What is Password Encryption and How Does it Work?
Okay, so you have some documents, files or other data that you want to protect. How do you do that?
The standard way is to put a password on it so that only the people who know the password can open the data.
Unfortunately, a password alone is not nearly enough to keep your data safe from determined hackers, or just someone who can guess the password. So we need to go a step ahead and introduce encryption to the password.
So what is password encryption, how does it work and how will encrypting your password help make it more secure?
Let’s find out in this article.
What is Password Encryption? Symmetric and Public Key Encryption Explained
The term “password encryption” is a bit misleading as you don’t encrypt the password itself but the contents of the file or document that the password is supposed to protect.
Here it’s important to understand what encryption is in the first place.
Encryption is a 2-way process in which, on one hand, the data is converted from plaintext into a “ciphertext” using an encryption key and on the other, it is converted back into plaintext by using a decryption key.
Encryption can either be asymmetric or symmetric.
The difference between the two is that asymmetric encryption uses two keys – public and private. This is also sometimes called public key encryption.
With asymmetric or public key encryption, data is first encrypted using the public key and then decrypted using the private key. The public key is available to anyone, while only the recipient will have the private key, which makes this type of encryption a lot safer.
On the other hand, symmetric encryption only uses one key to both encrypt and decrypt data. This key needs to be shared between the sender and the recipient and therein lies its biggest flaw. While this method is undoubtedly faster than asymmetric encryption, the risk is that a 3rd party could always intercept the key and be able to read the document freely.
Another big (we can even say “key”) difference between the two is the length of keys that each encryption type uses.
Symmetric encryption uses shorter keys, usually 128-bit or 256-bit, while asymmetric encryption uses much longer keys, 2048-bits or more. This makes symmetric encryption faster, but on the other hand, the longer key means that public key encryption is more secure.
What About a Hash and Salt in Passwords?
You might also have heard the term “hashed & salted” in relation to encryption. Where people often make a mistake is that they tend to see the two as synonymous, but they’re not. There are a few key differences here:
- Hashing is a one-way process, encryption two-way
- Hashing verifies the integrity of the file, encryption verifies the authority of the person accessing the data
- Hashing is strict-length, encryption variable
What hashing essentially does is converts input data into an output hash. In other words, a hash algorithm will take a block of data and transform it into shorter values of fixed length.
You can read more about hashing and how it works in this article.
Right now, let’s find out if using a hash algorithm on passwords can make them even more secure.
Consider the following scenario:
You have some data and you want to allow only people with “login” privileges to see it, meaning they need to enter a username and a password. However, for the system to “verify” that they entered the correct password, it needs to store something.
Unfortunately, with typical databases like SQL, this will often be stored as a “cleartext” of the password itself. This means that, if an attacker manages to gain access to the database, they will be able to read the stored cleartext passwords. This is how most data breaches happen in the first place.
But if, instead, said data, or here passwords, is protected using a hash algorithm, then the likelihood of a hacker doing anything with the password even if they can access it is much lower.
What is the Difference Between Password Encryption and Password Protection?
Is password encryption the same as password protection?
Not really and we’ll explain the differences between the two next.
Think of password protection as locking something in a box. In this case, the password serves as the key to the lock and only someone with the key can open it.
This is your standard way to protect online accounts, computers, phones, etc. However, often the attacker or hacker can either find out what the password is or brute force it, or find some other way inside, without even using the password (for instance, the lock-box could have a weak bottom side).
So password protection, while useful and necessary, is just a “surface-level” protection and alone, in this day and age when attackers use more sophisticated methods to attack protected files, it’s not enough.
This is why you need to consider taking the next step and that means password encryption. Now, as we already mentioned, it’s not the password itself that is encrypted here, but rather the contents of whatever the password is meant to protect.
In other words, if an attacker penetrates the password and can open the password-protected data, they are free to read it normally if it doesn’t also have password encryption on top of the regular password protection.
MD5 and SHA Hash Algorithms? Which are More Secure for Passwords?
Speaking of hash algorithms, the two most commonly used for passwords are MD5 password encryption and SHA.
Let’s go ahead and explain these two a bit closer.
MD5 or Message-Digest 5 is a hash function whose purpose is to verify that data has not been changed in any way.
Normally, this could be done by comparing the raw data, but that might not be very secure in certain circumstances. Instead, MD5 creates a checksum for both sets of data and then compares the checksums themselves to see if they’re the same.
The main issue with MD5 is that it’s not very secure and can be broken relatively easily by skilled attackers.
Instead, when considering a hashing function for passwords, the better choice is SHA. SHA is really a modified and improved version of MD5 that is more suitable for hashing data and certificates and is really the data encryption standard today.
With SHA, for instance, if just one character in the message changes (even from upper-case to lower-case), the entire hash value will change as a result. This is called “the avalanche effect”.
The benefit here is that the system doesn’t have to remember passwords themselves, but rather the hash, so if hackers manage to breach the database, passwords will be protected nevertheless.
What are the Best Password Encryption Tools?
Okay, but how can we encrypt passwords in the first place if we don’t have any encrypting know-how?
Luckily, there are several very good and often free password encryption tools.
We’ll mention just a few of them:
These tools are not only useful for managing and generating passwords, but also for encryption and making them more difficult to crack once they are stored.
CTemplar hashes your passwords before sending them to the server for authentication and sign-up. The salt is created using the unique user’s username and this is then used to hash the password using bcrypt.js password-hashing function, which is also the default password hash algorithm for certain Linux distribution systems.
This means that CTemplar takes your security and privacy very seriously. If you want to regain your privacy, join CTemplar today.