Avast Academy Privacy VPN Data Encryption: What Is It?

Data Encryption: What Is It?

Data encryption is the act of encoding sensitive data and personal information to protect it against access by unauthorized parties — like cybercriminals. Here, we’ll explore what encryption is, how it works, and how it can protect you against online threats. You’ll also learn why encrypting your data with a VPN is a surefire way to keep your data safe and secure.

Written by Derek DeWitt
Published on April 22, 2021
Reviewed by Mike Polacko

What is encryption?

Encryption is a method for protecting data by scrambling it so that it becomes unreadable. The data is scrambled from plaintext into ciphertext with an encryption method called an algorithm. Anyone wishing to access the encrypted data must first decode it with the correct decryption key.

Hamburguer menu icon

This Article Contains :

    Data encryption increases the security of your sensitive data, personal information, and metadata, offering you protection and privacy in an unpredictable online world.

    Encryption vs. cryptography

    The practice of encryption is a form of cryptography. The meaning of cryptography comes from the Greek words for “secret writing.” People have been using cryptographic systems for thousands of years to disguise written information so that only the intended recipient can read it.

    Encryption is just one form of cryptography. It is an operational process that uses math and algorithms to encode plaintext more efficiently and in more complex ways. People use encryption specifically to prevent unauthorized use of data.

    How does encryption work?

    Encryption works by sending the original data (or plaintext) through an algorithm (a cipher), which encrypts the data into ciphertext. The new text is unreadable unless someone uses the right decryption key to decode it.

    This is equally true for both data at rest (stored someplace, like on a hard drive) and data in motion (being electronically transferred from one place to another, like over a network or the internet).

    Encryption algorithms use cryptographic keys, which are strings of characters, to scramble data into seemingly random gibberish. Modern algorithms break up the plaintext data into groups called blocks, then encrypt each block as a unit — that’s why they’re known as block ciphers.

    Modern algorithms are so complex that the same plaintext will result in a different ciphertext every time the algorithm is applied. The data can be decoded only with the key for that specific encryption session. In short, that’s how to encrypt data.

    Symmetric encryption vs. asymmetric encryption

    Symmetric and asymmetric encryption are the two primary types of encryption. Here are the main differences between symmetric and asymmetric encryption:

    • Symmetric encryption uses the same key to both encrypt the data and later decrypt it. Senders give the key to the intended recipient before they can use it, and anyone who has the key can access the information. That’s why symmetric encryption is also known as private-key encryption — if the key becomes public, the encryption loses its security.

      Symmetric encryption uses one key to encode and decode data.

      Symmetric encryption uses one encryption key to encode and decode data.

    • Asymmetric encryption is more secure since it uses two keys: a public key to encrypt the data and a private key to decrypt it. The public key can be shared with anyone, which is why this method is also known as public-key encryption. Only those with the private key can turn the encrypted data back into intelligible plaintext.

      Asymmetric encryption is more secure than symmetric encryption because it uses two keys.

      Asymmetric encryption is more secure because it uses two encryption keys.

    Types of Encryption

    Early encryption algorithms, such as the Data Encryption Standard (DES), used 56-bit keys to encode data. These older methods don’t hold up against today’s hacking methods, such as a brute force attack — encrypted data can indeed be hacked. Newer and more complex encryption types have since emerged to replace DES.

    Here are several of the most common encryption methods in use today:

    Triple DES

    The symmetric Triple DES system uses three 56-bit keys. Data is encrypted, decrypted, then re-encrypted. When decrypting, Triple DES repeats the process in reverse: decrypting, encrypting, and decrypting again. This makes it far more secure than using a single 56-bit key.

    But the multi-stage process is slow, and Triple DES’s shorter blocks aren’t as secure as the longer ones other algorithms use. These days, Triple DES is gradually becoming obsolete.


    The Advanced Encryption Standard (AES) is a symmetric system commonly used by corporations, financial institutions, and governments. It encrypts data into big blocks of 128 bits, with differently sized keys available. Each key also goes through a different number of encryption rounds — the processes that encode and decode the data — for greater security:

    • AES-128: a 128-bit key in 10 rounds

    • AES 192: a 192-bit key in 12 rounds

    • AES-256: a 256-bit key in 14 rounds

    Avast SecureVPN encrypts your data with AES-256 to give you the same degree of security that banks and governments around the world rely on.


