Encryption Glossary

Learn about encryption terminology, security concepts, and the cryptographic algorithms that protect your data.

A

AES (Advanced Encryption Standard)

Algorithms

A symmetric encryption algorithm adopted by the U.S. government. AES encrypts data in fixed-size blocks (128 bits) using keys of 128, 192, or 256 bits. AES-256 is considered military-grade encryption and is used by governments, financial institutions, and security-conscious applications worldwide.

AES-256-GCM

Algorithms

A mode of AES encryption that combines the Counter (CTR) mode with Galois authentication. GCM provides both confidentiality (encryption) and authenticity (verification that data hasn't been tampered with) in a single operation, making it faster and more secure than separate encryption and authentication.

Argon2

Key Management

A password hashing function that won the Password Hashing Competition in 2015. Argon2 is designed to be memory-hard, meaning it requires significant RAM to compute, making it resistant to attacks using GPUs or specialized hardware (ASICs). Sekura FileLock uses Argon2id, which provides balanced protection against both side-channel and GPU attacks.

ASIC (Application-Specific Integrated Circuit)

Threats

Specialized hardware designed for a specific computational task. In cryptography, ASICs are sometimes built to crack passwords or mine cryptocurrency. Memory-hard functions like Argon2 are designed to be resistant to ASIC attacks.

Asymmetric Encryption

Encryption Methods

Encryption using a pair of mathematically related keys: a public key for encryption and a private key for decryption. Also called public-key cryptography. Examples include RSA and elliptic curve cryptography. Unlike symmetric encryption, it allows secure communication without prior key exchange.

Attack Surface

Security Concepts

The sum of all points where an attacker could try to enter or extract data from a system. Reducing attack surface is a key security principle. Zero-knowledge architecture minimizes attack surface by keeping encryption keys only on user devices.

Authentication

Security Concepts

The process of verifying the identity of a user or the integrity of data. In encryption, authentication ensures that encrypted data hasn't been modified and comes from a trusted source. AES-GCM provides built-in authentication.

B

BIP39

Key Management

Bitcoin Improvement Proposal 39, a standard for generating mnemonic phrases (typically 12 or 24 words) that can deterministically generate cryptographic keys. Originally created for cryptocurrency wallets, BIP39 is now widely used for password recovery in security applications. Sekura FileLock uses 24-word BIP39 phrases for vault recovery.

BitLocker

Encryption Methods

Microsoft's full disk encryption feature built into Windows. BitLocker encrypts the entire system drive and protects data when the device is powered off. It works at the disk level, unlike file-level encryption which protects individual files.

Blake2b

Algorithms

A cryptographic hash function designed to be faster than MD5 and SHA while providing security comparable to SHA-3. Blake2b is used for verifying data integrity and is optimized for 64-bit platforms. Sekura FileLock uses Blake2b for integrity verification.

Block Cipher

Encryption Methods

An encryption algorithm that encrypts data in fixed-size blocks. AES is a block cipher that operates on 128-bit blocks. Block ciphers are combined with modes of operation (like GCM or CBC) to encrypt data larger than a single block.

Brute Force Attack

Threats

An attack method that tries every possible password or key combination until the correct one is found. Strong encryption with long keys (like AES-256) and memory-hard key derivation functions (like Argon2) make brute force attacks computationally infeasible.

C

ChaCha20

Algorithms

A stream cipher designed by Daniel J. Bernstein. ChaCha20 is often used as an alternative to AES in software implementations because it performs well without hardware acceleration. It's commonly paired with the Poly1305 authenticator.

Cipher

Encryption Basics

An algorithm for performing encryption or decryption. Ciphers transform plaintext into ciphertext (encryption) and back again (decryption). Modern ciphers like AES use complex mathematical operations that are easy to compute with the key but practically impossible without it.

Ciphertext

Encryption Basics

The encrypted, unreadable form of data after it has been processed by an encryption algorithm. Ciphertext can only be converted back to readable plaintext using the correct decryption key.

Cold Storage

Security Concepts

Storing cryptographic keys or sensitive data on devices that are not connected to the internet. Cold storage significantly reduces the risk of remote attacks. Paper backups of BIP39 recovery phrases are a form of cold storage.

Cryptographic Hash Function

Algorithms

A function that takes input data and produces a fixed-size output (hash) that appears random but is deterministic. Good hash functions are one-way (can't reverse the hash), collision-resistant (hard to find two inputs with the same hash), and avalanche (small input changes cause large output changes).

D

Decryption

Encryption Basics

The process of converting encrypted data (ciphertext) back into its original readable form (plaintext) using a decryption key. Only someone with the correct key can successfully decrypt the data.

