This topic names some of the best known encryption algorithms, and describes how to choose what algorithm to use.
Two things that your SSL software may let you choose are the algorithm and the key length to be used for encryption. One thing to consider in choosing is how easy the code will be to crack.
In general, for the same algorithm, the longer the key the harder the code is to break. This is simply because a would-be attacker can easily use a computer to try key after key until hitting on the right one. The longer the key, the longer it takes to generate all possible numbers of that length, looking for the right one. You need a key that is so long that even with the most powerful computers this would take an impracticably long time.
Of course, computers are constantly becoming more powerful. Therefore, the length of key considered necessary is constantly increasing as the years pass. At the time of writing (early 2005), a key length of 128 bits is generally considered adequate for reasonable security using a symmetric algorithm, while with an asymmetric algorithm 2048 bits is considered adequate.
In choosing which algorithm to use, there are several factors to consider.
Cryptography, the invention of new algorithms and of ways to break the codes they create, is a branch of mathematics that is constantly advancing. Attempts to crack a particular algorithm are often undertaken by serious researchers anxious to confirm whether the algorithm is really secure.
It may be possible for an expert cryptographer to find a mathematical way of breaking an algorithm, or it may be vulnerable to a "brute force" attack - just trying different keys until the correct one is found.
Just because an algorithm has been cracked in the past does not necessarily mean you must not use it - you should consider whether your data is valuable enough to tempt a hacker to devote the resources that have been shown to be needed to crack it.
Two problems with all symmetric algorithms are that the key has to be known to both sender and receiver, and so it could be intercepted when being sent from one to the other; and that if the same key is used for all your messages, any eavesdropper who finds out the key can decrypt all your messages.
In this section we briefly describe some of the best-known symmetric (secret key) algorithms.
A symmetric algorithm that treats the message to be encrypted as a continuous stream of bits is called a stream cipher. A symmetric algorithm that splits the message up into chunks and encrypts each chunk is called a block cipher. The only stream cipher to have been widely used is RC4.
RC4 was designed by Ron Rivest of RSA Security in 1987. It stands for "Rivest Cipher 4", or alternatively for "Ron's Code". RC4 is a widely-used cipher. (There are related algorithms RC2, RC5 and RC6.)
One of the most well-known secret key algorithms is the US Data Encryption Standard (DES). It was published in 1977. In the past the US government encouraged users to adopt this as the main or only secret key algorithm in use. In 1998, it was shown that a dedicated hacker with moderate computer power can crack it (see EFF DES cracker project), but it is often considered secure enough for some trivial uses. It is to be replaced as a US standard by the Advanced Encryption Standard (AES).
DES uses a fixed key length of 64 bits. Of these, 8 are used for parity, so in effect the key is 56 bits long.
A variation on DES is simply to encrypt the message three times in succession, using DES. One long key is split into three shorter keys, one for each encryption, so the overall key length is three times that of regular DES. Triple DES is usually written as 3DES. It is considered secure enough for most uses
This is US standard FIPS-197, and is designed as a replacement for DES. It uses an algorithm designed by Joan Daemen and Vincent Rijmen (see csrc.nist.gov/CryptoToolkit/aes/rijndael/Rijndael-ammended.pdf, and known as the Rijndael algorithm.
AES is currently considered secure for commercial use.
This was developed by Bruce Schneier of Counterpane Labs. It is used in a great many products, and is standard in the OpenBSD operating system. For details see www.counterpane.com/blowfish.html.
Blowfish is currently considered secure for commercial use.
This too was developed by Bruce Schneier, and is efficient when implemented in hardware and smart cards. For details see www.counterpane.com/twofish.html.
Twofish is currently considered secure for commercial use.
The two best known asymmetric (public key) algorithms are D-H and RSA.
Whitfield Diffie and Martin Hellman were the first to show, in a paper published in 1976, that a code could be devised that was encoded using one key and decoded using another.
James Ellis wrote a paper in 1970 on similar work done by himself and Clifford Cocks, but it was covered by the UK's Official Secrets Act, and was not published until many years later.
Using the Diffie-Hellman (D-H) algorithm, one key is specifically for encryption and the other for decryption - you can't use them the other way around. This makes it unsuitable for a PKI system as normally used.
It was Ron Rivest, Adi Shamir, and Leonard Adleman who later developed an algorithm where you could use either key to encrypt. This is known as the RSA algorithm. This made possible the full use of asymmetric encryption for the purposes we have discussed - certificates, non-repudiation, etc, as well as confidentiality - and thus made PKI systems possible.
As explained in the chapter SSL, a hash is created by applying an algorithm that combines the characters of a message in some way to produce a string that is meaningless but nevertheless can be regarded as characteristic of the message - the chances of any other message, subjected to the same algorithm, giving the same hash are tiny.
It is neither necessary nor desirable that the hash should be unique; the algorithm should be such that the hash does not contain enough information to reconstruct the original message. So there actually will be other messages (though a tiny subset of the set of all possible messages) that would give the same hash. This important property of a good hashing algorithm is called irreversibility. Nevertheless, it should be difficult to deliberately create two messages that produce the same hash. This property is called collision-resistance.
Just as with encryption, there are various well-known algorithms used for hashing, and your SSL software may let you choose which it uses.
A hash is sometimes known as a message digest, although RFC2828 recommends against using this term.
This is probably the most commonly used hash function. It produces a 128-bit hash. It has largely superseded earlier MD functions (for example, MD2, MD4). It is defined in RFC1321.
MD5 has been shown to be vulnerable to collisions in some applications. It can still be used for most purposes in SSL, but SHA is now preferred for new applications.
The Secure Hash Algorithm (SHA) is a US standard, developed by the National Institute of Standards and Technology (NIST). SHA-1 is a revised version, published in 1994. It produces a 160-bit hash, which is more secure than MD5's 128-bit hash. It is defined in RFC3174 .
There are several further revisions of SHA, described on the NIST Web site at www.csrc.nist.gov/cryptval/shs.htm.
It is expected that a revision of SHA will replace MD5 as the most popular hashing algorithm.
As explained earlier, a digital signature on a message consists of an encrypted hash of the message - first the message is hashed, and then the hash is encrypted using the private key of the signatory (usually a CA).
The recipient can check the signature by decrypting it using the signatory's public key, then hashing the message him/herself and comparing the two results.
Many methods of hashing are possible, combining different encryption algorithms with different hashing algorithms. One is particularly worth mentioning.
This is a US standard. It specifies that SHA-1 is to be used for the hashing, and a specially designed asymmetric algorithm called Digital Signature Algorithm (DSA) is to be used for the encryption. DSA can only be used for signing, not for other encryption.
DSS and DSA are defined in FIPS PUB 186
Copyright © 2009 Micro Focus (IP) Ltd. All rights reserved.