What is the strongest encryption algorithm?
Since time began people have been looking for ways to hide their valuable information from each other. In the early days of civilized man they would make a simple pattern change to an alphabet, or substitute other letters or numbers into their written messages, to successfully hide their private information. With these simple steps early cryptography was born.
In our modern day world, with the invention of computers, networks and the internet, we are faced with a situation where our private information is available digitally in many forms and in many more places than most of us would like. Cryptography plays a major part in every person's life more than most laypeople realize. Encryption of our medical, financial, tax and personal information is vital to keeping our information out of the hands of those who wish to do us wrong.
Many encryption algorithms exist today to help keep our information secure. These algorithms vary in their complexity and ability to resist cracking. Some of the most popular encryption algorithms developed to date are DES, TripleDES, RC2, RC4, Blowfish, Twofish and Rijndael. Each are symmetric encryption algorithms meaning simply that they use the same key to both encrypt and decrypt data.
While the encryption component varies in each encryption algorithm, they all serve the same basic purpose to keep information as private as possible and insure it is only seen by those with a need to see it. Software providers often bundle multiple encryption algorithms into an encryption library for use by programmers. Many offer .NET encryption libraries for secure internet transmission of highly sensitive data such as personal financial and medical data. When you logon to a website with a URL which starts with HTTPS the "S" shows you that your data is being encrypted by likely one of the following ciphers.
In the early 1970's IBM developed the Data Encryption Standard (DES) cipher. The Data Encryption Standard Algorithm (DEA) uses a short 56 bit key length and a 64 bit block size. DEA is a simple Feistel network block cipher. For many years the DES cipher was the standard used by the United States and other governments around the world. Using simple brute force attacks, DES has been cracked in less than twenty four hours. For this reason DES is considered to be an out-dated and easily hacked encryption option.
As an improvement on DES, in the late 1970's IBM developed the Triple Data Encryption Standard (TDES). The Triple Data Encryption Algorithm (TDEA) is simply the DEA used three times in succession. It is this successive use which makes TDEA much harder to crack than DEA. TDES solves the problem of the too-short 56 bit key length used in DES by utilizing a key length of 168 bits. This longer key length guards against a brute force attack. While TDES is seen as theoretically able to be cracked it is not practical to do so with current technology. TDES is still being widely used in financial transactions today and is seen as being fairly secure.
In the late 1980's the "Rivest Cipher," or RC2 encryption algorithm was developed. Developed by Ron Rivest, the RC2 block cipher algorithm uses a 64 bit block size and variable key length. RC2 uses a source-heavy Feistel network with 16 rounds of mixing and 2 rounds of mashing. RC2 was originally created for use by Lotus in their Lotus Notes messaging software. As an early cipher it was good for it's time and remained a secret for a few years before it became publicly available via the internet. RC2 is vulnerable to attack using 234 chosen plaintexts. RC2 is seen as a fairly easily cracked cipher and not an optimal solution for today's encryption needs.
After the invention of RC2, Ron Rivest improved on it with the creation of RC4, which is also known as ARC4 or ARCFOUR. (The "A" stands for "alleged" because the RSA has never released the algorithm to the public and although it is believed to be known, no one really knows for sure what it looks like.) RC4 is a software stream cipher and currently the standard encryption used in SSL and WEP wireless applications today. For these applications it is considered "secure enough" however, RC4 is vulnerable to crack because it is known to not be as "random" as necessary for encryption. RC4 is better than it's predecessor RC2 but is not recommended for use in new applications today which require higher levels of security.
In the early 1990's Bruce Schneier developed the Blowfish cipher. Blowfish is a symmetric key block cipher which uses a 64 bit block size and variable key length. The key in Blowfish can vary from 32 bits to 448 bits in length. Blowfish is a very secure cipher however it is generally been replaced by Twofish and Rijndael due to it's small 64 bit block size. Blowfish is one of the fastest block ciphers developed to date. Blowfish does slow considerably however when changing keys. This slowness kept Blowfish from being used in some applications. It's interesting to note also that Blowfish was created to allow anyone to use encryption free of patents and copyrights. Blowfish has remained in the public domain to this day.
After the development of Blowfish, its developer Bruce Scherier went on to improve upon it and developed Twofish. Twofish is also a symmetric key block cipher but uses a larger block size of 128 bits and variable key sizes up to 256 bits. Twofish is faster than Blowfish yet slightly slower than Rijndael for 128 bit keys. However, Twofish it is faster than Rijndal for 256 bit keys. While Twofish is said to be vulnerable to a truncated differential cryptanalysis attack, it has not yet ever definitively been broken. Blowfish is considered to be a very strong encryption algorithm.
In 2002 the United States Government adopted a new encryption standard, Advanced Encryption Standard (AES) to replace the previous and outdated standard DES. AES is also known as Rijndael after it's Rijndael symmetric block cipher developed by two Belgian cryptographers by the names of Vincent Rijmen and Joan Daemen.
Rijndael is the most popular symmetric key block cipher used today. It uses a block size of 128 bits with a variable key length of 128 bits to 256 bits. While DES and many other ciphers used a Feistel network, Rijndael uses a substitution-permutation network. This substitution-permutation network allows Rijndael to perform fast in both software and hardware applications. Rijndael is simple to implement and uses very little system memory.
Rijndael is used for both classified and non-classified government information today and is seen as being practically crack-proof. While the algorithm is seen as being theoretically able to be cracked, it is not a realistic threat with today's level of technology. Brute force attacks against Rijndael have proven ineffective to date. Side channel attacks, which work to attack the implementations of the cipher rather than the cipher itself, have proven that a crack of Rijndael is possible but not a practical concern unless the crack is running on the same server as the encryption is happening on.
Below is a comparison table outlining the basics for the most popular ciphers. Clearly Rijndael is the most secure cipher out there but it is not always the one required to get the job done.
Comparison Table of Popular Encryption Algorithms
|Algorithm||Created By||Key Size||Block Size||Algorithm Structure||Rounds||Cracked?||Existing Cracks|
|Rijndael||Joan Daemen & Vincent Rijmen in 1998||128 bits, 192 bits, 256 bits||128 Bits||Substitution-Permutation Network||10, 12 or 14||No||Side channel attacks|
|Twofish||Bruce Schneier in 1993||128 bits, 192 bits or 256 bits||128 bits||Feistel Network||16||No||Truncated differential cryptanalysis|
|Blowfish||Bruce Schneier in 1993||32-448 bit in steps of 8 bits. 128 bits by default||64 bits||Feistel Network||16||No||Second-order differential attack|
|RC4||Ron Rivest in 1987||Variable||Variable||Stream||Unknown||Yes||Distinguishers based on weak key schedule|
|RC2||Ron Rivest in 1987||8-128 bits in steps of 8 bits. 64 bits by default||64 bits||Source-Heavy Feistel Network||16 Mixing 2 Mashing||Yes||Related-Key attack|
|TripleDES||IBM in 1978||112 bits or 168 bits||64 bits||Feistel Network||48||No||Theoretically possible|
|DES||IBM in 1975||56 bits||64 bits||Feistel Network||16||Yes||Brute force attack, differential crypanalysis, linear cryptanalysis, Davies' attack|
Date of article: 7/16/2008
This article is copyrighted © 2008 by Kellerman Software. All rights reserved. Permission is hereby granted to link to this article. Please contact firstname.lastname@example.org for pricing on reprinting this article in either online or print publications.