A few notes as we come across them on various encryption algorithms. Please note this isn’t intended to be an exhaustive or detailed list of everything, you should carry out your own research before selecting an encryption algorithm, don’t just blindly rely on comments like these here, they may be wrong or out of date!
Easy To Implement Encryption Algorithms
AES is complex and big. Steve Gibson @ Security Now has said he’s done it in assembler but you have to be really careful and even in C is hard to get right.
Popular Encryption Algorithms
AES128 – Used by many encryption apps etc. Good
Very efficient computationally.
Symetric not asymetric which is better for computation power.
AES128 – fine at todays standards. Used by many password apps etc
AES256 – VStrong
Has resisted all attacks despite being quite old. However only has a 64bit block size (give it 64bits to encrypt at a time). This is considered too small these days. However has a slow key setup approach which whilst computationally intensive adds more security compared to other faster key setup methods.
MD5 is completely broken. Widely used and used for many web SSL security certificates. Has recently become vulnerable to attack due to weaknesses that we’re not intended by the original desingners, allowing a new form of attack whereby fake valid SSL certificates have been created appearing to have been signed by a root authority (i.e. thawte etc).
MD5 without a salt is easily cracked by rainbow tables. Many password apps use it to store a hash of the users master password – without a salt its rubbish and the rainbow tables can be used to look up the source password.
Using with a salt removes the rainbow tables reverse engineer method and makes the hash much better.
- For signing documents, sha2 (e. g. sha512)
RC4 Pseudo Random
Very good pseudo random generator widely used (e.g. used for SSL)
A “too-good-to-be-true” cipher. Brilliantly simple, modifying itself slowly but just enough to thwart attacks even though it does leak information about its state.
Its 25 years old now but its proved to be really simple and really good with current attacks being on the periphery of practicality.
768bits has been cracked so need to use 1024 or 2048 to be secure.
Was secure and a better algorithm to MD5 as long as it was salted. However it is now broken (2020-02) and can be reliably cracked, albeit with expensive hardawre.
SHA-1 provides only 80 bits of security
SHA2 is the successor of SHA1. The SHA-2 family consists of six hash functions with digests (hash values) that are 224, 256, 384 or 512 bits: SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256. It works the same way than SHA1 but is stronger and generates a longer hash.
SHA-256 is the most popular hash function in the SHA-2 family at the time of writing. It provides 128 bits of security for digital signatures and hash-only applications
Considered: Good although fast to carry out on GPU”s. For password hashes bcrypt is preferred as it is more costly to crack as it can’t be run more efficiently on GPU’s.
Hash is a one way function – it cannot be decrypted back. This makes it suitable for password validation, challenge hash authentication, anti-tamper, digital signatures.
SHA-512 is the largest hash function in the SHA-2 family of hash functions. SHA-512 provides 256 bits of security to digital signatures and hash-only applications.