Symmetric key cryptography
The most basic form of encryption is one in which the same key is used to both encrypt and decrpt a message. The person sending the message uses the key to encrypt it. The person recieving the message uses the same key to decrypt it, or directly reverses whatever encryption algorithm was used.
So both sender and reciever are both using the same key, which is why this system is known as symmetric key encryption.
There’s one big disadvantage with this system – the key has to be distributed without being intercepted along the way by a third party, as the security of this encryption is largely dependent on this.
Symmetric encryption is mostly categorised as stream cipher or block cipher. A stream cipher system will encrypt each bit of data at a time in serial, and there’ll probably be a system that changes the key each time a bit is encrypted.
Block cipher systems work on set blocks of plaintext, encrypting each one individually with the key.
There are several types of block cipher:
Electronic Code Book (ECB) – This is a pretty direct method, as a block of plaintext is encrypted into a ciphertext block. The same plaintext will always generate the same block of ciphertext. Possibly the easiest to break with cryptanalysis.
Cipher Feedback (CFB) – In this system, a section of data can be smaller than the the block, and in this case the extra bits are later discarded while it’s decrypted. This makes any cryptanalasys more difficult, providing a bit of extra security.
Output Feedback (OFB) – This system is a lot more secure as the ciphertext will be different each time the same block of plaintext is encrypted.
Common Symmetric Key Systems:
DES – The Data Encryption Standard is one of the most common ones in use today, and has been in use since the 1977. It’s not considered very secure because of the relatively small key size.
Triple DES – This is a variant of DES that encrypts the same block three times with up to three different keys. The key size will be the same as in DES.
DESX – Another variant of DES with the key length extended to 120 bits.
AES – The Advanced Encryption Standard is far more secure than DES. The key lengths can vary between 128-bit and 256-bit.
RC4 – This stream cipher system uses variable length keys.
RC5 – This is a more flexible system where the block size, key length and block encryptions can be varied.
Blowfish – Designed specifically for 32-bit processors, it’s faster and more secure than DES. Key length can be up to 448-bit.
KASUMI – Developed as a block encryption system for mobile devices, but providing the same level of security.
Asymetric Key Cryptography
This was a very important development which enables Internet commerce and financial transactions to be done securely without a secret key being distributed each time. In this system, one key is distributed openly and used to encrypt data, and the other key is kept secret and used to decrypt the same data.
This is made posssible with one-way mathematical functions – calculations that are almost impossible to reverse. So while the two keys are both mathematically related, and one (the public key) can be distributed to anyone, it will be extremely difficult to determine the secret key from this.
Common Asymetric Key Systems:
RSA – This is the most common system for public-key encryption, especially for secure transactions over the Internet and for message authentication.
D-H – Diffie Hellman’s encryption system is used for key exchange only.
DSA – Digital Signature Algorithm is used mainly for message authentication.
ECC – Elliptic Curve Cryptography provides a highly secure encryption with much smaller key sizes, making this perfect for devices with limited processing capacities, such as PDAs, mobile phones and smart cards.
This isn’t used so much for encryption as for checking file integrity. Basically, a hash function for any file can be generated to create a digital fingerprint. It’s almost impossible to alter the file in any way without changing the hash function of that file, so this is a good way of checking if a file has been changed or corrupted. It’s also widely used for checking that downloaded files are exactly the same as the ones still on the server, which is why there’s sometimes an MD5 number on the download page of a web site.
Another application of hash functions is the encryption of passwords for operating systems. A file stores the hash functions for all the registered passwords, and when the user enters a password to log in, the hash function of that is checked against the list to see if there’s a match. The advantage of this is that the original password can’t be recovered from its hash function.
The commonly used hash systems are:
MD2 – Message Digest. Used in devices with limited processing capacities.
MD5 – Message Digest. Used a lot for checking file integrity.
SHA – Secure Hash Algorithm.
RIPEMD – Developed for 32-bit processor systems.