Sistema de blogs Diarium
Universidad de Salamanca
Pablo Gallardo's Blog
My professional web log about IT, Cybersecurity & Project Management
 

Encryption Algorithms

 

 

Symmetric Key Cryptographic Systems

  • Data Encryption Standard (DES)
  • Triple DES (3DES)
  • Advanced Encryption Standard (AES)
  • Rivest Ciphers (RC) family
    • RC4
    • RC5
    • RC6
  • Blowfish
  • Twofish
  • International Data Encryption Algorithm (IDEA)
  • Skipjack
  • CAST family
    • CAST-128
    • CAST-256
  • Serpent
  • Camellia
  • Kuznyechik

Asymmetric Key Cryptographic Systems

  • Rivest Shamir Adleman (RSA)
  • Merkle-Hellman Knapsack
  • Elliptic Curve Cryptography (ECC)
  • Diffie-Hellman
  • ElGamal
  • Digital Signature Algorithm (DSA)
  • DSA
  • Fortezza

One-way Hash/Message Digest Algorithms

  • MD family
    • MD2
    • MD4
    • MD5
  • Secure Hash Algorithm (SHA) Family
    • SHA-1
    • SHA-2
      • SHA-256
      • SHA-384
      • SHA-512
    • SHA-3
  • Whirlpool
  • Streboog
  • RIPEMD
  • Hash of Variable Length (HAVAL)
  • Hash Message Authentication Code (HMAC)
  • PANAMA
  • TIGER
  • ADLER32
  • CRC32

Symmetric Key Cryptographic Systems

As of 2021, NIST recommends AES.

 

Data Encryption Standard (DES)

DEPRECATED

It is vulnerable to brute-force attacks due to its limited key length (56-bit).

Withdrawn by NIST.

Triple DES (3DES)

Proposed extension of DES standard that retains backward compatibility. It applies the DES cipher algorighm three times to each data block.

Advanced Encryption Standard (AES)

Winner of the AES contest. It was originally known as Rijndael (pronounced “rhine-doll”).

Public algorithm that supports keys from 128 to 256 bits in size.

Recommended by NIST.

RC Family

RC4

DEPRECATED

Stream-cipher often used in SSL/TLS protocol sessions.

It is used in the WLAN standard WEP.

RC5

It is a parameterized algorithm with a variable block size, a variable key size, and a variable number of rounds. The key size is 128-bits

RC6

RC6 is a symmetric key block cipher derived from RC5 with two additional features.

Blowfish

Blowfish is a type of symmetric block cipher algorithm, designed to replace DES or IDEA algorithms
Developed by Bruce Schneier.

Twofish

Developed by Bruce Schneier, the same as Blowfish.

It was finalist in the AES Contest.

The creator of Blowfish recommends Twofish over its own cypher.

Skipjack

Skijack was approved by U.S. government as the Escrowed Encryption Standard (EES). It required escrow procedures within the U.S. Government.

CAST family

It comes in two forms:

  • CAST-128
  • CAST-256

CAST-128

CAST-128 uses a maximum of key size of 128 bits.

CAST-256

CAST-256 uses a maximum of key size of 256 bits.

Serpent

It was finalist in the AES Contest.

International Data Encryption Algorithm (IDEA)

IDEA was intended as a replacement for DES.

It is incorporated in Pretty Good Privacy (PGP) v2.

Less common than the others.

Camellia

Less common than the others.

Included in VeraCrypt software.

Kuznyechik

Less common than the others.

Included in VeraCrypt software.

Asymmetric Key Cryptographic Systems

RSA is the most popular asymmetric algorithm.

Rivest-Shamir-Adleman (RSA)

The most popular asymmetric algorithm, and currently a worldwide standard.

Proposed in 1977 by Ronald Rivest, Adi Shamir and Leonard Adleman.

The main drawback lies in the length of the keys (between 1024 and 4096 bits) and the complexity of calculations for encoding and decoding.

RSA started with a patent on its algortithm, but it was released into the public domain in 2000.

Merkle-Hellman Knapsack

DEPRECATED

It was published soon after RSA.

It was broken in 1984.

Elliptic Curve Cryptography (ECC)

Published in 1985 independently by mathematicians Neal Koblitz (University of Washington, USA) and Victor Miller (IBM, USA).

It has higher speed at encrypting/decrypting with significantly shorter keys than other algorithms (between 256 and 512 bits). Providing the same level of protection, ECC keys are 12 times shorter than RSA.

