Wednesday 17 September 2008

Types of Encryption

IPSEC

IPSec (IP Security) is based on the concept of a shared secret. The encoding and decoding of the information can only be done if the two devices share a piece of key information. This means that the data can be captured but not understood unless the third party shares the secret.

IPSec was designed to support the secure exchange of packets at the IP Layer. IPSec supports two modes of operation, Transport and Tunnel. Tunnel is the most secure and is the one we are most likely to be familiar with as it is widely used in the VPN domain.

The primary protocol used by IPSec for exchanging the secret is called Internet Key Exchange (IKE). Most of the IKE exchange process is based on a mechanism called OAKLEY, which works with assorted key exchange modes. Another similar mechanism also used by IKE is SKEME, this supplies IKE with the method of Public Key Encryption and its fast re-keying facility.


RSA / RC4

RSA was developed by three mathematicians, Ron Rivest, Adi Shamir and Lee Adleman. This system used a Public and Private Key. It is probably the most popular method for Public Key Encryption, and digital signatures, in use today.

RC4 was also invented by Ron Rivest and is used in certain commercial systems such as Netscape and Lotus Notes. It has a bit size of 2048 which makes it a fast and strong cypher.


DES / 3DES

DES (Data Encryption Standard) was developed by the US Government in 1977 as an official standard. It is used in many areas within computer security including UNIX password security. DES is a block cipher that uses 56 bit keys. When the standard was developed 56 bit encryption was virtually unbreakable, however the technology now available can break the 56 bits encryption within an unacceptably short timeframe.

3DES encrypts the data three times and uses a different key for at least one of the passes, which gives it a cumulative key size of 112-168 bits. A much stronger encryption standard.


Blowfish

BLOWFISH is a symmetric block cipher similar to IDEA or DES. The key length can be between 32 to 448 bits. Bruce Schneier designed BLOWFISH in 1993 as a free and fast alternative to the existing encryption algorithms. BLOWFISH is gaining acceptance as a strong and flexible encryption algorithm.


IDEA

IDEA (International Data Encryption Algorithm) was developed by Dr Lai and Professor Massey in Switzerland in the early 1990’s. The idea (pun intended!) was to replace the DES standard. The same key is used for encryption and decryption and like DES it works with 8 bytes at a time.

However IDEA uses a 128 bit key. A 128 bit key is currently defined as unbreakable using any technology currently available. IDEA is a fast algorithm, and as it has even been implemented in some hardware chipsets it can be extremely fast given the right equipment.


AES

AES (Advanced Encryption Standard) is a block cipher that has been adopted by the US Government. Two Belgian cryptographers Joan Daeman and Vincent Rijden developed AES as Rijndael. AES is fast in both software and hardware, is relatively easy to implement, and requires little memory. As a new encryption standard, it is currently being deployed on a large scale.

In June 2003, the US Government announced that AES may be used for classified information:

"The design and strength of all key lengths of the AES algorithm (i.e., 128, 192 and 256) are sufficient to protect classified information up to the SECRET level. TOP SECRET information will require use of either the 192 or 256 key lengths. The implementation of AES in products intended to protect national security systems and/or information must be reviewed and certified by NSA prior to their acquisition and use."


CAST

CAST is available with a key size from 40 to 128 bits. It is a DES like cipher. It features an absence of weak and semi-weak keys. It is a good candidate for general purpose use throughout the internet community. CAST is available in two variations: CAST-128 and CAST-256.


Key Systems

There are two main types of encryption system, Symmetric and Asymmetric.

Symmetric Key Cryptography
With this system the sender and receiver of a message use a single common key to encrypt and decrypt the message. The symmetric system is the simplest and fastest type of encryption, but the main drawback is that the two involved parties must somehow exchange the key in a secure manner. Symmetric key cryptography is sometimes known as Secret Key Cryptography. Probably the most popular symmetric key system at the time of writing is DES. A big advantage of Symmetric Key Encryption over Asymmetric Key Encryption is speed.
Click here for More Information


Asymmetric Key Cryptography
With the asymmetric system two keys are used. A public key to encrypt messages and a private key to decrypt them. The advantage of public key encryption is that the public key can be made available easily to anybody (in fact it has to be for the system to work) and this avoids the problem that faces symmetric key encryption which involves the secure exchange of a single key. The private key is never transmitted.


Hashing

A Hash is a signature for a piece of data. It is always the same size regardless of the size of the source data. Hashing is a one way process, the Hash cannot be converted back to the data that was the source of the Hash. Some common types of Hashing Algorithms are MD4, MD5 and SHA-0.

The smallest change to a piece of source data can produce an entirely different Hash. Hashes are used in a number of ways, the most popular ways in which Hashes are used is for Passwords and File Verification.

Passwords
If we store passwords as clear text it would be possible for a hacker to view and read the passwords. If however a Hash is stored instead, an attacker can view but not read the passwords. This means he cannot know what password generated the Hash. When a legitimate user attempts to login their password is run through the same Hashing Algorithm and the output from this operation is compared to the Hash value stored in the password file. If the Hash values match then access is granted, if not then an incorrect password was input and access will be denied.

File Verification
If you download some software from a website you cannot be sure that what you received what was the author intended you to receive. One way to ensure that you have an original unchanged copy of the software is to compare the Hash value of the software with the published Hash value for that particular download. If these differ, then your software is different to the version you were intended to receive.

www.artenscience.co.uk
Honest Expert Independent Technology Advice for Business

1 comment:

security said...

hi there,

Your posts are always very interesting, What encryption do you recommend for email archiving?

Keep up the good work with this blog.