Encryption Algorithms

In our previous blog post ‘Encryption‘ wherein we explained encryption and different encryption methods. This blog post is subsequent to that and here we will explain different types of encryption algorithms that are most commonly used in cyber-security world.

Types of Encryption Algorithms

Triple DEC/DEC
RSA
AES
Blowfish
Twofish
MD5
SHA
HMAC

Triple DES or DES/3DES

Data Encryption Standard encryption algorithm was first used and endorsed by US Government in 1977. DES encryption algorithm forms the basis for ATM PIN authentication and also utilized in UNIX encryption password. DES is a block cipher with 64-bit block size and uses 56-bit keys.

Triple DES or 3DES was designed as a more secure and stronger encryption algorithm to replace the original version of DES algorithm. Triple DES encrypts the data three times with three different individual keys of 56-bits each, which makes the total cumulative key length up to 112-168 bits long.

RSA

RSA is a public-key encryption algorithm and a standard for encrypting sensitive data sent over an insecure network like the Internet.

RSA encryption algorithm was first introduced by Rivest, Shamir and Adleman at Massachusetts Institute of Technology in the year 1977. It is with reference to these three individuals that this method of encryption was named as RSA (Rivest-Shamir-Adleman).

RSA, a public-key cryptography, is an asymmetric encryption which uses two different but mathematically linked keys for encryption and decryption. In RSA encryption algorithm, a public-key is used for encryption and a private-key for decryption. The public-key could be shared with others but the private-key must always be kept secret.

RSA is one of the most popular and widely used encryption algorithm for encryption and digital signatures in the cyber-security world today.

AES

AES or Advanced Encryption Standard is an encryption algorithm that was announced and approved by the United States National Institute of Standards and Technology (NIST) in November 2001. AES replaced DES encryption algorithm and became a standard encryption technique for the US government in 2002.

AES encryption algorithm was developed by two cryptographers from Belgium, Joan Daemen and Vincent Rijmen, who submitted it to NIST where it was approved. AES, originally named Rijndael, is a family of ciphers with different key and block sizes.

AES encryption algorithm comprises of three block ciphers of 128-bits, 192-bits and 256-bits. Although encryption with AES 128-bits is quite strong and efficient, 192-bits and 256-bits key is used for higher grade of encryption.

AES is a symmetric encryption algorithm and uses a single private-key for both encryption and decryption processes. AES encryption algorithm is used by numerous organizations worldwide apart from being trusted by the US government.

Blowfish

Blowfish is a symmetric block cipher that was developed and introduced by Bruce Schneier in 1993 as an alternative to the encryption algorithms existing at that point in time.

Blowfish has a 64-bit block size and a variable key length from 32-bits up to 448-bits. Blowfish encryption algorithm splits a message into the blocks of 64-bits and then encrypts the blocks individually.

Blowfish is unpatented and a free to use encryption algorithm, easily available in the public domain.

Twofish

Twofish is a block cipher encryption algorithm based on Blowfish encryption algorithm. Twofish was one of the five finalists at NIST to replace DES encryption algorithm where NIST eventually selected and standardized the Rijndael algorithm, commonly known as Advanced Encryption Standard (AES) algorithm.

Twofish is a symmetric key block cipher with a block size of 128-bits and key size ranging from 128-bits to 256-bits. Twofish algorithm being a symmetric encryption technique uses a single key for encryption and decryption.

Twofish encryption algorithm was designed by a team of cyber-security experts led by Bruce Schneier at Counterpane Labs in the year 1998. Like Blowfish, Twofish is also unpatented, license-free, free-to-use and available in public domain.

MD5

MD5 Algorithm was developed by Professor Ronald L. Rivest of MIT in 1991, and is widely used to verify data integrity. MD5 is a one-way hash function which creates a 128-bit hash value, and is most commonly used in digital signature applications.

MD5 algorithm has been optimized for 32-bit machines and was designed to replace MD4, an earlier hash function also designed by Rivest.

MD5 algorithm verifies data integrity by processing a variable-length message into a fixed-length output hash of 128-bits. MD5 algorithm is sometimes also referred to as Message-Digest algorithm.

SHA

SHA or Secure Hash Algorithm is a family of cryptographic functions which includes SHA-0, SHA-1, SHA-2 and SHA-3.
SHA algorithms are component of SSL certificates to verify data integrity, that is to ensure that the data has not been modified.

SHA-1 cryptographic hash function that was designed by the United States’ NSA in 1995. However, SHA-1 is no longer considered to secure enough and post 2010 many cyber-security experts have recommended the use of SHA-2 or SHA-3 as a replacement to SHA-1. Most of the popular browsers would stop the support for SHA-1 based SSL certificates.

SHA-2 is also designed by NSA and was first published in 2001. SHA-2 is a set of cryptographic hash functions which includes six hash functions of different digest sizes: SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, and SHA-512/256.

