| certifications | security - David Brown
7 Common Encryption Algorithms: Explained
The internet was founded on principles of openness and broad access. But those concepts are not helpful when you're trying to send sensitive information over a public network. The challenge is to keep important information hidden from prying eyes, and safe from the attacks of those with criminal intent.
The solution to the problem is to alter the data in such a way that only certain people can read it. That feat is accomplished by encryption algorithms, which is one of the topics covered on the CompTIA's Security+ exam.
What is an Encryption Algorithm?
You may remember from middle school algebra that an algorithm is a mathematical formula used to solve a particular problem. An algorithm is fashioned according to a standard set of rules so that anyone using it will achieve the same results.
An encryption algorithm is a mathematical procedure that uses meaningless ciphertext to scramble and obscure a piece of text. The same algorithm is used to unscramble a message in a process known as decryption.
7 Encryption Types and Examples: Explained
There are two types of encryption, as we discussed at length in a recent article. Symmetric encryption, also known as private key encryption, involves the use of only one key by both the sender and receiver. Organizations may use symmetric encryption for bulk data transfer because it is generally faster and more efficient.
Asymmetric encryption, on the other hand, uses both a public key and a private key to encrypt and decrypt data. Also referred to public key encryption, asymmetric encryption is generally more secure, but can be slower and less efficient due to its complexity. This type of encryption is commonly used to make websites secure with SSL/TLS and to provide the security technology behind digital certificates.
With all that out of the way, let's take a look at seven widely used encryption algorithms.
1. Triple DES (3DES)
Based on the older Data Encryption Standard (DES) algorithm, 3DES applies the DES algorithm three times to the same block of text. 3DES is a symmetric algorithm that uses the block cipher method.
From the outset, the 56-bit DES algorithm was deemed inadequate simply because it is too short. TripleDES is currently used for electronic payments, such as credit card transactions.
Rivest-Shamir-Adleman (RSA) is a public-key encryption algorithm that is often associated with the Diffie-Hellman key exchange method (see below). An RSA modulus is generated using two prime numbers. The modulus is then used to derive both the public and private keys.
You might call Diffie-Hellman a public key exchange method, but some have classified it as an algorithm. Diffie-Hellman is commonly used to share private keys across public networks. You could also call it a key agreement protocol, because it determines the private key to be used by both parties after a series of data exchanges. It has been used for decades for the sharing of private keys in symmetric encryption solutions.
Twofish is another symmetric block cipher algorithm. It was created by Bruce Schneier to replace the less secure Blowfish algorithm. Twofish uses something called an S-box (substitution box) as part of its encryption method. The good thing is that Twofish supports key sizes up to 128 bits, making it resistant to brute force attacks. Twofish is another symmetric block cipher algorithm.
The Advanced Encryption Standard (AES) is a block cipher that comes in three sizes: AES-128, AES-192 and AES-256. In AES, data is put into an array and a series of transformations are performed (called rounds). AES encryption is sufficient to protect governments secrets as well as sensitive corporate data.
The International Data Encryption Algorithm (IDEA) uses a 128-bit key and also works on a system of rounds. IDEA is a block cipher that was used for an email privacy technology called Pretty Good Privacy (PGP). Data is transmitted in 64-bit blocks.
The 64-bits are divided into 4 portions of 16 bits each. During each round, the sub-blocks are transformed individually. IDEA uses substitution and transposition to scramble data.
RC6 is also a symmetric-key block cipher algorithm, but with a slight twist. The blocks are variable in length rather than fixed. The rounds that the data undergoes during transformation are also variable. RC6 can handle blocks up to 128 bits, and the key size can be anywhere from 0 to 2040 bits.
It is an improvement on previous encryption algorithms RC5 and RC4. RC6 is a parameterized algorithm, which means it adds an extra layer of complexity to encryption.
The problem of turning plain text into something unreadable is solved by transforming it using complex mathematical processes. Encryption algorithms modulate text in various ways to keep it hidden in plain sight. Some algorithms are stronger and more reliable than others. An algorithm's reliability is determined by intense testing by the National Security Agency (NSA) and others.
Some of these algorithms arose in response to calls to replace contemporary algorithms like AES. Older algorithms are often considered obsolete, while others have been revised into newer versions. The confidentiality of data depends on effective encryption algorithms to defend against the constant onslaught of cyberattacks. The modern internet would not be possible without them.