Providing the same level of protection ECC double size of symmetric encryption keys.

Because of its lighter processing demands, it is used on mobile phones.

ECC depends on the ellipitic curve discrete logarithm problem.

A variant is Elliptic Curve Digital Standard Algorithm (ECDSA), specified in ANSI X9.62. This algorithm is listed in Digital Signature Standard (DSS) by NIST.

Diffie-Hellman

One of the earliest practical examples of public key exchanges.

ElGamal

Published in 1985 by Egyptian Dr. Taher Elgamal, who worked then for Netscape.

It is an extension of Diffe-Hellman algorithm.

It did not obteain a patent, so it has always been in the public domain. Because of this, it was an patent-free alternative to RSA until 2000, when RSA was released into the public domain.

The ciphertext encrypted wiht this algorithm doubles the size of the plain text; this is considered one of its drawbacks.

Digital Signature Algorithm (DSA)

It is specified by NIST in Federal Information Processing Standards (FIPS) 186-4, also known as Digital Signature Standard (DSS).

It is a variant of an algorithm by Taher Elgamal.

Fortezza

Used by US Government.

One-way Hash Functions

One-way hash or message digest algorithms.

SHA-2 is the standard, though SHA-3 is more secure but more difficult to implement.

MD Family

MD2

DEPRECATED

MD4

DEPRECATED

MD5

DEPRECATED

SHA Family

They are supported by NIST through the publication of Secure Hash Standard (SHS), also known as FIPS 180.

SHA-1

DEPRECATED

Developed by NSA. It has been substituted by its successor SHA-2.

SHA-2

SHA-2 contain different has functions, like SHA-256 (one of the most popular), SHA-384 and SHA-512.

Validated by NESSIE project and NSA.

SHA-3

SHA-3 has been announced by NIST in the event a successful attack is developed against SHA-2.

SHA-3 uses the sponge construction in which message blocks are XORed into the initial bits of the state, which is then invertibly permuted

Whirlpool

Validated by NESSIE project and ISO.

RACE Integrity Primitives Evaluation Message Digest (RIPEMD)

RACE Integrity Primitives Evaluation Message Digest (RIPEMD) is a 160-bit hash algorithm developed by Hans Dobbertin, Antoon Bosselaers, and Bart Preneel. There exist 128, 256 and 320-bit versions of this algorithm, called RIPEMD-128, RIPEMD-256, and RIPEMD-320, respectively. These all replace the original RIPEMD, which was found to have collision issue. It does not follow any standard security policies or guidelines.
It is used on cryptocurrencies like BitCoin.

Hash of Variable Length (HAVAL)

DEPRECATED

Hash of Variable Length (HAVAL) is a modification of MD5.

HAVAL was broken in 2004.

Hash Message Authentication Code (HMAC)

Hash message authentication code (HMAC) is used in HMAC-based One-Time Password (HOTP) standard to create one-time passwords.

PANAMA

No info about this.

TIGER

No info about this.

ADLER32

No info about this.

CRC32

No info about this.

 

Encryption Standards

NIST’s Digital Signature Standard (DSA)

Digital Signature algorithms included in Digital Signature Standard (DSA), issued by NIST:

  1. Digital Signature Standard (DSA)
  2. Elliptic Curve Digital Signature Standard (ECDSA)
  3. RSA

 

You might be also interested in…

 

External References

  • VeraCrypt application
  • HashCalc application; SlavaSoft
  • “CISSP Official Study Guide Ninth Edition”, Mike Chaple, James Michael Stewart, Darril Gibson; Sybex; 2021; Chapter 6 “Cryptography and Symmetric Key Algorithms”, pp. 247-252
  • “CISSP Official Study Guide Ninth Edition”, Mike Chaple, James Michael Stewart, Darril Gibson; Sybex; 2021; Chapter 7 “PKI and Cryptographic Applications”, pp. 264-271
  • “CISSP Official Study Guide Ninth Edition”, Mike Chaple, James Michael Stewart, Darril Gibson; Sybex; 2021; Chapter 7 “PKI and Cryptographic Applications”, pp. 271-274
pmgallardo

About pmgallardo

I studied Computer Science at University of Salamanca. Since then, I have been working first as developer and then as SAP consutant. This blog is about problems I dealt when using computers, and more important, the solutions I found. Whenever I am on an issue and suddenlly I have a flash that leads me to a solution, I document my discoveries in a post.

, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

No comments yet.

Leave a Reply


*

Política de privacidad
Studii Salmantini. Campus de excelencia internacional