Someone I know is currently involved in a project associated with acquisition, transfer, storing, and processing confidential data. As I have an experience with IT security, I was asked about which encryption method suits the problem the best. When I listened carefully to the problem, I asked to clarify: “Do you really need encryption? Or password should be sufficient?”
What are the difference between cryptography and password protection anyway? The following is the illustration contrasting those two. Imagine that you have a secret document that you do not want others but few number of people to read. If you put it in a box and put a padlock to seal the box, that’s password protection. If you on the other hand, translate the document into codes that only you and few others can read and then burn the original document, then that is encryption.
The next question would be: which one is safer? Is one method more secure than the other? I would say that depends on the necessity, though generally speaking encryption is the safer method. However if that makes you think it is always better to use encryption, then there are some aspects you should consider.
- For password, size of the documents should not matter that much. Basically it does not make any difference to the padlock if you put 5 pages or 50 pages of documents into the box. While for encryption, you will need more effort to code 50 pages rather than just 5 pages. Let us not forget the one who want to read the document will also have to translate all those 50 pages, especially if there are many parties to read those. This process is called decryption by the way.
- For data distributing, encryption should be safer. If you send a message in a locked box and then someone intentionally break that box and read your message, then you are done for. However if you are sending coded message, even when it is intercepted, the interceptor would not be able to read the message (assuming only the intended readers know the code that is).
There are also consideration of strong/weak password and strong/weak encryption, in analogy to strong/weak padlock and hard/easy code. In computer, stronger in both terms means more computational power needed.
As I learned the project requirement, I came up with this suggestion:
- For storage, as the data amount is enormous, strong encryption will make data reading and processing slower. Therefore, good password is better than choosing a half-good encryption for instance.
- For distribution, it turns out that the data has two parts: highly confidential (small size) and low confidentiality (large size). I recommended using encryption for the high confidential data and simply zip-password the other.
There are pros and cons of every method. By writing this, I hope this discussion can help you understand which method better suits which need. In my friend’s case, the above discussion was proven to be exceptionally handy. Just saying B-)
For more Mathematics in Layman’s terms posts from me, click here.