Encryption algorithms: a primer
Category: Security
A 5 Minute Read
Encryption algorithms are used to secure the content of communications and stored data. An algorithm in general is a recipe for calculations which can be performed automatically by a computer. An encryption algorithm (also called a cipher) encrypts a readable plaintext into an unreadable ciphertext. A cipher can usually also perform the reverse operation of decrypting an unreadable ciphertext into a readable plaintext. For encryption and decryption a cipher needs a key. The security of a cipher depends on the secrecy of the used key. Two general categories of encryption algorithms exist:
Asymmetric ciphers are often computationally expensive, especially for long plaintexts. In such cases hybrid encryption can remedy the problem. In a hybrid cipher a unique session key is generated which is then used to encrypt the plaintext with a symmetric cipher. Afterwards the session key is encrypted with an asymmetric cipher and send together with the ciphertext to the receiver.
Because of the properties of symmetric and asymmetric ciphers explained above, for applications like hard disk encryption typically a symmetric cipher is used (no need to exchange a key). For secure communication via email or chat an asymmetric or hybrid cipher is usually the better solution, because it makes the secure key exchange simpler.
An important encryption concept is the key length (also called key size). Usually larger key lengths are better, but key lengths cannot be compared between algorithms. For example, the symmetric AES algorithm uses key lengths of 128, 196, or 256 bit. The asymmetric RSA algorithm typically uses key sizes between 1024 and 4096 bit, but that doesn’t mean that RSA is more secure than AES. Short key lengths are problematic, because they are easier to attack with brute-force. In a brute-force attack a fast computer is used to try out all possible keys until the correct one is found.
It is important to consider the relation between the length of a user chosen password and the corresponding key length of the underlying encryption algorithm. For example, if you use the rather secure AES algorithm with a key length of 196 bit to encrypt your hard disk, but the corresponding password has only a length of 32 bit you are vulnerable to brute-force attacks.
- Symmetric encryption algorithms: the key used for encryption is the same as the key used for decryption.
- Asymmetric encryption algorithms: the key used for encryption differs from the key used for decryption.
- Something encrypted for a given public key can only be decrypted by the corresponding private key.
-
The reverse operation is a digital signature: Something encrypted (signed) by a private key can only be decrypted (verified) by the corresponding public key.
Asymmetric ciphers are often computationally expensive, especially for long plaintexts. In such cases hybrid encryption can remedy the problem. In a hybrid cipher a unique session key is generated which is then used to encrypt the plaintext with a symmetric cipher. Afterwards the session key is encrypted with an asymmetric cipher and send together with the ciphertext to the receiver.
Because of the properties of symmetric and asymmetric ciphers explained above, for applications like hard disk encryption typically a symmetric cipher is used (no need to exchange a key). For secure communication via email or chat an asymmetric or hybrid cipher is usually the better solution, because it makes the secure key exchange simpler.
An important encryption concept is the key length (also called key size). Usually larger key lengths are better, but key lengths cannot be compared between algorithms. For example, the symmetric AES algorithm uses key lengths of 128, 196, or 256 bit. The asymmetric RSA algorithm typically uses key sizes between 1024 and 4096 bit, but that doesn’t mean that RSA is more secure than AES. Short key lengths are problematic, because they are easier to attack with brute-force. In a brute-force attack a fast computer is used to try out all possible keys until the correct one is found.
It is important to consider the relation between the length of a user chosen password and the corresponding key length of the underlying encryption algorithm. For example, if you use the rather secure AES algorithm with a key length of 196 bit to encrypt your hard disk, but the corresponding password has only a length of 32 bit you are vulnerable to brute-force attacks.
0 Comments