SHA-3, formerly named Keccak, was designed by cryptographers Guido Bertoni, Joan Daemen, Michael Peeters, and Gilles Van Assche and was approved by National Institutes of Standards and Technology (NIST) as a part of a competition which received 64 submissions from all over the world. Subsequently, SHA-3 standard was released by NIST in August 2015.

HMAC

HMAC or Hash-based Message Authentication Code (HMAC), first published in 1996, is a type of message authentication code that involves both a secret cryptographic key and hash function. HMAC simultaneously verifies the data integrity and authenticates the message.

In HMAC, the message and the key are hashed in separate steps which adds to the security of HMAC. The cryptographic strength of HMAC is dependent on the strength and size of the hash function and size of the key.

IPSec and TLS protocols use HMAC-SHA1 and HMAC-MD5 encryption algorithms.

– Captain Krypto

Kryptotel is an IT Security Services and Product Development Company specializing in Cyber Security and Secure Communications. Kryptotel develops secure communication applications with strong encryption and security features. Feel free to consult Kryptotel for your cyber-security challenges. www.kryptotel.net.

Encryption

In the contemporary world where the news about data leaks and security breaches have become quite frequent, cyber-security and more specifically encryption is an important concept for many companies to understand and implement.
Security breaches and data leaks cost millions of dollars to organizations. IT Security has become the highest priority for many global companies and government departments.

There are many security protocols and technologies available which help organizations to secure their infrastructure, data and communications. However, encryption is one of the most important part of IT security strategies that are implemented by companies and government departments.

Encryption is a technique which helps protect the data and communications.

What is encryption?

Encryption is a technique of encoding the information in such a manner that it becomes unreadable and only authorized parties are able to access it. The authorized party can access the information using a key which decodes the information.

The encrypting process basically transforms the information or a message from plain text to cipher text by encrypting it using an encryption algorithm. The cipher text can only be read when it is decrypted using a key, which only the authorized party will have. Encryption ensures that data is not read or altered by unauthorized parties.

Here is an example of how encryption works.

When you send an email using an encrypted email service, the plain text message is scrambled and made unreadable for unauthorized parties.

This is how an encrypted email message looks like:

"hQIMA9k15z0KX/NsARAApV8pSKc9kSbARMzjCLM6b9YsMz3I3QFZUKqWpCwO6ut2lmsddHnsVSjHZe0MS0FnNI2SJDuW+7Kt2MR2DXcYpB/6esYBm6dbL73/GM8wW9qa450okjxNf4VeErVgt2VSJ/qyLlVuc5BnLz9IodTu3rNtGGcqTWOKQiB2vXGqfdw+/5bSKtESZxVi/YRGVNeIk+fa/2Yh7lnv5xUaaakdGTdj3LSHw77+CoTcG+L5RaHrgMZ6OItioR9UN51xgfYELg8q21llCK9MotpjgRSHJaZphBvl3liKTj7uQbYGNGpwwIHJ4
zb+yrP4WRONA0AqVgOk5LNevpCxO7Ag4BVgE9WJ1MOsAGD9jTKfHZZPKlh7O949JthZ5T5Nd9+oZAnJmBSyt+R9SA943a6fa1EUFWJ2yPzNDblhu
9lgcTQ2BqRRvKx02SyHwAR22TvUI8+w9c/8VUajcZ/eudz44FcLdK35mmLhyQDw87301Lo4aFb52opTFp+dYio5UYK6wR9MUu8OzrGeiAV98d30Tk
9WTntWcm486B2kN7/dhHxEYsMI2ZWzq4KXNog3/29AarcgbqQIjKY3RHxYsP1/6wnyqdI6JeLGunTEbeVA5tq10ZIHHZehayxnfLJMEd0TjQh5gyXF1x0YjoT7wGCLscS02yG/5PSyA6pK0GRbEyaNOAaceRvBbcsrmWybWe1ySR+gRIuAK3KygCUONZ4MXR0hopKJpz4pliTnd/u6Wfya83pzC1Cn3P6cO4yH6sRjXWB3KztYkKOyDwVFYNk7nfZFcAW+1ZfA3WWm5MRrgxQT2JJ9Gj1U7ue0tCqEYdpq1yTgtpbSZiO5Orx3fA29/N4kpIk6YrDIPKzafE8qzaP0xO+IeTw8g0RqfyKxZTZ1pY5SPdx0lSbmGVz3irQ7VabonRVoVZhyURPrXw2TVUA7Ft
hKt0bmAotdR2D0vVW7sLeDFattpr2Qs1dr99/+1btilLQGyl7s3cgtw+eLKmutLpAbU6u2iXxxSCSGS1JMR1+1nILNf26XXkES+KhsdsIoEDiTQ+
S6r0BL/IfUHUgt1KgBUHwMGycLsP+69FyFJPuTW21ttSJMBJx5S3aB8R2VmRWCi4+Mrctllg+H4C6ml4Pn64sjNNdSJer3gpSynceFuySM
mul46CDBwAKxt9haksZ5bBqLcIhAkJ+96PtLTvqEHP6jLFyVisuHUTZoh3buheK5SuuJoQIq6SlAJYp8eo2SpZAk0W9gAvmFV+0nlI7//G0lF4/tns2om3Hs8uQQ0F+vE8SvgrrxxEeXSPjqZpmfw+VHQg9iwBJzHJfVObQQwUuKhFqVbsUpEU48h4qhKjMlvJd+H2gFfw3VywQwK45X
nLInUpyANK+uVlxwfCoUz0u+3RADVAxkCKWoWmw6f4eY5IaBRnMb1uzzRXv6RRaShZyZ7BI3ZbcBXsG7MFrMNRdSF5zN3r=JSOY"