Defense in Depth

Security Concepts

A security strategy that uses multiple layers of protection. If one layer fails, others remain. Combining full disk encryption with file-level encryption is an example of defense in depth.

Deterministic

Security Concepts

A process that always produces the same output given the same input. BIP39 key generation is deterministic—the same mnemonic phrase always generates the same keys. This allows reliable key recovery from backup phrases.

Dictionary Attack

Threats

An attack that tries common words and phrases as passwords rather than random combinations. Using strong, unique passwords or passphrases protects against dictionary attacks. Key derivation functions also slow down these attacks.

E

ED25519

Algorithms

A public-key digital signature algorithm using elliptic curve cryptography. ED25519 provides strong security with relatively small key sizes (256 bits) and fast signature generation/verification. Sekura FileLock uses ED25519 for license validation.

Elliptic Curve Cryptography (ECC)

Encryption Methods

A type of public-key cryptography based on the mathematics of elliptic curves. ECC provides equivalent security to RSA with much smaller key sizes, making it more efficient for mobile and embedded devices.

Encryption

Encryption Basics

The process of converting readable data (plaintext) into an unreadable format (ciphertext) using a mathematical algorithm and a key. Encryption protects data confidentiality by ensuring only authorized parties with the correct key can read the information.

Encryption Key

Key Management

A piece of information used by an encryption algorithm to transform plaintext into ciphertext (and vice versa). The security of encrypted data depends on keeping the key secret. Key length (measured in bits) affects security strength.

End-to-End Encryption (E2EE)

Security Concepts

A system where only the communicating users can read the messages. In E2EE, data is encrypted on the sender's device and only decrypted on the recipient's device, preventing intermediaries (including service providers) from accessing the content.

Entropy

Security Concepts

A measure of randomness or unpredictability. In cryptography, high entropy is essential for generating secure keys. A password like 'password123' has low entropy, while a random 24-word BIP39 phrase has very high entropy.

F

File-Level Encryption

Encryption Methods

Encryption applied to individual files rather than entire disks or volumes. File-level encryption allows selective protection of sensitive documents while leaving other files unencrypted for easy access. Sekura FileLock uses file-level encryption.

FileVault

Encryption Methods

Apple's full disk encryption feature built into macOS. FileVault encrypts the entire startup disk and protects data when the Mac is powered off or in sleep mode. It uses XTS-AES-128 encryption.

FIPS 140-2/3

Standards

Federal Information Processing Standards for cryptographic modules. FIPS certification validates that security products meet specific requirements for use in government applications. AES is a FIPS-approved algorithm.

Full Disk Encryption (FDE)

Encryption Methods

Encryption that protects an entire storage device by encrypting all data on the disk. FDE (like FileVault or BitLocker) protects data when a device is powered off but doesn't protect individual files when the system is running and unlocked.

G

GCM (Galois/Counter Mode)

Algorithms

A mode of operation for block ciphers that provides both encryption and authentication. GCM is efficient and widely used because it can run encryption and authentication in parallel. AES-GCM is the standard for TLS 1.3.

GDPR (General Data Protection Regulation)

Standards

European Union regulation on data protection and privacy. GDPR requires organizations to protect personal data and gives individuals control over their data. Encryption is mentioned as an appropriate technical measure for data protection.

H

HKDF (HMAC-based Key Derivation Function)

Key Management

A key derivation function that expands a single master key into multiple derived keys for different purposes. HKDF is used when you need to generate several cryptographic keys from one source of key material. Sekura FileLock uses HKDF to derive individual file encryption keys from your master key.

HMAC (Hash-based Message Authentication Code)

Algorithms

A type of message authentication code that combines a cryptographic hash function with a secret key. HMAC is used to verify both data integrity and authenticity.

I

Initialization Vector (IV)

Encryption Basics

A random value used with an encryption key to ensure that encrypting the same plaintext multiple times produces different ciphertext each time. IVs prevent pattern analysis attacks and should never be reused with the same key.

K

Key Derivation Function (KDF)

Key Management

An algorithm that generates cryptographic keys from a password or other input. KDFs like Argon2 and PBKDF2 deliberately slow down the key generation process to make password guessing attacks more difficult.

Key Stretching

Key Management

The process of making a weak key (like a password) stronger by applying a computationally intensive function. Argon2 and PBKDF2 are key stretching functions that make brute-force attacks slower and more expensive.

Keylogger

Threats

Malware that records keystrokes to capture passwords and other sensitive information. Keyloggers are a threat to encryption systems because they can capture passwords before encryption occurs. Use trusted devices and 2FA for protection.

