Encryption

Definition

Encryption is a process that protects data by turning it into unreadable text using a mathematical formula and a secret key. Only someone with the correct key can turn the encrypted data back into its original form. This protects information if it is intercepted, stolen, or viewed by someone who should not have access.

Plain text (readable data) is transformed into ciphertext (scrambled data). The ciphertext looks like random characters to anyone who does not have the key. When the correct key is used, the data is decrypted and becomes readable again.

There are two main kinds of encryption:

* Symmetric encryption
  The same key is used to encrypt and decrypt the data. This is fast and is often used to protect large amounts of data, such as files or disks.

* Asymmetric encryption
  Two related keys are used. One is a public key that can be shared to encrypt data. The other is a private key that is kept secret and is used to decrypt. This is often used in secure communication and digital certificates.

Encryption can protect:

* Data at rest, such as files on a laptop, a phone, or a server
* Data in transit, such as information sent over HTTPS between a browser and a website
* Backups and archives that are stored for long periods

In cybersecurity investigations, encryption is a double-edged tool. Defenders use it to keep sensitive data safe from attackers. Attackers use it in ransomware to lock files and demand payment, and sometimes to hide their own communications or tools. Understanding how encryption works helps analysts interpret logs, evaluate risk, and respond to incidents that involve protected or locked data.

Encryption

Definition

Explore More Terms