Only the intended authorized recipient can decrypt the above encrypted text. The authorized party receives a private key from the sender of the email, using this private the authorized recipient can decrypt the email.

Decrypted email text:

"Hello John, How are you doing?
Join me for a cup of coffee next week in San Francisco.
Best,
Alex."

Different Encryption Methods

Symmetric Encryption:

Symmetric Encryption, also known as private-key cryptography, uses a single key for encryption and decryption. The sender encrypts the data with a private-key, sends the encrypted data to the authorized recipient, the recipient uses the same private-key to decrypt the data.
Symmetric Encryption is also known as private-key or secret-key cryptography because it uses a secure private-key for both encrypting and decrypting processes.

Asymmetric Encryption:

Asymmetric Encryption, also known as public-key cryptography, uses two different keys for encryption and decryption and hence differs from symmetric method. In asymmetric method, a public-key is used for encrypting process whereas a private-key is used for decrypting process.

Hashing:

Hashing is a type of cryptographic security which generates a unique fixed-length value or a hash for a message or data. Hashing is irreversible, once a message is condensed into an irreversible fixed-length value, it cannot be reversed. This is where hashing differs from encryption which is a two step process where a message is first encrypted and then decrypted, which is not the case with hashing. Hashing is a single step irreversible process.

Hashing is used to verify the data and check if the data has been tampered with, and cannot retrieve the original message.

– Captain Krypto 🙂

Kryptotel is an IT Security Services and Product Development Company specializing in Cyber Security and Secure Communications. Kryptotel develops secure communication applications with strong encryption and security features. Feel free to consult Kryptotel for your cyber-security challenges. www.kryptotel.net.

Mobile Applications & Security Vulnerabilities

Mobile Applications and Security Vulnerabilities

Mobile Applications & Security Vulnerabilities

There are over 2 billion smartphone users in the world today. The enormous rise in the use of smartphones globally has also led to a surge in the usage of mobile applications. There are over 2.2 million Android based applications in Google PlayStore and over 2 million iOS applications in Apple’s AppStore.
Applications, in general, are becoming a dominant form of digital interaction and hence applications are not just limited to smartphones. Applications are developed and used for wearable devices, for devices connected in Internet Of Things, Smart Cities and Smart homes, etc. These devices communicate with each other via applications which makes security in applications all the more important. Security is critical in applications and therefore applications need to be without any security vulnerabilities, but that is not the case. Application do have security vulnerabilities.

Some of the common security vulnerabilities in mobile applications are explained below.

Weak Server-side Components:

Mobile applications communicate to the servers using APIs. The communication requests from APIs need to be properly verified and authenticated before allowing an access to back-end services. Absence of proper security verification and authentication would lead to security vulnerabilities.

Weak server-side security vulnerabilities include Cross-site scripting and forgery, weak authentication system, injection attacks, etc.

Data Leakage and bad storage practices:

Mobile applications collect a lot of data. Some of the data collected by applications is required for them to function, but there is also unnecessary data collected which is a cause of concern. It is critical that the collection of data by apps doesn’t compromise a user’s privacy. An unsecured app could leak the user’s private data. There have been various researches and studies which show how mobile apps have been collecting user’s personal information and then leaking the same data to agencies or third-parties.

Here are some common ways mobile applications expose user data:

Using a misconfigured or insecure ad and/or analytics framework. A framework which is not properly configured or doesn’t proper security measures could be a potential security vulnerability to collect and expose user’s personal and sensitive information.

Unencrypted data transmission from between the app and the back-end server.

Unnecessary logging by the applications becomes a vulnerable point to expose data to unauthorized third-parties.
Android applications have an option of storing the data on external storage which is a point of vulnerability because the applications cannot trust that files have not been modified.

When users sync their data to a cloud platform which is not secure increases vulnerabilities of exposing the data to unauthorized access.

