2.2. Exploring Encryption

Encryption is the basis of all digital signatures and digital certificates. The following sections cover the basics of encryption methods.

2.2.1. Basic concepts and terminology

First, you need to get the vocabulary down. Encryption is one of those topics that seems to use acronyms and obscure phrases just for the sheer joy of confusing everybody. You need to understand two basic concepts before we move into a discussion of encryption technology, and we cover both these concepts in the following subsections.

2.2.1.1. Salt

In terms of encryption, salt is a random number added to either an encryption key or a password to protect it from disclosure. Just like a pinch of table salt (sodium chloride) can take a pile of French fries from bland to tasty, a random number added to your encryption algorithm can take your information from easily stolen to reasonably secure.

2.2.1.2. Encryption strength

Strong encryption is a relative term — what's unbreakable encryption today can be easily exploited in a month, a year, or five years. Encryption methods are measured by the number of bits in the key used to encrypt data. In general, the more bits you use, the harder it is to break your encryption method.

Encryption is often broken through sheer brute force. A cracker writes or obtains a script that throws random values at an encryption engine, hoping to guess the correct encrypted value for a known plain text value. The keys to this method are processor cycles and ...

Get PHP & MySQL® Web Development All-in-One Desk Reference for Dummies® now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.