Encryption is frequently talked about in the news, but it's usually on the receiving end of misinformed government policy or taking part of the blame for terrorist atrocities.

That ignores just how vital encryption is. The vast majority of internet services use encryption to keep your information safe.

Encryption, however, is somewhat difficult to understand. There are numerous types, and they have different uses. How do you know the "best" type of encryption, then?

So, how do the major encryption types work? And why shouldn't you use your own encryption algorithm?

Encryption Types vs. Encryption Strength

One of the biggest encryption language misnomers comes from the differences between types of encryption, encryption algorithms, and their respective strengths. Let's break it down:

  • Encryption type: The encryption type concerns how the encryption is completed. For instance, asymmetric cryptography is one of the most common encryption types on the internet.
  • Encryption algorithm: When we discuss the strength of encryption, we're talking about a specific encryption algorithm. The algorithms are where the interesting names come from, like Triple DES, RSA, or AES. Encryption algorithm names are often accompanied by a numerical value, like AES-128. The number refers to the encryption key size and further defines the algorithm's strength.

There are a few more encryption terms you should familiarize yourself with that will make the rest of this discussion easier to understand.

The 5 Most Common Encryption Algorithms

The types of encryption form the foundation for the encryption algorithm, while the encryption algorithm is responsible for the strength of encryption. We talk about encryption strength in bits.

Moreover, you probably know more encryption algorithms than you realize. Here are five of the most common encryption types, with a little information about how they work.

1. Data Encryption Standard (DES)

The Data Encryption Standard is an original US Government encryption standard. It was originally thought to be unbreakable, but the increase in computing power and a decrease in the cost of hardware has rendered 56-bit encryption essentially obsolete. This is especially true regarding sensitive data.

John Gilmore, the EFF co-founder who headed the Deep Crack project, said "When designing secure systems and infrastructure for society, listen to cryptographers, not to politicians." He cautioned that the record time to crack DES should send "a wake-up call" to anyone who relies on DES to keep data private.

Nonetheless, you'll still find DES in many products. The low-level encryption is easy to implement without requiring a huge amount of computational power. As such, it is a common feature of smart cards and limited-resource appliances.

2. TripleDES

TripleDES (sometimes written 3DES or TDES) is the newer, more secure version of DES. When DES was cracked in under 23 hours, the government realized a significant issue was coming. Thus, TripleDES was born. TripleDES bulks up the encryption procedure by running DES three times.

The data is encrypted, decrypted, and then encrypted again, giving an effective key length of 168 bits. This is strong enough for most sensitive data. However, while TripleDES is stronger than standard DES, it has its own flaws.

TripleDES has three keying options:

  • Keying Option 1: All three keys are independent. This method offers the strongest key strength: 168-bit.
  • Keying Option 2: Key 1 and Key 2 are independent, while Key 3 is the same as Key 1. This method offers an effective key strength of 112 bits (2x56=112).
  • Keying Option 3: All three keys are the same. This method offers a 56-bit key.

Keying option 1 is the strongest. Keying option 2 isn't as strong but still offers more protection than simply encrypting twice with DES. TripleDES is a block cipher, meaning data is encrypted in one fixed-block size after another. Unfortunately, the TripleDES block size is small at 64 bits, making it susceptible to certain attacks (like block collisions).

3. RSA

RSA (named after its creators Ron Rivest, Adi Shamir, and Leonard Adleman) is one of the first public-key cryptographic algorithms. It uses the one-way asymmetric encryption function found in the encryption terms article previously linked.

Many facets of the internet use the RSA algorithm extensively. It is a primary feature of many protocols, including SSH, OpenPGP, S/MIME, and SSL/TLS. Furthermore, browsers use RSA to establish secure communications over insecure networks.

RSA remains incredibly popular due to its key length. An RSA key is typically 1024 or 2048 bits long. However, security experts believe that it will not be long before 1024-bit RSA is cracked, prompting numerous government and business organizations to migrate to the stronger 2048-bit key.

4. Advanced Encryption Standard (AES)

The Advanced Encryption Standard (AES) is now the trusted US Government encryption standard.

It is based on the Rijndael algorithm developed by two Belgian cryptographers, Joan Daemen and Vincent Rijmen. The Belgian cryptographers submitted their algorithm to the National Institute of Standards and Technology (NIST), alongside 14 others competing to become the official DES successor. Rijndael "won" and was selected as the proposed AES algorithm in October 2000.