Weak Encryption & Security Protocols:

Mobile applications become prone to external attacks in absence of strong encryption algorithms and security protocols. Attackers use information stored in the cookies and environment variables to bypass the security and access the data on the mobile device. Mobile applications needs to built with latest and strong encryption algorithms which meet the modern security requirements.

Below are some facts as per HPE 2016 Cyber Security Report:

52.1% of applications accessed geolocation data
70% of education applications on iOS accessed geolocation data
11.5% of applications accessed contacts
40.9% of social networking applications accessed contacts
19.8% of finance applications accessed contacts
16.3% of applications accessed calendar data
41.9% of iOS game applications accessed calendar data
52% of iOS weather applications accessed calendar data
61.7% of applications used ad or analytics frameworks to expose data
64.8% of health applications used ad or analytics libraries to expose data
53.2% of medical applications used ad or analytics libraries to expose data
43.8% of finance applications used ad or analytics libraries to expose data
94.8% of applications include logging methods
70.6% of applications can access external storage

(Link to the detailed report: https://saas.hpe.com/sites/default/files/resources/files/Mobile%20Report%20ver%2010.2.pdf)

-Captain Krypto 🙂

Kryptotel is an IT Security Services and Product Development Company specializing in Cyber Security and Secure Communications. Kryptotel develops secure communication applications with strong encryption and security features. Feel free to consult Kryptotel for your cyber-security challenges. www.kryptotel.net.

Wearable Technology & Security Concerns

The use of wearable technology has been on a rise in last few years, and so are the security concerns that come along.

What is Wearable Technology?

The terms ‘wearable technology‘, ‘wearable devices‘, ‘wearable gadgets‘, or simply ‘wearables‘ are referred to the class of electronic technology devices that can be worn on the body. Wearables are created by integrating technology or computers into clothing and accessories which can be easily worn around the body.

[blockquote author=”” link=”” target=”_blank”]Wearable technology is most often advocated as one of the greatest application of Internet Of Things considering the fact that wearables have the potential to completely transform the way we live, today and in future.[/blockquote]

Although these wearable gadgets can perform same computing tasks as mobile devices and laptop computers, but wearables are primarily designed to track health and fitness related information. The sophisticated modern wearable tracking devices are made up of smart sensors and scanning features which help track physiological functions of the body. Therefore, helping consumers achieve their health and fitness goals.

Examples of Wearable Gadgets?

Below are some of the wearable gadgets available in the market that are most commonly used.

Fitness Trackers: Fitness Trackers help in monitoring exercises and physical activities by tracking biofeedback from the body. They are based on sensors and are worn around the wrist, connected wirelessly to the smartphone via bluetooth displaying health and fitness related information on the smartphone application.
Smart-watches: The modern smart-watches are not designed just to display the time, but is door to your digital world. Smart-watches are worn around the wrist and connected to your smartphone, and generally displays notifications from phone calls, messages, emails and social media.

Some other types of wearables are sports watches, smart jewellery, implantables, etc.

What are the security concerns of Wearable Technology?

No doubt that the use of wearable technology is on a rise, and there has been an increase in the popularity of wearable devices. But along with the popularity growth of wearables there has been in an increase in the concern over security with such devices.

While wearables such as fitness trackers, smart-watches, sports watches, smart clothing provide great benefits to the consumers, at the same time consumers need to be cautious about the possible security concerns of wearable devices. Most of these wearable gadgets are Bluetooth enabled and connect to the Internet, they are vulnerable in absence of proper security measures like encryption and authentication.

Wearable devices such as fitness trackers monitor and track activities and health related information of consumers all around the clock, therefore huge amount of private and sensitive data is collected and stored by these devices.

[blockquote author=”” link=”” target=”_blank”]This makes wearables an attractive target for hackers to get unauthorized access to this private information and monetize it.[/blockquote]

In absence of strong security measures, hackers could manage to get access to these health records and make money by selling these records.

Some of the known security vulnerabilities in wearables are: SQL Injection, Phishing, Buffer Overflow Attacks, etc.
Consumers also need to be cautious about allowing manufacturers of such wearable devices permission to share their information with third-parties. Reputed and well-known brands usually implement appropriate security and privacy measures. Consumers should avoid low-cost and poorly designed wearable devices that may possibly create security threats.

-Captain Krypto 🙂

Kryptotel is an IT Security Services and Product Development Company specializing in Cyber Security and Secure Communications. Kryptotel develops secure communication applications with strong encryption and security features. Feel free to consult Kryptotel for your cyber-security challenges. www.kryptotel.net.

Smartphone Encryption

What is smartphone encryption?

Smartphone encryption is a process of making your smartphone secure, and protecting its data and information from any unauthorized access.

