Skip main navigation

The role of encryption in network security

In this article, you'll learn of the roles that encryption plays in network security traffic and the passwords used to access a network.

A key application of encryption is network security.

Networks that handle data are reliant on encryption to protect sensitive information from those who are not authorised to access it. When designing a network, you need to consider what data needs to be protected, when it needs to be protected, and who it needs to be protected from.

Network vulnerabilities

Take a look at the following diagram of a computer network. The parts of the diagram that are blue are encrypted. What parts of the network are vulnerable to data being stolen?

diagram of a computer network showing a router connected to the internet, three servers, six on site computers and one off site computer

In a network, data must be communicated from one device to another. If only the devices in the network are encrypted, data is vulnerable when it is transferred.

Data is most at risk when it is being transferred into or out of the network, for example, if someone logs on to a company website when they are working remotely.

Hacker targets

However, these are not the only places where data is vulnerable to theft or tampering. If data is stored in a network and not protected by encryption, it can more easily be stolen, either by an external attacker or by someone inside the network.

This is the case even in private networks, as they might be targeted by hackers or attacked by someone with access to the network (e.g. a disgruntled employee).

It is important that network owners employ encryption throughout their network, from encrypting data in storage to encrypting data in transit.

The role of encryption

Passwords

We all know how important password security is. Hopefully, it is no surprise to learn the importance of obscuring passwords when they are stored.

Hashing

What may be surprising to you is that the process of scrambling passwords is a one-way process that is not designed to be reversed. This process is called hashing.

The hashing algorithm will turn the password into a fixed-length value, known as a hash, which should be unique for the specific password. There are many standard hashing algorithms, such as SHA256.

A computer screen showing a login page, a dotted out password has been entered and the OK button is highlighted

When you sign up for an account or access a system, you will be given or asked to choose a user ID and be asked (sometimes required) to choose a strong password.

Rather than storing the password as it is, it will be hashed first, and this hashed value will be stored alongside your user ID.

A hashing algorithm machine, taking a password as input and spitting out a random string of characters - a hashed password

When you log in to your account, you enter your user ID and password. The password that you enter will be hashed with the hashing algorithm and compared to the hashed value stored against your user ID in the database.

In theory, this system should be secure. If anyone gets hold of the data from the database, the hash values are unintelligible. It is only the unencrypted password that can be used to log in to an account, and the hash value is not designed to be decrypted.

Rainbow tables

Unfortunately, and perhaps unsurprisingly, hackers have devised techniques for cracking the system. One device is the use of rainbow tables. A rainbow table is a precomputed dictionary of plaintext passwords and their corresponding hash values calculated from common hashing algorithms.

These can be used to find out what plaintext password produces a particular hash. If the hacker gets hold of a file of hashed passwords, they can match the hash value to the table to derive the plaintext password.

The use of salt in your hashing process

One solution to this problem is to use salt in your hashing process. A salt is a random string that is added to the start or the end of the password before it is hashed.

The unencrypted salt is stored alongside the user ID and hashed password in the database. The salt must be randomly generated and be unique to each user.

A hash and salting algorithm machine, taking a password and salt as input and spitting out a random string of characters - a hashed password

When you go to log in to your account and enter the password, the salt value will be retrieved and added to the password before it is hashed and compared to the hash value.

The addition of salt to hashing will generally thwart hackers. Rainbow tables can no longer be used to extract the plaintext password and a brute-force attack would take far too long to be a viable technique.

To find out more about encryption and cryptography, check out the online course, at the Raspberry Pi Foundation, below.

This article is from the free online

Introduction to Encryption and Cryptography

Created by
FutureLearn - Learning For Life

Our purpose is to transform access to education.

We offer a diverse selection of courses from leading universities and cultural institutions from around the world. These are delivered one step at a time, and are accessible on mobile, tablet and desktop, so you can fit learning around your life.

We believe learning should be an enjoyable, social experience, so our courses offer the opportunity to discuss what you’re learning with others as you go, helping you make fresh discoveries and form new ideas.
You can unlock new opportunities with unlimited access to hundreds of online short courses for a year by subscribing to our Unlimited package. Build your knowledge with top universities and organisations.

Learn more about how FutureLearn is transforming access to education