Data encryption is the process of converting readable text into a meaningless sequence of symbols using a specific algorithm. Without the key, this text cannot be decoded back. Almost every modern internet service relies on encryption technologies, and Sayt.uz infrastructure is no exception. Customer sites, databases and files are protected by multiple layers both while stored on the server and while communicating with the outside world.
Symmetric versus asymmetric encryption
Encryption algorithms fall into two large families. Symmetric algorithms use a single key for both encrypting and decrypting. The most popular one is AES, with key lengths of 128, 192 or 256 bits. It runs fast and is ideal for large volumes of data. Asymmetric algorithms use two keys — a public one and a private one. RSA and ECC belong to this category. They are slower but essential for key exchange and digital signatures.
At-rest encryption — disks and databases
At-rest encryption protects data that sits on the server but is not currently in use. If a disk gets stolen or a backup file ends up in the wrong hands, unencrypted data is readable directly. From an encrypted disk, nothing can be extracted. On Sayt.uz servers, entire disk partitions are encrypted with LUKS or dm-crypt using AES-256. MySQL databases use transparent data encryption, which automatically encrypts table files as they are written to disk.
In-transit encryption — moving through the network
In-transit encryption protects data while it travels from one point to another. The core protocol here is TLS. When a browser connects to a site, a TLS handshake happens first: the certificate is verified, keys are exchanged, and only after that the real data flows through the encrypted channel. All SSL certificates on Sayt.uz support TLS 1.2 and 1.3, and older vulnerable versions are completely disabled.
Key management and rotation
The weakest point of encryption is not the algorithm — it is how the key is stored. If the key sits hardcoded in the source or is used for years without change, the whole protection becomes meaningless. Good practice requires keeping keys in dedicated vault systems and rotating them periodically. In the Sayt.uz infrastructure, master keys live inside HSM modules or HashiCorp Vault, and working keys are automatically rotated every 90 days.
Hashing and how it differs from encryption
Many people confuse hashing with encryption, but they are completely different things. Encryption is a reversible process — with the key, the original text can be recovered. Hashing is one-way: from a hash, you cannot get back the original text. Passwords must be stored with hashing, never with encryption. User passwords on Sayt.uz are stored using bcrypt, with a unique salt added for each password.
Sayt.uz in practice
On the Sayt.uz platform, data encryption comes by default — no extra payment is required. Every plan includes disk encryption, database encryption and mandatory HTTPS. SSL certificates start at 95 thousand soum per year, and Wildcard certificates from 380 thousand. According to 2026 figures, 97 percent of our customers use HTTPS, and zero incidents involving unencrypted server disk data have been recorded. Corporate plans support HSM-based key management and FIPS 140-2 grade encryption.