To enhance mobile security there are two main kinds of encryption that a smartphone can have to prevent unauthorized access to private information – one is aimed at securing the ‘data at rest’, and second secures the ‘data in motion’.

[blockquote author=”” link=”” target=”_blank”]To enhance mobile security there are two main kinds of encryption that a smartphone can have to prevent unauthorized access to private information – one is aimed at securing the ‘data at rest’, and second secures the ‘data in motion’.[/blockquote]

Securing or protecting the ‘data at rest’ usually a smartphone device is encrypted. An encrypted smartphone typically has a key or a passphrase to allow access to the phone, protecting information stored on the mobile device – photos, text messages, email communication, call information, access to social profiles and private data, documents, etc.

When a device is encrypted it stores the information in an unreadable scrambled format. The information is unlocked only with an authorized key with the device owner. Typically a smartphone key is an alphanumeric passcode or a passphrase comprising of a combination of letters, numbers and/or special symbols. Some high-end and latest smartphones models also use fingerprint authentication to unlock the encrypted device.

To secure the ‘data in motion’ just having the mobile device encrypted is not enough, the information transferred from one device to another (communication) can be secured through a process called as end-to-end encryption. End-to-end encryption ensures that data or information is accessible and readable only to the person it is intended for. Data is encrypted from the device when it is sent and decrypted only on the authorized recipient’s device. No third parties in middle, communication carriers, unauthorized persons, or agencies will be able to access to the information.

How important is smartphone encryption?

There is an old proverb which says, “a man’s home is his castle”, but in today’s age it would not be wrong to say, “a man’s smartphone is his castle”! A smartphone is the closest thing a person can have in today’s world, and it remains with you all the time like your shadow. It is rightly said that a smartphone is even closer to you than your best friend since your smartphone has more information about you than your best friend can ever have. On your smartphone there is a list of your contacts, your call records, your private messages and conversations with your friends, family and colleagues, your banking and financial information, your passwords, private and personal photos, videos, business documents, etc. Protecting this information and preventing it from falling into wrong hands is crucial, and the only way to that is through encryption.

[blockquote author=”” link=”” target=”_blank”]In today’s golden age of technology, almost anyone can spy one anyone. Thus, encryption is not an option but crucial.[/blockquote]

In today’s golden age of technology when two people on the opposite ends of the planet can have a conversation in the real-time, it also allows almost anyone to spy on anyone. It is true that technology has enabled convenience of communication but with that it also has enabled a convenience of surveillance. The only way from preventing your communication from being hacked or snooped into is to enable end-to-end encryption in your communications. End-to-end encryption ensure only the recipient is able to decrypt the message sent by the sender.

What can be encrypted on smartphones?

Encryption on your smartphone can be applied to almost everything if done by experts.

While most encrypted smartphones only encrypt the data stored in the phone which includes photos, saved text messages, documents, etc. Whereas there are few encrypted smartphones which apart from encrypting the stored data on the phone, can also encrypt the phone’s communication features like messaging, emails, voice encryption, etc.

With a good crypto-phone (encrypted smartphone), a user can be benefited with encrypted voice calls, secure phone calls, encrypted messaging, encrypted email communication, encrypted Internet browsing, and more.

-Captain Krypto 🙂

Feel free to get in touch with Kryptotel for any further information about encrypted smartphones. You might as well be interested in KryptoPhone – the customized encrypted smartphone by Kryptotel. To know more about KryptoPhone, please visit us at: www.kryptotel.net.

What are different VPN Protocols?

VPN solutions are based on different VPN security protocols. Each of these VPN protocols offer different features and levels of security. Some of the VPN protocols commonly used are explained below:

Internet Protocol Security or IPSec:

Internet Protocol Security or IPSec is used to secure Internet communication across an IP network. IPSec secures Internet Protocol communication by authenticating the session and encrypts each data packet during the connection.
IPSec operates in two modes, Transport mode and Tunneling mode, to protect data transfer between two different networks. The transport mode encrypts the message in the data packet and the tunneling mode encrypts the entire data packet. IPSec can also be used with other security protocols to enhance the security system.

Layer 2 Tunneling Protocol (L2TP):

L2TP or Layer 2 Tunneling Protocol is a tunneling protocol that is usually combined with another VPN security protocol like IPSec to create a highly secure VPN connection. L2TP creates a tunnel between two L2TP connection points and IPSec protocol encrypts the data and handles secure communication between the tunnel.

Point – to – Point Tunneling Protocol (PPTP):

PPTP or Point-to-Point Tunneling Protocol creates a tunnel and encapsulates the data packet. It uses a Point-to-Point Protocol (PPP) to encrypt the data between the connection. PPTP is one of the most widely used VPN protocol and has been in use since the time of Windows 95. Apart from Windows, PPTP is also supported on Mac and Linux.

