Let’s talk about the types of symmetric encryption algorithms. You can read about how symmetric encryption works by clicking here. The types of symmetric encryption algorithms I want to cover today are DES, 3DES, AES, Blowfish, twofish, IDEA, and RC4. Basically the ones that’ll show up on your security+ exam.
Let’s begin with DES. DES stands for data encryption standards. It is a block cipher defined by the US government in 1977 as an official standard. DES is created by IBM (possibly the biggest computer company out there right now). DES has become the most well known and most used cryptosystem since then. The original DES uses 64 bit block size and a 56 bit key. DES can also be used to encrypt data on a hard disk or other mediums as well.
DES have been used for many years until it was replaced by triple DES (3DES) and the AES standard. 56 bit key just wasn’t enough encryption and have been compromised. Multi CPU systems proved the standard could be broken through brute force, so DES created double key length, resulting in 112 bits, then tripling it to 168 bits. DES is now not used anymore because you can easily break it with a freaking mobile phone. However, 3DES is used.
When DES became 3DES, it created 168 bit encryption standard that’s resistant to cryptanlysis because it uses 48 rounds of cryptographic computations. It’s considered 2^56 stronger than DES. However, it’s three times slower than DES. Even though DES has been upgraded to 3DES, it still had security weakness. 3DES have been used in many financial applications to include banking, but now its mainly used in encryption of DVDs, which causes current piracy of home videos. 3DES is basically applying DES three times with different keys in different order. Because it’s slow and it can still be compromised, we use AES instead, which is better and faster.
AES, which is advanced encryption standard, replaced DES. The new standard uses a symmetric block cipher supporting variable block and key lengths, such as 128, 192, and 256 bits. In 2003, government allowed AES to be used for non classified documents, while 192 and 256 bits were required for top secret purposes. AES has not been compromised, but there are speculative theoretical attacks that have been published, to include side channel attacks. Side channel attacks still doesn’t compromise AES, it only reflects implementation scheme and not the algorithm itself.
Now let’s talk about some of the open source symmetric encryption algorithms to include blowfish and twofish. These are on open domain and its free.
Blowfish is a symmetric block cipher that uses 64 bit blocks of data. Its key length is up to 448 bits, and uses 16 rounds of cryptographic computations. It was designed for 32 bit machines and is a lot faster than DES. There is currently no known way to break through 16 rounds of encryption.
Twofish is also a symmetric key block cipher and is similar to blowfish, but uses 128 bit block size and 256 bit key size. It’s a free public domain encryption cipher and is used in open source projects such as openPGP. These have no patent and is on public domain.
IDEA is a symmetric block cipher that uses 64 bit blocks of data with a key length of 128 bits. The data blocks are divided into 16 sections which are subjected to 8 rounds of cryptographic computation. The speed of IDEA in software is similar to that of DES. IDEA is the cipher used in the popular encryption program PGP (pretty good privacy).
RC4 stands for Rivest cypher 4 and it is a symmetric stream cipher created by RSA data security in 1987. It has been used in popular encryption protocols such as SSL, TLS, and also 40 and 128 bit WEP. It utilizes the secure exchange of a shared key. There are weaknesses in the implementations of RC4. WE now use AES cipher the most and RC4 has long disappeared. Using counter mode with cipher block chaining message authentication code protocal (CCMP) with AES 128 is pretty common.