Drawbacks/Disadvantages

Encryption is a very complex technology. Management of encryption keys must

be an added administrative task for often overburdened IT staff. One big
disadvantage of encryption as it relates to keys is that the security of data
becomes the security of the encryption key. Lose that key, and you effectively
lose your data.
Encrypting data and creating the keys necessary to encrypt and decrypt the data
is computionally expensive. No matter what type of encryption is used, the
systems performing the computional heavy lifting must have available resources.
One of the common drawbacks of traditional full-disk encryption solutions is the
reduction of overall system performance upon deployment.A key pitfall is that a
poor encryption implementation could result in a false sense of security, when in
fact it is wide open to attack.

Malicious insiders and system administrators could access both encrypted

data and encryption keys, giving them access to clear text data, unless keys are
deliberately isolated in a dedicated key management system.
Applications that have legitimate access rights and yet are infected with
malware can still access confidential data.
Multiple database instances will typically require access to the same keys,
driving up the costs of provisioning and rotating keys in a coordinated fashion.
Key loss can render data unavailable, since decryption would be impossible
disrupting business operations.
Super-users with broad access rights can subvert and potentially disable
encryption controls unless suitable checks and balances are put in place.

The Disadvantages of Encrypted Files

by Julius Vandersteen, studioD

People encrypt files to keep the information from falling into the wrong hands.

Related Articles

Types of Encryption Software

Encryption for SD Cards

Types of Symmetric Encryption Algorithms

How Good Is PKZIP Encryption?

Types of Encryption

128 Vs. 256 Encryption

If you deal with files that have information that you need to keep secret from unauthorized
people, you can encrypt them to protect them. An advantage of encrypting a file is that only
the person who knows the password should be able to open it. However, there are some
disadvantages of encrypting files that deserve your attention.
Sponsored link

Recover/Repair Data Files

We Recover 100% data from Lost & Corrupted files. Free consultation
stellarinfo.co.in/Recover-File-Data

Forgetting Passwords
Encryption requires a password to encrypt and decrypt the file. People who use common
words such as love or their spouses name for a password at their ATM or for signing in to
an email account may do so because they are afraid of forgetting the password. A
disadvantage of encrypting files is if you forget the password that you used, you may never
be able to recover the data. If you use a password that is easy to guess, your encrypted data is
less secure.

Raising Suspicions
If you use encryption to protect your information on your computer at work or at home, it
could raise suspicions. Your boss may wonder why you are keeping certain files inaccessible.
Could they be the latest version of your resume or company secrets that you are trying to
remove from the building? At home, a significant other may want to know what terrible
secrets you are keeping that require you to encrypt files on your computer.

Developing a False Sense of Security

Todays encryption scheme may be difficult for people to crack, but advances in computer
technology and software development could eventually make it childs play to unlock your

encrypted files in the future. A disadvantage of encrypted files is that relying on them to keep
things secret could lull you into a false sense of security. A determined person may marshal
overwhelming computer resources to decrypt your secret files.

Requiring Cooperation
Using encrypted files that are designed to be opened and shared by two or more people can
be disadvantageous when one or more participants finds it a burden to use encryption. For
example, if you and a distant colleague are collaborating on a project that you need to keep
secret, you might encrypt files each time you send them over, but your colleague may think it
is tedious to take the time to encrypt and decrypt files. You will either have to cite company
policy about secrecy or appeal to his sense of cooperation.
Sponsored links

Disadvantage: Sharing the Key

The biggest problem with symmetric key encryption is that you need to have a way to get the key to the
party with whom you are sharing data. Encryption keys aren't simple strings of text like passwords. They
are essentially blocks of gibberish. As such, you'll need to have a safe way to get the key to the other party.
Of course, if you have a safe way to share the key, you probably don't need to be using encryption in the
first place. With this in mind, symmetric key encryption is particularly useful when encrypting your own
information as opposed to when sharing encrypted information.

