What is Zero Knowledge Encryption?
Everyone has heard of encryption in the news these days. And everyone has a basic idea of what it is, but the details of encryption and how it is implemented can make the difference between whether your data is truly secure or if you merely have the illusion of security. This is why at SecretValet we use something called “Zero Knowledge Encryption”, but I’m getting ahead of myself.
Encryption is the scrambling of meaningful data in such a way that the information is meaningless to anyone other than the person who encrypted the data and the data’s intended recipients. Without going into too much detail on how this is done, this typically means that there is a key that a program uses to encrypt the information and then uses to decrypt the information. In reality, it is much more complex than that and there are actually multiple keys, but that is beyond the scope of this discussion.
If we think in every day terms, data and encryption are like valuables in your house. To protect them, you lock your doors using a key. If you want someone else that you trust to have access to your valuables, you make a copy of your key and you give it to them. If you want to take away that access, you change the locks and now have a new key. The same works with encryption except that your key is a passphrase that you use to encrypt your data. So far, so good…
Now, what if you locked your door, but then put your key under the welcome mat, or you bought a lock that had the same key for every lock sold? That’s not so secure, is it?
It is this same kind of thing that happens in the digital world. Some websites claim to encrypt your data, but they only encrypt it after your upload it to their site! Think about that. Your data is transmitted, possibly wirelessly, to your home router, then through your modem to your service provider’s servers, then through probably 5-6 other servers, until it finally reaches the website that you see on your screen, and then your data is stored un-encrypted on their servers prior to them encrypting it there with the keys that where anyone in their company can see it, copy it, or exploit it, before it is encrypted. Anywhere along the way, anyone can access, copy, and exploit your data. Oh…and let’s not forget that the site that you uploaded it to has your keys, so they can unencrypt it any time they want. Not that secure, is it?
The only way for your data to truly be secure is for it to be fully encrypted on your local machine before it leaves your machine and is transferred anywhere. I should also add, that your local machine needs to be scanned for any malware to be sure that it is not being monitored prior to you encrypting your data or the data that you are encrypting could be compromised prior to it being encrypted. This kind of data encryption and storage is called “zero knowledge encryption” because the site to which you upload your data, and all intermediate sites, have zero knowledge of your keys or the actual content of your data.
If you care about the security of your data, it is always important to determine not only how your data is being encrypted, but where and when your data is being encrypted.