The Real Deal 123: Encryption

Tom and Rafe give the basics on encryption and examples of how to use it in the real world.

Tom Merritt Former CNET executive editor
4 min read
Tom and Rafe give the basics on encryption and examples of how to use it in the real world.
Listen now: Download today's podcast


Coded messages date back to Roman Times and probably existed before.

Sticklers may prefer encyphering an decyphering. reserve decrypt for decoding a message you don't have the key for.

What it means

Types of Encryption


Each computer has a secrte key by which it encrypts and decrypts the data. Only another computer that knows what key was used can decrypt. Problem with key distribution

-Public key - introduced by Whitfield Diffie and Martin Hellman in 1975.

You publish your public key to the world. This allows for encryption but not decryption. You can't use a public key to decrypt. You keep your own private key secret. This private Key is the pair of your public key. It can decode what is encrypted with your public key. Anyone with your public key can encrypt information so that only you can read it BECAUSE it is not computationally feasible to deduce your private key from your public key. On a large scale a certificate authority can handle the exchange of public keys so computers know they are who they say they are. BUT symmetric key is much faster. PGP combines both methods to make transmission of encrypted data easier.

-Cryptographic algorithm

What the keys above are based on. A value computed from a base input number. Input number (1789) algorithm-- say, Input number X 42. Hash value = 75138. Algorithms are more complex and use large 256-bit numbers. 2^256 power. The larger the number the more secure. Nothing totally secure. The larger the number the longer it will take them to break the encryption. No encryption lasts forver. It depends on time and computing power and computing power is always growing.

What do I need in the real world?

-SSL is an implementation of Public Key


Lock symbol in your browser


combines symmetric and public keys (see http://www.pgpi.org/doc/pgpintro/ for an excellent explanation)

1.PGP compresses the plaintext (compression strengthens cryptographic security)
2. Creates a one-time only secret key called a session key
3. Encrypts the data to the session key
4. Encrypts the SESSION KEY to the recipients public key
5. Transmits both data and encrypted key to recipient.
6. Recipient decodes the SESSION KEY with their private key
7. Uses SESSION Key to decode the ciphertext.


My tools: * KeePass (http://KeePass.info/) to manage and encrypt passwords, account numbers, notes, etc.
* 7-zip to zip and encrypt files for local or remote storage

My concern about TrueCrypt is that I fear that if any part of the hard drive fails that I will lose all data (is that generally true?) vs. the likelihood of (usually) recovering most of the data with an unencrypted disk.



I would like to start using Amazon S3, SkyDrive or a similar solution for off-site backup. I assume that I should encrypt the files before uploading them and wonder what is the best solution:

- TrueCrypt?
- 7-zip*? Which setting: ZipCrypto or AES-256?
- Something else?



I didn't know that 7-zip did anything except for AES-256. (Maybe that is in a newer version than I have?) AES-256 is pretty solid though, so it's a great default.

TrueCrypt is definitely more than you need for backing up portions of your data, though it has its advantages I'm sure.

I have KeePass generate and store a nice strong password for the 7-zip backup, and then I have 7-zip split my archive into chunks a little less than 10MB so I can store them for free on box.net.

- Joel


I use Truecrypt on my PC to encrypt financial information and scanned documents, and find it excellent. There are many features listed on the Truecrypt website such as full disc encryption, hiding an OS inside an encrypted 'dummy' OS...

I've always fancy using the software to encrypt backups on CDs and DVDs, but have been worried that there would be less fault tolerance, and therefore more risk of losing all the data on the disc. Has anyone had experience of this?

Oh, and I must try USB traveller encryption sometime on a flash drive!




Hey - just wanted to clarify your commentary on the Etymotic earphones - I think Tom mentioned that they have noise cancellation, and Rafe responded a bit surprised saying that he didn't notice the "subtle artifacts" that are typical of noise cancellation phones...that is because the Etyomotics have noise isolation, not cancellation. Instead of adding inverted phase noise to counter the ambient noise like Bose and some others do, the Etymotics simply seals out ambient noise, which in my opinion is a more effective and practical way to reduce ambient noise and with no sacrifice to sound quality. I own Etymotics and agree on how good they sound.

Anyway, I enjoy the show and have learned a lot from you guys. Thanks!


Hi Tom and Rafe

In Ep 122 you spoke about switching to a Cable based ISP...I'll be moving to NY from Jamaica in a few months and I'm curious about a few things:

Back in the day cable internet was a big LAN connection (if your neighbour had the same workgroup name as you did, you could access his shared files and vice versa), is that still the case?

On the traffic shaping and capping issue - would the cap include traffic from my VoIP device? (I intend to take that with me from Ja)

I think Cablevision would the provider in my area, not sure what you may know of them, but hope you can give me some insight.




Future Topics Passwords

Next episode - Olympic video