Secure Sockets Layer (SSL) and Transport Layer Security (TLS):

SSL (Secure Sockets Layer) and TLS (Transport Layer Security) create a VPN connection where the web browser acts as the client and user access is restricted to specific applications instead of entire network. SSL and TLS protocol is most commonly used by online shopping websites and service providers. Web browsers switch to SSL with ease and with almost no action required from the user, since web browsers come integrated with SSL and TLS. SSL connections have https in the beginning of the URL instead of http.

OpenVPN:

OpenVPN is an open source VPN that is useful for creating Point-to-Point and Site-to-Site connections. It uses a custom security protocol based on SSL and TLS protocol.

Secure Shell (SSH):

Secure Shell or SSH creates the VPN tunnel through which the data transfer happens and also ensures that the tunnel is encrypted. SSH connections are created by a SSH client and data is transferred from a local port on to the remote server through the encrypted tunnel.

– Captain Krypto 🙂

Feel free to get in touch with Kryptotel for any further information about encrypted smartphones. You might as well be interested in KryptoPhone – the customized encrypted smartphone by Kryptotel. To know more about KryptoPhone, please visit us at: www.kryptotel.net.

How Secure is WhatsApp’s Encryption?

WhatsApp, one of the most popular messaging app service, in April this year, announced that the service would now use end-to-end encryption to secure user communication. The service would benefit 1 billion+ users of the messaging across all devices.

End-to-end encryption (E2EE) is a secure way of communication where only the actual users involved in the communication can access the messages in the chat. Eavesdroppers, cyber-criminals and hackers, telecom companies, Internet Service Providers or government agencies cannot read the messages. Even the company that has built the application will not read the messages.

WhatsApp on its website says, “WhatsApp’s end-to-end encryption is available when you and the people you message use the latest versions of our app. Many messaging apps only encrypt messages between you and them, but WhatsApp’s end-to-end encryption ensures only you and the person you’re communicating with can read what is sent, and nobody in between, not even WhatsApp. This is because your messages are secured with a lock, and only the recipient and you have the special key needed to unlock and read them. For added protection, every message you send has its own unique lock and key. All of this happens automatically: no need to turn on settings or set up special secret chats to secure your messages.”

This means WhatsApp will now have end-to-end encryption by default. WhatsApp’s end-to-end encryption (E2EE) will ensure that all communication between two users will secure and cannot be read by anyone else. Text messages, Audio/Voice notes, videos, pictures, everything will now be encrypted and cannot be read by anyone except the sender and the receiver. Not even the WhatsApp.

[blockquote author=”” link=”” target=”_blank”]Although it is a welcome that step that WhatsApp is finally an encrypted messaging service, but the question that now arises is “how secure is WhatsApp’s end-to-end encryption?”. We will break down encryption in WhatsApp and how secure it actually is.[/blockquote]

WhatsApp had partnered with Open Whisper Systems to design its new end-to-end encryption feature which is based on Signal Protocol.

According to the whitepaper issued by WhatsApp, once the session has been established, clients need not rebuild new sessions with each other until the session is ended by the users.

The whitepaper further explains how encryption takes place in WhatsApp. It reads, “clients exchange messages that are protected with a Message Key using AES256 in CBC mode for encryption and HMAC-SHA256 for authentication. The Message Key changes for each message transmitted, and is ephemeral, such that the Message Key used to encrypt a message cannot be reconstructed from the session.”

[blockquote author=”” link=”” target=”_blank”]All this sounds good so far. Whether the security and privacy that WhatsApp talks about is enough for the user or not, is for the user to decide. Not for us. But here are our two cents on WhatsApp encryption.[/blockquote]

WhatsApp might still collect your metadata.

While the end-to-end encryption might ensure that the contents of the message are not accessed by unauthorized users or even by the WhatsApp, but WhatsApp itself might store metadata. This means the phone numbers involved in the conversation as well as the timestamp on the messages are stored on the servers of the company. Collecting metadata could give out information like who the user communicated with, the time of the communication, how often the two users communicate with each other, the location of the two users at the time of communication, etc.

WhatsApp is owned by Facebook

WhatsApp was acquired by Facebook in the year 2014. Facebook is considered one of the least privacy minded company in the market. There also have been some reports doing rounds on the Internet that Facebook supplies government with reports and information. So if that’s the case then it makes little sense that a messaging app owned by a least privacy minded company would not share information of the users to the government agencies.

Messaging Apps with higher grade of encryption available in the market.

Now that the popular messaging app WhatsApp has decided to go with end-to-end encryption, it is not the best encrypted messaging app available in the market. There are many other messaging apps in the market today which offer higher grade of encryption. Some apps even provide military grade of encryption and multiple levels of security.
So if a user is concerned about privacy and security then WhatsApp might not be the best option for that user. The market is wide open when it comes to encrypted messaging apps.

Providing encryption to a billion users free of cost?