Disadvantage: More Damage if Compromised

When someone gets their hands on a symmetric key, they can decrypt everything encrypted with that key.
When you're using symmetric encryption for two-way communications, this means that both sides of the
conversation get compromised. With asymmetrical public-key encryption, someone that gets your private
key can decrypt messages sent to you, but can't decrypt what you send to the other party, since that is
encrypted with a different key pair.

tradeoffs and Limitations of Shield Platform Encryption

A security solution as powerful as Shield Platform Encryption doesn't come without some
trade-offs. When your data is strongly encrypted, some users may see limitations to some
functionality, and a few features aren't available at all. Consider the impact on your users and
your overall business solution as you design your encryption strategy.
Available as add-on subscription in: Enterprise, Performance, and Unlimited Editions. Requires
purchasing Salesforce Shield. Available in Developer Edition at no charge for organizations
created in Summer 15 and later.
Available in both Salesforce Classic and Lightning Experience.
General Shield Platform Encryption Considerations
These considerations apply to all data that you encrypt using Shield Platform
Encryption.

Which Salesforce Apps Support Encrypted Data?

Some Salesforce feature sets work normally when you work with data that's encrypted
at rest. Others don't.

Shield Platform Encryption and the Lightning Experience

Shield Platform Encryption works the same way in the Lightning experience as it does
in Salesforce Classic, with a few minor exceptions.

Field Limits with Shield Platform Encryption

Under certain conditions, encrypting a field can impose limits on the values that you
store in that field. Before deciding to encrypt a field, make sure that you know these
limits.
========

Applying message archiving can disable message encryption.

If an archiving solution is used that does not support encrypted data storage, this can
lead to a situation in which configured message encryption at the database level (as
described in this section) is disabled. Administrators are recommended to evaluate
the archive solution used in light of this limitation.

Scenarios using Business Process Management and cross-component Business

Process Management are not fully supported.
Depending on the scenario, messages or message elements may be stored
unencrypted in separate databases even if the message encryption is configured
according to the procedures in this section.

Encryption of logged synchronous messages is not supported in the Advanced

Adapter Engine.
However, encryption of logged synchronous messages stored in the Integration
Engine message store is supported.

Advanced (user-defined) message search on sensitive message elements is not

supported.
If you define filters that include payload elements with sensitive data, be aware of the
fact that these elements are stored unencrypted.

SAP NetWeaver Search and Classification (TREX) is not supported.

TREX stores messages unencrypted.

Message encryption at the database level is not fully supported for all SAP
adapters and third-party adapters.
Adapters with their own message storage (for example, RNIF, CIDX adapter) do not
support encrypted data storage if the message itself was not previously encrypted by
the sender.

Only service interfaces can be marked as sensitive. Imported IDocs and RFCs
cannot be marked as sensitive. Scenarios using those imported interfaces on either
sender or receiver side are currently not supported.

http://www.answers.com/Q/What_is_digital_certificates#
slide=1

Description
The following table describes the data at rest encryption limitations.
Table: Data at rest encryption limitations
Limitation
Computer
performance
affect of data
encryption

Description
Encryption algorithms are like data compressions algorithms in that they are
very CPU intensive. Compressing data without the addition of computer
hardware (either dedicated or shared), can affect computer and NetBackup
performance.

Data
compression
Data compression algorithms look for data patterns to compress the data.
must be
Encryption algorithms scramble the data and remove any patterns. Therefore if
performed
data compression is desired, it must be done before the data encryption step.
before data
encryption
There are many encryption algorithms and associated key sizes. What should a
Choice of an
user choose for data encryption? AES (Advanced Encryption Standard) is the
encryption
standard for data encryption and supports 128, 192, or 256 -bit encryption
algorithm
keys.
AES became AES replaced the previous standard, DES which was secure through about
the standard 1998. Then, computer processing speed enhancements and parallel processing
techniques finally showed DES to be vulnerable to attack in 10s of hours. At
that point, the US Government solicited a replacement for DES. An algorithm
called Rijndael (pronounced Rhine dahl), became the front runner. After about
5 years of peer review, and review by the US Government, a specific
configuration of Rijndael became AES. In June 2003, the US Government
announced that AES can be used for classified information.
"The design and strength of all key lengths of the AES algorithm are 128, 192
and 256. These are sufficient to protect classified information up to the
SECRET level. TOP SECRET information requires the use of either the 192 or
256 key lengths. The implementation of AES in products is intended to protect
national security systems. Information is reviewed and certified by NSA
before their acquisition and use."

