Encryption

The process of converting data into a form that requires a secret key to read, protecting it from anyone who intercepts the storage medium or network traffic.

Why it matters

Encryption is the most reliable defense against data theft because it shifts the security boundary from network and device controls to the math of the cipher. Modern AES-256 has no known practical attack. The weakness is always elsewhere: weak passphrases, leaked keys, or endpoints that decrypt the data into RAM.

For practical use, three layers matter: HTTPS for traffic in transit, full-disk encryption for laptops in case of theft, and end-to-end encryption (Signal, Proton) for messages you do not want the service provider to read.

Best practices

Turn on full-disk encryption on every laptop (BitLocker on Windows, FileVault on macOS, LUKS on Linux). Use end-to-end encrypted messaging by default for personal communication. For backups, use a service that does client-side encryption so the provider cannot read your files.

Protect the keys. A 25-character random passphrase is more than enough; the cipher itself is not the weak link.

Frequently asked

If I lose the encryption key, can I recover the data?

No. That is the design. Modern encryption is engineered so that without the key, the data is mathematically irretrievable. Always store a recovery key in a separate location (printed in a safe, in a password manager, or with a trusted family member) before you need it.