolutionized encryption using rotors and mirrors to scramble messages in an immensely complex manner. Due to its sheer quantity of possible combinations, it created a formidable challenge for code breakers.
The 1960s are considered a cryptography game changer due to the introduction of computers, which brought more possibilities. It soon led to the creation of the Lucifer encryption system – the first algorithm that transformed characters into binary strings, employing intricate functions to ensure robust encryption.
The holy trinity of cybersecurity
Joel points out the necessity of being able to distinguish the difference between these three algorithms used nowadays.
Hashing – data integrity and password security
Hashing is used for password protection as it converts input data into a fixed-size string. It’s a one-way function, ensuring irreversible results.
Encoding – data format transformation
According to Joel, the biggest error is to confuse encoding with encryption. Encoding adapts data for specific purposes without encryption. Base64 encoding, for instance, simplifies transmission by converting complex data into standard ASCII characters. Remember, encoding doesn’t provide security; it’s purely for format optimisation.
Encryption – data protection
Encryption renders data unreadable without the correct key. Algorithms like AES, RSA, and DES play crucial roles. They can be symmetric (using one key for both encryption and decryption) or asymmetric (employing a key pair). It’s necessary to stay updated with the latest encryption methods for robust data security.
In the second half of his talk, Joel dives into practical step-by-step demonstrations of examples of symmetric (AES) and asymmetric (RSA) algorithms, so we strongly recommend you to watch his entire talk to get the full experience.
In conclusion, safeguarding data in a database is critical. Utilise encryption methods like RSA for secure communication and encrypt data on disk. Be cautious of vulnerabilities when data is decrypted on the server. In microservices architecture, implement client-side field-level encryption for added security. Avoid creating custom encryption algorithms. Stick to established standards for robust protection.