Limitation

Description
For more information, refer to this website :
http://www.cnss.gov/Assets/pdf/cnssp_15_fs.pdf.

Generally, the larger key the more secure, and the longer into the future the
Suggested key
data will stay secure. AES is one of the best choices because it is deemed
size
secure with all three supported (128, 192, 256 bit) key sizes.

NIST FIPS
140

FIPS
certification
for my
encryption
solution

NIST (National Institute of Science and Technology) FIPS (Federal

Information Processing Standard) 140 is a government program. This program
certifies data encryption solutions for the federal government. The program
requires that encryption solution providers document their product from both a
use perspective and security interface perspective. Then, submit the product to
an accredited 3rd party reviewer for validation. Upon successful review, the
product is issued a validation certificate.
While FIPS certification may be required for use by the US government, and is
a likely added level of comfort it should not be the only criteria that is used to
evaluate an encryption solution.
Other considerations should be part of any decision-making process as
follows:

FIPS certificates only apply to the named version of a product. And

then only when the product is used in conformance with the "FIPS
security policy" the document that is submitted when the product was
validated. Future product versions and non-standard uses would be
subject to questioned validation.

The security of algorithms like AES is not in the obscurity of how they
work. Rather the security is in the difficulty to deduce an unknown
encryption key. The years of scrutiny and peer review for AES, have
lead to mature implementations. In fact, tests exist for AES where
specific keys and data sets are input, and verified against the expected
output.

Data encryption is much like automobile security. Most problems are

related to lost or misplaced keys and not related to malfunctioning
locks.

Since misuse is more likely to lead to problems, the usability of an

Limitation

Description
encryption product should be part of the consideration.
Usability considerations include the following:

Appropriate
encryption
key
granularity

Encryption integration with the product

Encryption integration with business processes.

Appropriate encryption key granularity

Recoverability

The appropriate encryption key granularity is best explained with the example
of home security. A single house key is convenient. I can enter my garage,
front door, or backdoor all using the same key. This security is great until the
key is compromised (i.e. key that is stolen by criminals). Then I need to
change all the locks that used this key. The absurd extreme would be someone
having a key for every drawer and cupboard in a house. Then, a lost key would
require the changing of on a single lock.
The correct solution is probably somewhere in between. You must understand
your tolerance for a compromised or lost key from your business process
perspective. A lost key implies all the data that is encrypted with that key is
destroyed. A compromised key implies all the data that is encrypted with that
key must be decrypted and reencrypted to become secure.

Cryptography Drawbacks
Apart from the four fundamental elements of information security, there
are other issues that affect the effective use of information

A strongly encrypted, authentic, and digitally signed information can

be difficult to access even for a legitimate user at a crucial time of
decision-making. The network or the computer system can be attacked and
rendered non-functional by an intruder.

High availability, one of the fundamental aspects of information security,

cannot be ensured through the use of cryptography. Other methods are

needed to guard against the threats such as denial of service or complete

breakdown of information system.

Another fundamental need of information security ofselective access

control also

cannot

be

realized

through

the

use

of

cryptography.

Administrative controls and procedures are required to be exercised for the

same.

Cryptography does not guard against the vulnerabilities and threats that
emerge from the poor design of systems, protocols, and procedures.
These need to be fixed through proper design and setting up of a defensive
infrastructure.

Cryptography comes at cost. The cost is in terms of time and money

o

Addition of cryptographic techniques in the information processing

leads to delay.

The

use

of

public

key

cryptography

requires

setting

up

and

maintenance of public key infrastructure requiring the handsome

financial budget.

The security of cryptographic technique is based on the computational

difficulty of mathematical problems. Any breakthrough in solving such
mathematical problems or increasing the computing power can render a
cryptographic technique vulnerable.

- If you forget your passphrase and/or keyfile then there is almost no

chance of recovering your data.
- Some forms of encryption only offer nominal protection and can be
broken easily with the right program e.g an older ZIP archive or Word
Document.
- Some encryption programs are too complicated for the everyday user
and they may end up using them incorrectly. This could lead to securing
data which they did not wish to encrypt or failing to encode data which
they did wish to protect.