    Originally developed as a fast and free public encryption solution to replace DES, Blowfish is a symmetric block cipher that divides data into 64-bit blocks. It generates keys of variable lengths from 32 bits all the way up to 448 bits (though usually not that long).

    Blowfish is used by many e-commerce vendors for things like passwords and secure payment processing, and allegedly no one has ever successfully hacked it.


    Twofish creates 128-bit blocks, and the base key length can be extended to 256 bits. It always processes blocks in 16 rounds, regardless of the size of the data it’s working with. Twofish is praised by its users for its customizability and high degree of security.


    The Rivest-Shamir-Adleman (RSA) standard is the only asymmetric encryption algorithm in this list. It’s commonly used for digital signatures and sending data online via email, chats, secure web browsers, and VPNs (virtual private networks). The RSA algorithm uses prime numbers to generate 1024-bit keys, which can be extended to 2048 bits.

    RSA’s key size means that using it to encrypt large files can take a while, so it’s often used in hybrid encryption schemes, where a file has been encrypted using one of the symmetric systems, and the key is encrypted asymmetrically using RSA.


    Perfect Forward Secrecy (PFS, also sometimes just called Forward Secrecy) is a symmetric system that creates temporary private key exchanges between senders and recipients. Keys are session-specific, and every new session creates a new key. That way, if security is breached in one session, all the other sessions — past and future — are still safe.

    PFS encryption keys can be 128, 168, or 256 bits. It’s used by WhatsApp, Facebook Messenger, Google Docs, and Gmail. Google Chrome also uses PFS, and many other web browsers are beginning to adopt it.


    Format Preserving Encryption (FPE) is a new class of symmetric-key algorithms that keep your encrypted data in a similar format to what it was in plaintext. For example, if you have a password that has 10 letters, four numbers, and three special characters, the encrypted ciphertext will be similar. A 16-digit credit card number gets turned into another 16-digit number, Spanish words become other Spanish words, and so on.

    Format Preserving Encryption is used in financial databases, and by some banks and retail vendors.

    End-to-End Encryption

    When looking at encryption methods, it’s important to consider if they encrypt in-transit only or end-to-end.

    • In-transit encryption protects data while being transferred from sender to server, but then it’s vulnerable on the server as plaintext.

    • End-to-end encryption means that only devices belonging to the sender and intended recipient have the correct keys to decrypt the information. Any data protected by end-to-end encryption is protected throughout its entire journey from sender to receiver.

    Examples of encryption

    Computer encryption scrambles data into an unreadable format that can only be unscrambled with the right key. Even internet-based communications, like email or web browsing, are vulnerable without encryption.

    Here are some of the most common encryption examples:


    If a website URL begins with https, then it’s encrypted (the s means secure). Your browser’s address bar may also show a little padlock icon.

    HTTPS means that your connection with the site is protected using Transport Layer Security (TLS), which used to be known as SSL (Secure Sockets Layer). The data is encrypted in transit and decrypted on both ends with verified digital certificates, which act as the keys.

    Don’t enter any personal data on a website that isn’t protected with HTTPS. And if you’re on an e-commerce site, make sure to check if the website is safe.

    The HTTPS protocol can also be used to encrypt DNS data. A DNS over HTTPS (DoH) service protects your DNS data transmission and resolution, safeguarding you against spoofing attacks and other threats.

    Encrypted Messaging

    Encrypted messaging services usually use TLS, just like a browser.

    Signal, WhatsApp, Facebook Messenger, Viber, LINE, KakaoTalk, Dust, Wickr, Cyphr, CoverMe, and Silence are some free messaging apps that already use encryption. Instagram Vanish messages are also encrypted in transit, but not end-to-end.

    Encrypted Email

    Outlook, Gmail, and ProtonMail are all examples of email services that use encryption by default. For normal users, this level of security is usually enough. If you want more protection, consider upgrading your email service, or opt for one of the many affordable encrypted email services available.

    Follow these email best practices as well.

    • Use strong passwords. The best password is long and unique. Don’t use one password for everything. If a hacker gets it, they have access to all your accounts. A secure password manager can help you create, store, and use long and unique passwords for all your accounts.

    • Two-step authentication (2FA) enhances your security by requiring two methods of identity confirmation for logging in. Use 2FA on any accounts that offer it, including your email service.

    • Use spam and phishing filters. Your email service probably already has these. If so, don’t forget to regularly check your spam folder, since legitimate messages sometimes get caught in the net. An antivirus program with an email shield will give you an extra layer of protection.


