DEV Community

James Sheppard
James Sheppard

Posted on • Edited on

Web Security Encryption

Graphic of a lock over hexidecimal characters

You can't go more than a few months without hearing about a data breach that affects some random company or government body. It tends to filter into the background, unless, of course, we happen to be personally affected by it.
Web security is a concern for everyone, from the Facebook lurker to the tech CEO. How does it work? What can we do to be more secure online? In this blog, we will explore the surface of this ocean and dip our toes in a little.

Encryption

One of the oldest forms of web security comes in the form of encryption. It is inspired by real-world encryption. Basically, you are taking your information and applying a method to render it unreadable. This happens by converting the individual letters or numbers into a code that is difficult to understand without a guide or decoder. Morse code is one of the more famous examples. Most people cannot understand the series of dots and dashes, but if you had the decoder in front of you, you could eventually figure out what was being said. This leads to more elaborate codes being used to try to thwart those who would try to glean the information. In World War II the United States even used Apache Language to communicate sensitive information.

Encryption is viewed in the same way. It is an ever-evolving arms race with forces on both sides working tirelessly to either create or crack. This Sisyphean task leads to cutting-edge innovation. Let us take a look at some examples.

Wall of indecipherable text

BASE64
No, we're not talking about the next Nintendo Console. Base64 is a binary-to-text encoding that represents binary data. JavaScript has a native function built into it that allows you to pass in a string and it will convert to the Base64 characters. btoa() and it's counterpart atob().

let string = btoa('The password is drowssap');
console.log(string);
// => VGhlIHBhc3N3b3JkIGlzIGRyb3dzc2Fw
let encrypt = atob('VGhlIHBhc3N3b3JkIGlzIGRyb3dzc2Fw');
console.log(encrypt);
//=> The password is drowssap
Enter fullscreen mode Exit fullscreen mode

Despite internet rumors that btoa and atob stand for 'Binary to ASCII' and 'ASCII to Binary', respectively, the true meaning is much less exciting. Brendan Eich, the creator of JavaScript tweeted:

Old Unix names, hard to find man pages rn but see (https://t.co/lWkceMwFad). The names carried over from Unix into the Netscape codebase. I reflected them into JS in a big hurry in 1995 (after the ten days in May but soon).
— BrendanEich (@BrendanEich) May 21, 2018

Like our aforementioned Morse code, it is easy to decrypt if you have the converter for it.

HTML Encryption

With the advent of websites and the prevalence of HTML-based sites, advances in encryption had to be made to secure sensitive data. With HTML encryption programs, you can control who can see your sites, what info they can access, and when the page expires. If you have ever done an image search (like to populate a blog) and when you try to save the image and it saves a site instead, congratulations! You have been thwarted by HTML Encryption.

HTTP bouncer at a nightclub

HTTPS

If you are ever surfing the web and come across a website that is prefaced by a warning, then that site is not encrypted with HTTPS (Hypertext Transfer Protocol Secure). It encrypts the communication protocol using Transport Layer Security (formerly SSL or Secure Sockets Layer). TLS communicates across networks and is designed to prevent tampering and eavesdropping. HTTPS's TLS authentication requires a third party to issue digital certificates on the server side of the operation. The client will then confirm the validity of said certificate before starting. This multi-step procedure ensures that information passed from server to user is protected.

Password Encryption

Most of us can remember the early days of the Internet when password lengths were not a huge concern. Some people thought that 'password' as a password was sufficient. Enter Brute Force attacks-- a program that was designed to test every possible combination in order to guess your password. With processors growing in power each year, hackers can perform millions to billions of password combinations per second. In this infographic from TechRepublic, we can see how quickly a password can be brute forced.

Password Cracking infographic

This is why generated passwords are so popular. The iOS version can create passwords that are 20 characters long and contain a melange of uppercase and lowercase letters, two hyphens, and digits. That is 37 possibilities to the power of 20 characters which results in 2.3122484e+31 combinations. Assuming the hacker can conduct a billion trials per second, it would take over a billion years to crack. Good odds.

Conclusion

There is a huge variety of encryption methods that exist.
We have explored simple built-in functions to cutting-edge tech all with the same goal in mind: protection. Seeking out methods to protect your data will not only benefit you but give you peace of mind. I hope this has been thought-provoking and will send you into research mode for more data encryption techniques.

Sources

https://www.hacksparrow.com/webdev/javascript/why-base64-encoder-decoder-named-btoa-atob.html
https://en.wikipedia.org/wiki/HTTPS
https://en.wikipedia.org/wiki/Transport_Layer_Security
https://www.techrepublic.com/article/how-an-8-character-password-could-be-cracked-in-less-than-an-hour/
https://stackoverflow.com/questions/34048475/how-long-to-brute-force-16-character-secret-key
https://support.apple.com/guide/security/automatic-strong-passwords-secc84c811c4/1/web/1

Top comments (0)