From the standpoint of keeping your computer’s data — and the data you share with others — safe, what’s the difference between obfuscation and encryption? LockerGnome’s Brandon Wirtz lays it out very simply:
“If you’ve ever visited a secure Web site, you’ve heard of or used encryption. Encryption requires that the user has a key and the Web site that you’re talking to or exchanging a message with also has a key, called a public key or a private key.
“Encryption is secure as long as those keys are secure.
“Obfuscation, on the other hand, works through, more or less, obscurity. What you’re doing is masking the data you’re sending. Obfuscation could be as simple as reversing the orders of letters in a sentence that you’re sending so that it looks like gibberish, or changing between ASCII characters and some sort of ANSI character set. All of these things can obfuscate the true nature of the data that you’re pushing.
“Obfuscation is only secure if unwanted eyes don’t know the mechanism whereby the data is being obfuscated, as opposed to encryption, which is secure as long as you hold the keys.
“So when you talk about SSL, which is one of the major types of encryption out there, or Blowfish, or any of the others, even though the algorithm used to do the encryption is well known, if you don’t have the key, you can’t decrypt the data. With obfuscation, if you know the way that something is obfuscated — if it’s hexing coded or ANSI encoded or the order of the letters is reversed, you can undo the obfuscation without needing any keys.
“And that’s the real difference between obfuscation and encryption.”
Post a Comment
Security related topics..........