WhatsApp has a billion users and providing end-to-end encryption to a billion users is a stupendous task and the efforts must be appreciated. But the question that arises in people’s minds is why is WhatsApp offering encryption at no cost at all? Why is it free of charge? Where does WhatsApp make money from?!

Please feel free to add in your thoughts in the comments section below. We would appreciate your valuable contribution.

– Captain Krypto 🙂

For users interested in messaging apps with higher grade of encryption, please visit: Military Grade Encryption VoIP Apps

Feel free to get in touch with Kryptotel for any further information about encrypted smartphones. You might as well be interested in KryptoPhone – the customized encrypted smartphone by Kryptotel. To know more about KryptoPhone, please visit us at: www.kryptotel.net.

How to encrypt calls and chat?

In the digital era that we live in today, securing privacy of your data and communication on any medium is next to impossible and a never ending struggle.

In the digital era that we live in today, securing privacy of your data and communication on any medium is next to impossible and a never ending struggle. Your communication could easily be accessed by your telephone operator, Internet Service Provider, and even some agencies.

With the omnipresent methods of modern surveillance on almost all modes of communication, there are still ways to protect your communication and data from prying eyes. In this blog, we discuss about how we can protect our calls and chats from being snooped upon.

[blockquote author=”” link=”” target=”_blank”]Having your calls encrypted is a fool-proof way of securing your communication. There are a number of encrypted VoIP apps available in the market today who offer secure communication by making use of various encryption protocols.[/blockquote]

Kryptotel Secure VoIP is one of the superior VoIP apps in the market who’s core feature is encryption of the communication. Using Kryptotel Secure VoIP, a user can make encrypted audio and video calls, and encrypted instant messaging as well.

For government officials and business professionals who are concerned about their call conversations being private and secure, especially when telephone companies keep record of telephone call data in their archives for years.

Call tapping for private investigation purposes and for commercial competition/illegal industrial espionage leads to 5% of the world’s population being listened to during their private conversations.

Kryptotel secure VoIP app has been designed keeping in mind the government and business professionals who want to secure their communication to safeguard their organization’s communication and activities. Spying on competitor companies to industry secrets common for contract hackers.

Kryptotel Secure VoIP app doesn’t transit through the operators public telephone switches but uses Internet connection encrypting the content safely without leaving any trace or the possibility of recording any of the data (the caller or the called). Even with the “Black Out calls” the caller ID is changed for every call. Kryptotel app is one of the best solution a person concerned about his/her privacy can find today.

[blockquote author=”” link=”” target=”_blank”]The Kryptotel app uses military grade encryption and other secure features to secure a user’s communication through the app. Kryptotel app uses Asymmetric, Symmetric and SHA-512 algorithms in order to maximize the level of security.[/blockquote]

Asymmetric Encryption based on RSA certificates and private key of 8192 bits, which is a military grade requirement in encryption.

Symmetric encryption based on AES 256 bits is used by Kryptotel app. This app also uses SHA-512 algorithm for digital signature.

This is a stronger level of encryption used in the app. In the commercial world, usually an encryption level of RSA 20148 bit and AES 128-bit is used. For securing online banking, RSA 2048 and AES 128 bit is usually used.

All the communication, between two devices with Kryptotel app, is encrypted. Be it instant messages, audio or video calls, audio conferencing – all of it is encrypted and secured with a military grade encryption.

Using a Kryptotel app, you can share images, audio and video clips, and also PDF, XLS, Doc file types.
Upon installing Kryptotel secure VoIP app on your device, you are provided with a unique number (just like a phone number). When you want to make an encrypted call to other person with Kryptotel app, you need to dial his/her Kryptotel number.

In case the other person is not available to pick the call, it will be redirected to his/her voice mail. The voice mail will be stored in an encrypted container and only the actual recipient will be able to listen to it. The voice mail can be listened only through a Kryptotel app which uses account authentication method and decrypts the recorded message. To access your voice mail you need to dial toll free number 444 and keep digit 1 pressed for few seconds, the easy to use IVS will guide you to read, store and cancel your voice mail.

Download Kryptotel Secure VoIP app:

You can either download Kryptotel app from your phone’s app store or from its website: https://securevoip.kryptotel.net/download/
More details about securing communication with Kryptotel app are available at: securevoip.kryptotel.net.

How to encrypt Mac?

When FileVault is enabled on Mac, it encrypts everything, all files stored on the disk are encrypted. Any newly created file or document will be encrypted automatically and instantly. It is fast and highly secure.

How to encrypt Mac?

Apple has a built-in encryption support for Mac OS. With the built-in feature of FileVault, you can encrypt entire Start-up disk on a Mac.

When FileVault is enabled on Mac, it encrypts everything, all files stored on the disk are encrypted. Any newly created file or document will be encrypted automatically and instantly. It is fast and highly secure.