    In addition to Bitcoin, there are over 2,000 cryptocurrencies in use today, with more being created all the time. Cryptocurrencies and transactions made with them are encrypted and distributed among thousands of computers in a shared ledger called a blockchain. This decentralizes the data, and once information is in the blockchain, it can never be altered.

    People might not be able to steal your Bitcoin, but they can steal your resources via cryptojacking. Bad actors will hijack your computer’s processing power to create or “mine” cryptocurrencies without your knowledge. Your computer will slow down and your electricity bill will skyrocket, but all mined currency will go to the cryptojacker.

    Good antivirus tools, JavaScript-blocking browser extensions, and updated software will help prevent this from happening.

    Why is encryption important?

    Encryption is important because it protects data against unwanted access. While encryption can’t guarantee total security, it will greatly reduce your exposure to theft, hacking, password cracking, identify theft and fraud, and other online threats.

    Avast SecureLine VPN uses 256-bit AES encryption to protect your data.Avast SecureLine VPN encrypts your data with powerful 256-bit AES encryption.

    When you encrypt your data with a VPN, like Avast SecureLine VPN, you’ll prevent cybercriminals from intercepting your internet traffic and capturing your personal data. This is crucial if you use unsecured public Wi-Fi networks. No matter where you surf, a VPN will keep your data safe.


    A VPN (virtual private network) encrypts your internet traffic while also hiding your IP address by routing your traffic through a proxy server. Good VPN providers offer servers in many locations around the globe, and it’s easy to set up a VPN on your device.

    VPNs can also help you unblock websites that are normally inaccessible from your physical location. By giving you a new IP address and encrypting your traffic, a VPN makes you anonymous online, not just to hackers but to government snoops, employers, and your ISP. VPNs, proxies, and Tor each have their own strengths and drawbacks as privacy tools.

    A VPN will keep you protected even on unsecured public Wi-Fi networks. You can also benefit from turning on Wi-Fi encryption at home. Some VPNs will automatically connect you to the fastest server available, but you can try speeding up your VPN by choosing different servers or restarting your router.

    Avast SecureLine VPN uses the OpenVPN protocol, an open-source system that’s trusted by many large companies, including Apple, and protects your data with 256-bit AES encryption.

    Can encrypted data be hacked?

    Yes, encrypted data can be hacked. There’s no such thing as 100% hacking protection, though longer encrypted strings are usually tougher to crack when subjected to a brute-force attack.

    The longer and more complicated a password is, the harder it is to accidentally hit upon the one that unlocks the keys to the kingdom. Brute force takes an astonishing amount of time and computing power.

    Outdated cryptographic algorithms may contain vulnerabilities and are easier to crack. A contemporary 256-bit key yields 2256 possible combinations. The Tianhe-2 (MilkyWay-2) supercomputer would take millions of years to brute force all those combinations.

    Of course, computers are getting faster all the time, and the encryption world needs to stay ahead. The MD5 and SHA-1 algorithms are just not complex enough to protect against today’s computers — both are considered cryptographically broken and unsuitable.

    For things that really need to stay secure, the common practice of hashing (a one-way encryption method) is less secure than something like bcrypt. Bcrypt — developed for Blowfish back in 2002 and used as a cross-platform file encryption utility — is an adaptive password-hashing function that’s far more resistant to brute-force attacks.

    Avast SecureLine VPN: the secure choice

    A good VPN encrypts your device’s entire internet connection whenever you’re online. Any network or website, even the unsecured Wi-Fi at your favorite cafe, becomes super secure with Avast SecureLine VPN.

    A VPN encrypts your entire internet connection whenever you’re online.

    With just one click, you’re protected from third parties with the same 256-bit AES encryption security used by banks and the military — it’s basically impossible to brute-force crack. Avast SecureLine VPN also uses the OpenVPN standard and OpenSLL libraries, two of the most widely trusted and reliable protection protocols in existence.

    With Avast SecureLine VPN, there’s no limit on what you do or where you do it. Access your favorite content with zero bandwidth limits, and protect your data on any device you use — our open-source technology works for Windows, Android, and Apple devices of all kinds.

    Encrypt your data with Avast SecureLine VPN for iPhone and iPad

    Free trial

    Encrypt your data with Avast SecureLine VPN for Android

    Free trial
    Derek DeWitt