AES is a symmetric-key algorithm and uses a symmetric block cipher. It comprises three key sizes: 128, 192, or 256 bits. Furthermore, there are different rounds of encryption for each key size.

A round is the process of turning plaintext into cipher text. For 128-bit, there are ten rounds. 192-bit has 12 rounds, and 256-bit has 14 rounds.

There are theoretical attacks against the AES algorithm, but all require a level of computing power and data storage simply unfeasible in the current era. For instance, one attack requires around 38 trillion terabytes of data—more than all the data stored on all the computers in the world in 2016. Other estimates put the total amount of time required to brute-force an AES-128 key in the billions of years.

As such, encryption guru Bruce Schneier does not "believe that anyone will ever discover an attack that will allow someone to read Rijndael traffic," outside theoretical academic encryption breaks. Schneiers' Twofish encryption algorithm (discussed below) was a direct Rijndael challenger during the competition to select the new national security algorithm. It's thought that AES will be a quantum-computing proof algorithm, protecting against the vast computing power to come in the future.

5. Twofish

Twofish was a National Institute of Standards and Technology Advanced Encryption Standard contest finalist—but it lost out to Rijndael. The Twofish algorithm works with key sizes of 128, 196, and 256 bits and features a complex key structure that makes it difficult to crack.

Security experts regard Twofish as one of the fastest encryption algorithms and an excellent choice for hardware and software. Furthermore, the Twofish cipher is free for use by anyone.

It appears in some of the best free encryption software, such as VeraCrypt (drive encryption), PeaZip (file archives), and KeePass (open-source password management), as well as the OpenPGP standard.

Should You Make Your Own Encryption Algorithm?

You have seen some of the best (and now-defunct) encryption algorithms available. These algorithms are the best because they are essentially impossible to break (for the time being, at least).

But what about creating a homebrew encryption algorithm? Does creating a secure private system keep your data safe? Put shortly, no! Or perhaps it's better to say no, but...

The best encryption algorithms are mathematically secure, tested with a combination of the most powerful computers in conjunction with the smartest minds. New encryption algorithms go through a rigorous series of tests known to break other algorithms, as well as attacks specific to the new algorithm.

Take the AES algorithm, for instance:

  • NIST made the call for new encryption algorithms in September 1997.
  • NIST received 15 potential AES algorithms by August 1998.
  • At a conference in April 1999, NIST selected the five finalist algorithms: MARS, RC6, Rijndael, Serpent, and Twofish.
  • NIST continued to test and receive comments and instructions from the cryptographic community until May 2000.
  • In October 2000, NIST confirmed Rijndael as the prospective AES, after which another consultation period began.
  • Rijndael, as the AES, was published as a Federal Information Processing Standard in November 2001. The confirmation started validation testing under the Cryptographic Algorithm Validation Program.
  • AES became the official federal government encryption standard in May 2002.

You Don't Have the Resources to Create a Strong Encryption Algorithm

So you see, producing a truly secure, long-lasting, and powerful encryption takes time and in-depth analysis from some of the most powerful security organizations on the planet. Or, as Bruce Schneier says:

"Anyone can invent an encryption algorithm they themselves can't break; it's much harder to invent one that no one else can break."

And that is where the but comes in. Of course, you can write a program that takes your text, multiples the alphabet value of each letter by 13, adds 61, and then sends it to a recipient.

The output is a mess, but the system is functional if your recipient knows how to decrypt it. However, if you use your homebrew encryption in the wild, to send private or sensitive information, you're going to have a bad time. There's a reason we trust messaging apps that use end-to-end encryption rather than just sending messages in plaintext.

There's a further if, too. If you want to learn about encryption and cryptography, experimenting with the development of and breaking a personally developed encryption algorithm is highly recommended. Just don't ask anyone to use it!

Encryption Is Best Left to the Professionals

Encryption is important. Understanding how it works is useful but not imperative to use it. There are plenty of ways to encrypt your daily life with little effort. For example, you could start by encrypting your hard drive or USB flash drive.

What is imperative is realizing that our hyper-networked global community needs encryption to remain secure. There are, unfortunately, a large number of governments and government agencies that want weaker encryption standards. That must never happen.

Tinkering with personal encryption algorithms is absolutely fine. If you want to learn and understand more about encryption, it's one of the best things to do! But unless you're getting that encryption algorithm checked over and tested extensively, it's probably best to keep it as a private endeavor.