M

Master Key

Key Management

The primary cryptographic key from which other keys are derived. In Sekura FileLock, your master key is generated from your password using Argon2, and individual file encryption keys are derived from this master key using HKDF.

Memory-Hard Function

Key Management

A cryptographic function that requires a significant amount of memory to compute, making it resistant to attacks using GPUs or specialized hardware that have limited memory per core. Argon2 is a memory-hard function.

Mnemonic Phrase

Key Management

A set of words (typically 12 or 24) that encode a cryptographic seed. Mnemonic phrases are easier to write down and remember than random strings of characters. Sekura FileLock uses a 24-word BIP39 mnemonic phrase for vault recovery.

N

NIST (National Institute of Standards and Technology)

Standards

A U.S. government agency that develops standards for technology, including cryptographic algorithms. NIST standardized AES and is currently working on post-quantum cryptography standards.

Nonce

Encryption Basics

A number used once in cryptographic communication. Similar to an IV, a nonce ensures that the same plaintext encrypted multiple times produces different ciphertext. The key security requirement is that a nonce is never reused with the same key.

P

PBKDF2

Key Management

Password-Based Key Derivation Function 2, an older but still widely used key derivation function. PBKDF2 applies a pseudorandom function (like HMAC) multiple times to increase the computational cost of key derivation. While secure, PBKDF2 is more vulnerable to GPU attacks than newer functions like Argon2.

Plaintext

Encryption Basics

The original, readable form of data before encryption or after decryption. Protecting plaintext from unauthorized access is the primary goal of encryption.

Post-Quantum Cryptography

Algorithms

Cryptographic algorithms designed to be secure against attacks by quantum computers. While current quantum computers can't break modern encryption, researchers are developing and standardizing post-quantum algorithms as a precaution.

R

Rainbow Table

Threats

A precomputed table for reversing cryptographic hash functions, used to crack password hashes. Salting passwords before hashing defeats rainbow table attacks because each password requires its own unique table.

RSA

Algorithms

One of the first public-key cryptosystems, named after its inventors Rivest, Shamir, and Adleman. RSA is used for secure data transmission but requires larger key sizes (2048+ bits) compared to elliptic curve alternatives for equivalent security.

S

Salt

Key Management

Random data added to a password before hashing to ensure that identical passwords produce different hash values. Salts prevent attackers from using precomputed tables (rainbow tables) to crack passwords.

Secure Random Number Generator

Security Concepts

A random number generator suitable for cryptographic use, producing unpredictable values that cannot be guessed by attackers. Cryptographic operations require secure random numbers for keys, IVs, and nonces.

Side-Channel Attack

Threats

An attack based on information gained from the physical implementation of a system, such as timing, power consumption, or electromagnetic emissions, rather than weaknesses in the algorithm itself.

Stream Cipher

Encryption Methods

An encryption algorithm that encrypts data one bit or byte at a time, generating a continuous stream of key material. ChaCha20 is a modern stream cipher. Stream ciphers can be faster than block ciphers for certain applications.

Symmetric Encryption

Encryption Methods

Encryption where the same key is used for both encryption and decryption. AES is a symmetric encryption algorithm. Symmetric encryption is faster than asymmetric encryption but requires secure key distribution.

T

Threat Model

Security Concepts

A structured analysis of potential threats to a system, identifying assets to protect, potential attackers, and their capabilities. Good security starts with understanding your threat model to apply appropriate protections.

Two-Factor Authentication (2FA)

Security Concepts

A security method requiring two different types of identification: something you know (password) and something you have (phone, hardware key). 2FA significantly increases security by requiring attackers to compromise two separate factors.

X

XTS Mode

Algorithms

XEX-based Tweaked CodeBook mode with ciphertext Stealing. A mode of operation specifically designed for disk encryption. XTS is used by FileVault, BitLocker, and other full disk encryption solutions.

Z

Zero-Knowledge Architecture

Security Concepts

A system design where the service provider has no access to user data or encryption keys. In zero-knowledge systems, all encryption and decryption happens on the user's device, and the provider cannot access user data even if legally compelled. Sekura FileLock uses zero-knowledge architecture.

Zero-Knowledge Proof

Security Concepts

A cryptographic method allowing one party to prove they know a value without revealing the value itself. While different from zero-knowledge architecture, both concepts share the principle of minimizing information disclosure.

59
Terms Defined
7
Categories
18
Letters Covered
AES-256
Encryption Used

Ready to protect your files?

Put this knowledge into practice with Sekura FileLock.