Symmetric encryption algorithms
Categories: cryptography
There are a very large number of algorithms around, so how should you decide which to use? The simple answer is: if in doubt use Rijndael - but this requires a little more justification. Here are the main technical features you should look at:
- The key should be sufficiently large to guard against brute force attacks. It needn’t be excessively large as this can cause problems in managing keys efficiently. Generally 128 to 256 bits is normal.
- The block size should be sufficiently large to guard against dictionary attacks, but again very large blocks can be inefficient. 128 bits is the norm, 64 bits is marginally acceptable.
- The algorithm should not use excessive memory or processor resources.
A final important factor is that the algorithm should be trustworthy - it is generally better to use a well respected, tried and tested algorithm rather than a proprietary algorithm.
In addition, some algorithms have very specific features, often relating to how efficiently they can be implemented in different situations. Some algorithms are particularly suited to being implemented in hardware, or on very basic CPU's (eg in a smart card), some use very little memory, some are capable of highly efficient implementation on 64 bit processors, etc. Often these special features come at the expense of trustworthyness (which is not to say that there is necessarily anything wrong with the algorithm, it is simply that these algorithms will not have gone through the extremely broad and rigorous analysis that Rijndael has).
Here are a selection of popular algorithms. There are many, many others which are not mentioned here.
Rijndael
Rijndael is the current AES (Advanced Encryption Standard) algorithm. It is regarded as highly secure for virtually all purposes, and also fits other criteria such as efficiency and ease of implementation.
The slightly odd name is derived from the names of its two Belgian inventors, and is pronounced "Rain Dahl" (rather than "Region Deal").
The algorithm uses a block size of 128 bits. The key length can be 128, 192 or 256 bits.
Twofish
Twofish is an AES runner up. It is a popular algorithm despite (or perhaps because of) not being the standard.
Some people prefer to use Twofish because they feel that Rijndael is a bigger target for crackers and therefore is more likely to be broken. Other people, of course, would argue that Rijndael has been attacked and analysed extensively, and is still standing, whereas Twofish hasn’t been put through quite the same rigours. In truth, for most practical purposes both algorithms are perfectly good.
The algorithm uses a block size of 128 bits. The key length can be 128, 192 or 256 bits.
Blowfish
Blowfish is an algorithm developed by the respected cryptography expert Bruce Schneier. It is designed to be fast and simple. It also allows for a variable key length up to 448 bits (considerably larger than other algorithms).
Blowfish is popular algorithm, because of its unique features (and maybe to some extent due to its author’s reputation).
The algorithm uses a block size of 64 bits, which might be considered slightly marginal. The key length can be anything up to 448 bits.
DES
DES (Data Encryption Standard) was originally adopted as a standard in the late 1970’s. By modern standards it is not considered particularly secure, mainly because it’s keylength (effectively 56 bits) is too small.
However, it remained the standard algorithm for a long period of time, and so it still exists in a good many systems.
DES uses a block size of 64 bits and a key size of 64 bits. However, the key is processed within the algorithm to reduce its effective size to 56 bits.
Triple DES
Triple DES (DES3) was an attempt to extend the life of the tried and tested DES algorithm by increasing its key length. It is quite a simple idea: you encrypt the data, then you encrypt it again with a different key, then you encrypt it again with another different key. To decrypt the data you need to know all 3 keys, which gives an effective key size of (3*56) = 168 bits.
As we will see later, the actual algorithm is not quite as simple as the description above, but it uses the same basic concept.
See also
- Symmetric encryption
- Applications of symmetric encryption
- Symmetric block ciphers
- Cryptographic modes
- Block padding methods
- Attacks on symmetric ciphers
- Cryptographic hashes
- Strong hashing functions
- Applications of hashes
- Common hash algorithms
- Attacks on hash algorithms
- Iterative hashes
- Message authentication codes
- Common MAC algorithms
- HMAC algorithm
- Key derivation
- Dictionary attacks on keys
- Key derivation using hash functions
- Salting
- Key derivation using random number generators
- Key derivation standards
Sign up to the Creative Coding Newletter
Join my newsletter to receive occasional emails when new content is added, using the form below:
Popular tags
555 timer abstract data type abstraction addition algorithm and gate array ascii ascii85 base32 base64 battery binary binary encoding binary search bit block cipher block padding byte canvas colour coming soon computer music condition cryptographic attacks cryptography decomposition decryption deduplication dictionary attack encryption file server flash memory hard drive hashing hexadecimal hmac html image insertion sort ip address key derivation lamp linear search list mac mac address mesh network message authentication code music nand gate network storage none nor gate not gate op-amp or gate pixel private key python quantisation queue raid ram relational operator resources rgb rom search sort sound synthesis ssd star network supercollider svg switch symmetric encryption truth table turtle graphics yenc