Encryption is frequently talked about in news, but it’s usually on the receiving end of misinformed government policy or taking part of the blame for terrorist atrocities.
That ignores just how vital encryption is. The vast majority of internet services use encryption to keep your information safe.
Encryption, however, is somewhat difficult to understand. There are numerous types, and they have different uses. How do you know what the “best” type of encryption is, then?
Let’s take a look at how some of the major encryption types work, as well as why rolling your own encryption isn’t a great idea.
Encryption Types vs. Encryption Strength
One of the biggest encryption language misnomers comes from the differences between types of encryption, encryption algorithms, and their respective strengths. Let’s break it down:
- Encryption type: The encryption type concerns how the encryption is completed. For instance, asymmetric cryptography is one of the most common encryption types on the internet.
- Encryption algorithm: When we discuss the strength of encryption, we’re talking about a specific encryption algorithm. The algorithms are where the interesting names come from, like Triple DES, RSA, or AES. Encryption algorithm names are often accompanied by a numerical value, like AES-128. The number refers to the encryption key size and further defines the strength of the algorithm.
There are a few more encryption terms you should familiarize yourself with that will make the rest of this discussion easier to understand.
The 5 Most Common Encryption Algorithms
The types of encryption form the foundation for the encryption algorithm, while the encryption algorithm is responsible for the strength of encryption. We talk about encryption strength in bits.
Moreover, you probably know more encryption algorithms than you realize. Here some of the most common encryption types, with a little information about how they work.
1. Data Encryption Standard (DES)
The Data Encryption Standard is an original US Government encryption standard. It was originally thought to be unbreakable, but the increase in computing power and a decrease in the cost of hardware has rendered 56-bit encryption essentially obsolete. This is especially true regarding sensitive data.
John Gilmore, the EFF co-founder who headed the Deep Crack project, said “When designing secure systems and infrastructure for society, listen to cryptographers, not to politicians.” He cautioned that the record time to crack DES should send “a wake-up call” to anyone who relies on DES to keep data private.
Nonetheless, you’ll still find DES in many products. The low-level encryption is easy to implement without requiring a huge amount of computational power. As such, it is a common feature of smart cards and limited-resource appliances.
TripleDES (sometimes written 3DES or TDES) is the newer, more secure version of DES. When DES was cracked in under 23 hours, the government realized there was a significant issue coming its way. Thus, TripleDES was born. TripleDES bulks up the encryption procedure by running DES three times.
The data is encrypted, decrypted, and then encrypted again, giving an effective key length of 168 bits. This is strong enough for most sensitive data. However, while TripleDES is stronger than standard DES, it has its own flaws.
TripleDES has three keying options:
- Keying Option 1: All three keys are independent. This method offers the strongest key strength: 168-bit.
- Keying Option 2: Key 1 and Key 2 are independent, while Key 3 is the same as Key 1. This method offers an effective key strength of 112 bits (2×56=112).
- Keying Option 3: All three keys are the same. This method offers a 56-bit key.
Keying option 1 is the strongest. Keying option 2 isn’t as strong, but still offers more protection than simply encrypting twice with DES. TripleDES is a block cipher, meaning data is encrypted in one fixed-block size after another. Unfortunately, the TripleDES block size is small at 64 bits, making it somewhat susceptible to certain attacks (like block collision).
RSA (named after its creators Ron Rivest, Adi Shamir, and Leonard Adleman) is one of the first public key cryptographic algorithms. It uses the one-way asymmetric encryption function found in the previously linked article.
Many facets of the internet use the RSA algorithm extensively. It is a primary feature of many protocols, including SSH, OpenPGP, S/MIME, and SSL/TLS. Furthermore, browsers use RSA to establish secure communications over insecure networks.
RSA remains incredibly popular due to its key length. An RSA key is typically 1024 or 2048 bits long. However, security experts believe that it will not be long before 1024-bit RSA is cracked, prompting numerous government and business organizations to migrate to the stronger 2048-bit key.
4. Advanced Encryption Standard (AES)
The Advanced Encryption Standard (AES) is now the trusted US Government encryption standard.
