{"id":892,"date":"2022-07-22T08:14:38","date_gmt":"2022-07-22T08:14:38","guid":{"rendered":"http:\/\/blog.majeros.atthost24.pl\/?p=892"},"modified":"2023-12-05T14:19:11","modified_gmt":"2023-12-05T14:19:11","slug":"what-are-different-types-of-encryption","status":"publish","type":"post","link":"https:\/\/knowledgebase.privmx.com\/pl\/what-are-different-types-of-encryption\/","title":{"rendered":"What are different types of encryption?"},"content":{"rendered":"

Internet service providers offers various privacy-oriented features meant to secure your data and if you\u2019re not tech-savvy, it\u2019s easy to get confused. Here\u2019s a brief introduction to various types of encryption in internet services.<\/strong><\/p>\n

Two standard types of encryption: in-transit and at-rest<\/h3>\n

The first type is encryption in-transit<\/strong>. It means that an internet service protects your data when it\u2019s on the move, from local storage to cloud storage or from one network to another. It is widely believed that data is the most vulnerable on the move, that\u2019s why this kind of encryption was introduced in the early days of internet – you use it every day, it works in all web browsers and mail client applications. You can imagine an armoured bank van – your money is being secured for transport\u2026 but after reaching the place of destination, it\u2019s unloaded and becomes unprotected again – and this is when another type of protection can be used.<\/p>\n

To secure your money in a bank, you simply need there a safe with a lock. When it comes to securing your data, an equivalent would be encryption at-rest<\/strong>. In this scenario, your data is encrypted when it\u2019s stored on the internet service\u2019s server hard drives (or any other kind of permanent data storage devices they use). When somebody detaches a hard drive from a server, you can be quite sure your data wouldn\u2019t be readable do them.<\/p>\n

On the other hand, these days almost all internet services need to access your data to analyse and process it, so they need to have a proper encryption key. Using our bank metaphor – imagine that you put your money in a locked safe inside a bank, leaving the only key somewhere in the building, at hand of the bank employees.\nSounds strange?<\/p>\n

Better ways to protect your data: end-to-end and zero-knowledge encryption<\/h3>\n

Of course that\u2019s strange, at least for all users who care about the privacy of their data. The only solution to this dilemma is end-to-end encryption<\/strong>, a third kind of encryption we\u2019d like to mention here. In this case, encryption is applied on your device (your end) even before<\/strong> your data is sent. Then it is protected all the way<\/strong> to the second device (the other end) used by your colleague, who has a decryption key. Before getting to the other end, your encrypted content can fly in the network between any number of intermediate devices, and can be stored on them, but it always remains encrypted, so nobody can read it.<\/p>\n

Sticking to the bank example, it\u2019s like you put your money in your own safe even before taking it to the bank. Imagine leaving your own locked safe inside the bank safe. Your own key stays with you all the time, and the bank cannot access your safe\u2019s content and does not even know what\u2019s inside. It\u2019s yours and yours alone.<\/p>\n

However – be aware that some banks may not be looking the other way when you\u2019re setting a password to your safe. It\u2019s probably rare, but some institutions may want to know what you are storing in their vaults anyway. The same goes with internet services – some of them (claiming to use end-to-end encryption) can know and store your password – let\u2019s say – \u201cjust in case\u201d. Such behaviour violates the principles of end-to-end encryption, and that\u2019s why one can talk about yet another kind of encryption.<\/p>\n

Zero-knowledge encryption implements end-to-end encryption along with strict password policy<\/strong> in which internet service providers guarantee they don\u2019t know users\u2019 passwords, thus have no physical possibility to access users\u2019 content. There is still one more interesting question here – how can you be sure if they obey the policy rules? Of course, you can trust people who created the service, which is nice of you, but it may be not enough. The only solution here is looking into the application\u2019s source code and being able to build applications by yourself.<\/p>\n

In other words: internet service\u2019s client application should have open source code<\/strong>. This is the only way you can be sure what is happening under the hood, and this is the only way zero-knowledge encryption should be implemented.<\/p>\n

Encryption in PrivMX Fusion<\/h3>\n

PrivMX Fusion features zero-knowledge encryption and has open source code to reassure users that everything works as it should.<\/p>\n

When it comes to sharing data with other users within PrivMX Fusion, you choose which users have access to it on every step of the way: with the use of thematic Sections or choosing a recipient of your message\/file\/conversation each time. Our solution has been created along the lines of privacy-by-design approach, and we\u2019ve been doing our best to make encryption completely transparent for end users. Only you and your colleagues are able to access your own data, nobody else. Not even us, when you are using PrivMX Cloud service. That\u2019s why it\u2019s impossible for us to reset or recover your password, in case you forget it.<\/p>\n

That\u2019s how we define privacy.<\/p>\n

Please refer to the Total privacy by design article<\/a> for more details.<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"Encryption in-transit, encryption at-rest, end-to-end encryption and zero-knowledge encryption: different types of encryption in a nutshell.","protected":false},"author":2,"featured_media":893,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[2,3,5],"tags":[],"class_list":["post-892","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","category-encryption-blog","category-fusion-blog"],"jetpack_featured_media_url":"https:\/\/knowledgebase.privmx.com\/wp-content\/uploads\/2023\/05\/rodzaje_szyfrowania-1.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/knowledgebase.privmx.com\/pl\/wp-json\/wp\/v2\/posts\/892","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/knowledgebase.privmx.com\/pl\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/knowledgebase.privmx.com\/pl\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/knowledgebase.privmx.com\/pl\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/knowledgebase.privmx.com\/pl\/wp-json\/wp\/v2\/comments?post=892"}],"version-history":[{"count":4,"href":"https:\/\/knowledgebase.privmx.com\/pl\/wp-json\/wp\/v2\/posts\/892\/revisions"}],"predecessor-version":[{"id":2396,"href":"https:\/\/knowledgebase.privmx.com\/pl\/wp-json\/wp\/v2\/posts\/892\/revisions\/2396"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/knowledgebase.privmx.com\/pl\/wp-json\/wp\/v2\/media\/893"}],"wp:attachment":[{"href":"https:\/\/knowledgebase.privmx.com\/pl\/wp-json\/wp\/v2\/media?parent=892"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/knowledgebase.privmx.com\/pl\/wp-json\/wp\/v2\/categories?post=892"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/knowledgebase.privmx.com\/pl\/wp-json\/wp\/v2\/tags?post=892"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}