- The very existence of encryption programs or encrypted files will

attract suspicion as to what it is you are trying to protect whereas a nonencrypted system would not attract the same level of interest.
- With reference to the above point, in certain countries such as the UK,
Police can use legislation to compel you to reveal passwords to
encrypted data. You could face jail time if you failed to comply .
- Certain types of encryption software are banned in some countries. For
example, US versions of the program PGP cannot be exported outside
the country.
- As Encryption protects your personal data e.g bank details, love letters
etc. it also protects drug dealers who make deals from having their
messages intercepted, terrorists planning attacks and paedophiles
peddling child pornography.

A digital envelope is a secure electronic data container that is used to protect a message
through encryption and data authentication. A digital envelope allows users to encrypt data
with the speed of secret key encryption and the convenience and security of public key
encryption.

A digital envelope is a secure electronic data container that is used to protect a message
through encryption and data authentication. A digital envelope allows users to encrypt data
with the speed of secret key encryption and the convenience and security of public key
encryption.

What does Digital Envelope mean ?

niko
May 3, 2015
No Comments
What is a Digital Envelope ?
A digital envelope, also known as a digital wrapper, is a kind of
Communications security that uses two layers of encryption to
protect a message. You use a digital envelope to protect a
digital document from being readable to anyone other than the
intended recipient. You can think it as the electronic equivalent
of putting your writing into a sealed envelope. The envelope is
a secure electronic data container that is used to protect a
message with encryption and data authentication. That means
you encrypt the information so that only the intended recipient
can decrypt it.
The following are possible reasons for using digital envelopes:
Sending sensitive data across possibly insecure
communication
lines
Storing sensitive data
How it works?

A Digital Envelope is created by encoding the message itself

using symmetric encryption, and then the symmetric key is
encrypted using public-key encryption.
Basically
there
are
encryption: symmetric
encryption.

two
primary
kinds
of
encryption and asymmetric

Symmetric encryption means that the same key is used for

both encryption and decryption (a secret key). Anyone
wanting to decrypt the message needs access to this key.
Asymmetric encryption
creates
the
key
in
two
complementary pieces. One piece is the Public Key, and the
other is the Private Key. The Public Key is what its name
suggests Public. It is made available to everyone via a
publicly accessible repository or directory. On the other hand,
the Private Key must remain privateto its respective owner.
Because the key pair is mathematically related, whatever is
encrypted with a Public Key may only be decrypted by its
corresponding Private Key and vice versa.
Unfortunately, asymmetric key algorithms are hundreds or
thousands of times slower than symmetric key algorithms and
are suitable only for processing small pieces of information. So,
most digital envelope schemes use an asymmetric key
algorithm
(e.g.,
Rivest-Shamir-AdlemanRSAor DiffieHellman) to securely exchange a session key (a randomly
generated symmetric key just for this one message or session;
then you discard it) and then use a symmetric key algorithm
(e.g., DES or International Data Encryption AlgorithmIDEA) to
encrypt the text by means of the session key.
This technique overcomes one of the problems of public-key
encryption, which is that it is slower than symmetric encryption.
Because only the key is protected with public-key encryption,
there is very little overhead.

The person sending a message in a digital envelope must

randomly select a symmetric algorithm session key and
then encryptionthat session key by using the recipients public
key and an asymmetric algorithm. The sender encrypts the
message body (the plaintext) with the original (unencrypted)
symmetric session key, and then sends the encrypted session
key and encrypted message body (the ciphertext) to the
recipient.
The recipients of that message must decrypt the session key
using their own private key and then decrypt the rest of the
message using the recovered session key to obtain the original
message body. Only the holder of the recipients private key
can recover the session key and the original message.
The result is a secured digital document that only the owner of
the corresponding private key can view
An example of a digital envelope is Pretty Good
Privacy (PGP) a popular data cryptography software
and GNU Privacy Guard(GnuPG or GPG) a GPL Licensed
alternative.

A type of security that uses two layers of encryption to

protect a message. First, the message itself is encoded
using symmetric encryption, and then the key to decode
the message is encrypted using public-key encryption.
This technique overcomes one of the problems of
public-key encryption, which is that it is slower than
symmetric encryption. Because only the key is protected
with public-key encryption, there is very little overhead