It is based on the Rijndael algorithm developed by two Belgian cryptographers, Joan Daemen and Vincent Rijmen. The Belgian cryptographers submitted their algorithm to the National Institute of Standards and Technology (NIST), alongside 14 others competing to become the official DES successor. Rijndael “won” and was selected as the proposed AES algorithm in October 2000.
AES is a symmetric key algorithm and uses a symmetric block cipher. It comprises three key sizes: 128, 192, or 256 bits. Furthermore, there are different rounds of encryption for each key size.
A round is the process of turning plaintext into cipher text. For 128-bit, there are 10 rounds. 192-bit has 12 rounds, and 256-bit has 14 rounds.
There are theoretical attacks against the AES algorithm, but all require a level of computing power and data storage simply unfeasible in the current era. For instance, one attack requires around 38 trillion terabytes of data—more than all the data stored on all the computers in the world in 2016. Other estimates put the total amount of time required to brute-force an AES-128 key in the billions of years.
As such, encryption guru Bruce Schneier does not “believe that anyone will ever discover an attack that will allow someone to read Rijndael traffic,” outside theoretical academic encryption breaks. Schneiers’ Twofish encryption algorithm (discussed below) was a direct Rijndael challenger during the competition to select the new national security algorithm.
Twofish was a National Institute of Standards and Technology Advanced Encryption Standard contest finalist—but it lost out to Rijndael. The Twofish algorithm works with key sizes of 128, 196, and 256 bits, and features a complex key structure that makes it difficult to crack.
Security experts regard Twofish as one of the fastest encryption algorithms and is an excellent choice for both hardware and software. Furthermore, the Twofish cipher is free for use by anyone.
It appears in some of the best free encryption software , such as VeraCrypt (drive encryption), PeaZip (file archives), and KeePass (open source password management) , as well as the OpenPGP standard.
Why Not Make Your Own Encryption Algorithm?
You have seen some of the best (and now-defunct) encryption algorithms available. These algorithms are the best because they are essentially impossible to break (for the time being, at least).
But what about creating a homebrew encryption algorithm? Does creating a secure private system keep your data safe? Put shortly, no! Or perhaps it’s better to say no, but…
The best encryption algorithms are mathematically secure, tested with a combination of the most powerful computers in conjunction with the smartest minds. New encryption algorithms go through a rigorous series of tests known to break other algorithms, as well as attacks specific to the new algorithm.
Take the AES algorithm, for instance:
- NIST made the call for new encryption algorithms in September 1997.
- NIST received 15 potential AES algorithms by August 1998.
- At a conference in April 1999, NIST selected the five finalist algorithms: MARS, RC6, Rijndael, Serpent, and Twofish.
- NIST continued to test and receive comments and instructions from the cryptographic community until May 2000.
- In October 2000, NIST confirmed Rijndael as the prospective AES, after which another consultation period began.
- Rijndael, as the AES, was published as a Federal Information Processing Standard in November 2001. The confirmation started validation testing under the Cryptographic Algorithm Validation Program.
- AES became the official federal government encryption standard in May 2002.
You Don’t Have the Resources to Create a Strong Algorithm
So you see, the production of a truly secure, long-lasting, and powerful encryption takes time and in-depth analysis from some of the most powerful security organizations on the planet. Or as Bruce Schneier says:
“Anyone can invent an encryption algorithm they themselves can’t break; it’s much harder to invent one that no one else can break.”
And that is where the but comes in. Of course, you can write a program that takes your text, multiples the alphabet value of each letter by 13, adds 61, and then sends it to a recipient.
The output is a mess, but if your recipient knows how to decrypt it, the system is functional. However, if you use your homebrew encryption in the wild, to send private or sensitive information, you’re going to have a bad time.
There’s a further if, too. If you want to learn about encryption and cryptography, experimenting with the development of and breaking a personally developed encryption algorithm is highly recommended. Just don’t ask anyone to use it!
Embrace Encryption and Don’t Reinvent the Wheel
Encryption is important. Understanding how it works is useful, but not imperative to use it. There are plenty of ways to encrypt your daily life with little effort. Start by encrypting your hard drive.
What is imperative is realizing that our hyper-networked global community needs encryption to remain secure. There are, unfortunately, a large number of governments and government agencies that want weaker encryption standards. That must never happen.
Do you know what a root certificate is and how it can help you browse the web securely?