FileVault full-disk encryption (FileVault 2) uses XTS-AES 128 encryption to help prevent unauthorized access to the information on your startup disk. If someone gains an unauthorized access to your Mac and access your hard drive will not be able to view your data without having the encryption key since data will be stored in an encrypted form. If the FileVault wasn’t enabled and the Mac was not encrypted, someone with physical access to your Mac could easily view your unencrypted data by removing your hard drive.

Thus, it is highly recommended to turn on FileVault and encrypt your Mac.

Steps to encrypt Mac? Apple has made FileVault 2 an inbuilt feature Mac OS X Lion onwards. Here’s how you can enable FileVault on your Mac.

Choose Apple menu and goto System Preferences, then click Security and Privacy icon.
Click the FileVault tab to configure it.
Click the Lock button on the bottom left corner. Enter an Administrator name and Password.
Click Turn On FileVault.
If you have multiple users on your Mac, you will need to enter password for each user to enable FileVault for those users. Click Enable User and enter password. This will unlock the disk for these users, else they will not be able to access the disk. Users added after turning on FileVault will be automatically enabled.
You need choose an option to unlock the disk and reset your password in case you forget your password.
Depending on the Mac OS you are using you can choose one of the below methods:a.) You can choose to store a FileVault recovery key with Apple by providing the questions and answers to three security questions. Choose answers that you’re sure to remember.b.) You can choose to use your iCloud account to unlock your disk and reset your password.c.) If you don’t want to use iCloud FileVault recovery, you can create a local recovery key. Keep the letters and numbers of the key somewhere safe—other than on your encrypted startup disk.
When Filevault setup is complete, your Mac will restart and you will need to login by entering your password. After your Mac starts up, the encryption of the disk occurs in the background.
Encryption process takes sometime and you can check progress in the FileVault section of Security & Privacy preferences. It usually takes an hour or two to complete. During this time you can continue to use your Mac normally.
You need to make sure that your Mac is awake and plugged in to AC power through this entire process.

Following the above steps will make your Mac an encrypted machine. FileVault requires that you log in every time your Mac starts up, and no account is permitted to log in automatically.

How to encrypt your Android phone?

iPhone devices are encrypted by default but that’s not the case with Android devices. Although the privacy features for an Android device are built in, users of these devices need to follow few simple steps to turn on the encryption feature the device.

In this guide, we will explain in detail how a user can encrypt an Android device by following few simple steps. But, before that lets see why phone encryption is important thing to do.
[blockquote author=”” link=”” target=”_blank”]Encryption provides a level of security that scrambles all the information on your phone with a special cryptographic key… Encryption makes your phone secure and protects your data from theft.[/blockquote]

Why encrypt my phone?

All of us keep personal information and data in our phones – be it photos, videos, emails, contact list, passwords, bank account numbers, etc. None of us want snoopers or hackers to get access to the personal information stored on our phones. Each one of us wants it to be secure and private. Mere having a lock screen code doesn’t help. Encryption provides a level of security that scrambles all the information on your phone with a special cryptographic key. That means even if someone breaks through the lock screen and access your phone, the data wont be available without that key.

Encryption makes your phone secure and protects your data from theft.

Are their any cons for phone encryption?

Disadvantages of phone encryption are negligible compared to its advantages.

Encryption on old Android phones can show down the performance a bit and have an impact on the battery life. But you don’t need to worry about it if you have a newer phone which would have a faster processor and better hardware. On newer Android phones, encryption has minimal affect on performance and battery life of the phone, which is negligible and goes unnoticeable.

How to encrypt your Android phone?

Encryption process on all Android phones is usually same but there might be slight differences depending on the version of Android on your phone. Below is a generic step by step process of how to encrypt your Android phone.

Before you start the process to encrypt your phone, make sure your phone is connected to the charger and has enough battery charge.The encryption process usually takes 30 – 45 minutes and it is important that your doesn’t run out of battery during the entire process.
Back up your data before you start the encryption process (Optional, but preferred).
From your phone menu, open ‘Settings’ and click on ‘Security’ (‘Lock Screen’ in some Android versions) and then select ‘Screen Lock’.
Settings > Security > Screen Lock

Enter your current password or create a new password by following the prompts. Your password should be 6 – 16 characters long and should contain at least one numeric digit.
Now select the ‘Encrypt Device’ option from the ‘Security’ settings. Select ‘Encrypt Phone’ to confirm and follow the prompts. At this point you will be prompted to enter the password again to confirm.
Now you need to wait until the encryption process is complete. It will usually take 30 – 45 minutes. During this process the phone will reboot a few times. Once the encryption process is complete you will be prompted to enter your password again.

Now your phone is encrypted and you can safely use your phone. You will be asked to enter your password every time you reboot your phone. Remember your password!