Shared Secret / Symmetric
This is the classical type of encryption. The same password is used to encrypt the message as is used to decrypt the message. While many different algorithms exist the ones presented below are considered standards because they have been extensively rev
iewed by the internet community worldwide and their strengths/weaknesses are well documented. It should be noted that current US law forbids the export of (symmetric) ciphers utilizing keys in excess of 56 bits.
IDEA-
Swiss Algorithm very strong it is the backbone to PGP very fast up to 128 bit key
Advantage: Tested algorithm, high security, fast.
Blowfish-
Relatively new 64bit block cipher Invented by cryptographer Bruce Schneier current implementations are available to 448bit keys It is several orders of magnitude stronger than DES, .
RC4-
Fast stream cipher, it is the crypto behind SSL and is considered secure in the 128 bit implementations. The "export grade" version is worthless.
DES-
Industry Standard fast but is relatively insecure. It is the most widely used encryption algorithm in the world. Generally it should be avoided when possible.
Public Key / Asymmetric
These are a relatively recent class of algorithms discovered in the late 70’s.. They are constructed of a two part key. One key is used to encrypt the data while the other is key is used to decrypt the data. Given one key and an encrypted message it is
mathematically very difficult to determine the other key.
RSA-
Public Key encryption relying on the fact that as numbers get geometrically larger the time it takes to factor them increases exponentially . It is the public key scheme in PGP.
One Way Digests
These are hashing algorithms that translate an indefinite length of data into a fixed length unique hash. They are useful in digitally sealing a message since it is next to impossible that two different messages can have the same "fingerprint" (digest)
hence given a message fingerprint you can be sure of the message integrity
MD5 128 bit message digest used to ensure that messages haven't been altered
SHA 160 bit message digest used to ensure that messages haven't been altered
How Secure is secure?
This question is often a raised by people.
There are several ways to break encryption. The most straight forward is to key space the algorithm, that is guess every possible combination. A well engineered algorithm (such as those presented here) should be relatively immune to the currently known
forms cryptoanalysis.
DES:
The Data Encryption Standard typically comes in two strengths 40 bit and 56 bit. The 40 bit
variety (known as secure socket layer) is the same encryption that web browsers use to protect credit card orders over the internet.
40 bit strength means there are 2^40 possible keys. On average 2^39 keys must be tried before a correct match will be found. Computer chips currently exist for about $10 US that are capable of testing 200 million DES keys/second. Such a card would be capable of trying half the possibl
e keys in 5 hours. If the forces of evil were to spend $300,000 US to build a purpose built computer they could recover a 40 bit key in 0.07 seconds. Ten million dollars would get it to them in 0.005 seconds. (This is twice as fast as a computer can write
to its hard drive) 40 bit DES offers no protection from large corporations or governments, and 56 bit provides only slightly more protection.
IDEA:
Using a similar technique as outlined above on a 128 bit IDEA key it would take approximately 2.2 x 10^24 seconds. If the planet earth is assumed to be 3 billion years old, it would take over 20 thousand times longer than the planet has been in existence
to key space a 128 IDEA key.
This could be thought of differently. If the amount of energy required to change a 0 to 1 (remember that all computers are binary adding machine at the chip level) is XXXX to key space a 128 bit IDEA key on average would require that 2^127 bits be flip
ped. If we assume a super efficient computer with almost no thermal loss (<-currently this is very unrealistic) it would take XXXX joules of energy to keyspace a 128 bit key. By comparison when a star the size of the sun goes super nova it is estimated to
produce XXXX joules of energy. Not even the NSA (the FBI evil big brother) could afford that electric bill.
RSA:
Recent advances in factoring theory have significantly reduced the time required to factor large numbers, however with current technology to factor a 2048 bit key would take approximately 4 x 10^14 mips-years. That is a computer capable of one million ins
tructions per second would have to work for 10^14 years to crack the key. In general if your computer can handle it, in RSA bigger is better and much bigger is much better.
From these examples it should be evident that brute forcing "strong encryption" is impractical. When faced with strong encryption the forces of darkness must resort to other methods. These fall into two categories: cryptoanalysis (guessing the message
content based on relative frequency of letters in a language) and password attacks. Most well conceived algorithms (such as IDEA and Blowfish) are relatively immune to cryptoanalysis. Password attacks are a function of the user. The strongest encryption w
ill not protect against a poorly chosen password!
Passwords should be chosen that make it harder to brute force the password than brute forcing the algorithm.
Since there are 94 possible characters (not including alt-shift characters) it would require 20 COMPLETELY RANDOM characters to create a password that was as strong as 128 cipher. Password attacks often amount to trying a specially crafted wordlist to
see if any of the words match your password. If you use good passphrase hygiene they won't. Remember your freedom and the freedom of others communicating with you may depend on it.
Resources:
cryptome.org
