YOUR TECH NAVIGATOR|TECH CENTRAL

This is the last post of our Encryption series. You can read the rest of the posts by following the link on the side bar.

The following are the most common encryption algorithms:

1. AES (Advanced Encryption Standard): AES is a block cipher adopted as an encryption standard by the US government. AES was developed by two Belgian cryptographers, Joan Daemen and Vincent Rijmen, and is therefore also called ‘Rijndael’ (however, AES is not precisely Rijndael, as Rijndael supports a larger range of block and key sizes).

AES has a fixed block size of 128 bits and a key size of 128,192 or 256 bits. AES is fast in both software and hardware, is relatively easy to implement, and besides, it requires little memory. As a new encryption standard, it is currently being deployed on a large scale.

2. Blowfish: Blowfish is another widely used encryption standard. It is a block cipher algorithm developed by Bruce Schneider. Blowfish is a variable-length key algorithm. The most common key lengths are 128-bit and 160-bit.

3. DES: DES has a fixed key length of 56 bits. DES is a block cipher algorithm developed by the National Institute of Standards and Technology (NIST) Data Encryption Standard.

4. Triple DES: Triple DES is a version of DES that encrypts a message or file three times using the DES 56-bit key. A plain text message or file is encrypted. The encrypted message is again encrypted, and the twice-encrypted message is encrypted a third time using DES.

5. RC4: RC4 is a stream cipher developed by RSA Data Security, Inc. The key-length is variable but typically limited to 40 bits. A 40-bit version of RC4 is also used by MS Office 97 for data encryption.

6. Message Digest (MD): MD is also sometimes referred to as a digital fingerprint. It is a number which is calculated from all the information in a message through the use of a cryptographic hash function, and which can be used to verify the data integrity of the message. Any change to the message, even of a single bit, typically results in a dramatically different message digest.

A message digest algorithm is considered ’secure’ if it is not computationally feasible to determine the content of a message from its message digest, nor to find ‘collisions’, wherein two different messages have the same message digest. In order to increase speed, most digital signature algorithms specify that only the digest of the message be ’signed’. Message digests can also be used in the generation of pseudorandom bits. SHA-1, MD5, and RIPEMD-160 are among the most commonly used message digest algorithms.

Encryption is often oversold as the solution to all security problems. However, there are threats that it does not address, but cryptography’s limitations are less recognized.

Time and power: Encryption may end up hogging a lot of time as well as power. The task of encryption as a whole is a time consuming one and it also takes up a lot of CPU cycles-this may retard system performance to a considerable extent, and if the pressure mounts, you stand to lose your entire data.

Poor usage: Encryption may lead you to a sense of false security. It’s not as if by encrypting the data, you can solve all your security problems. Make sure that you still pay enough attention to network and operating system security. Many users tend to disregard fundamental security practices for a file if it is encrypted. This becomes a security flaw because as we know, certain information should never be transmitted-encrypted or not. So it’s vital to remember that information security requires much more than just encryption. Make sure to always maintain the standard security procedure-authentication, configuration management, good design, access controls, firewalls, audting, security practices, and security awareness training.

Key length and cryptanalysis: Cryptanalysis is the study of trying to break ciphers. The most common method used by cryptanalysts is the brute force method.

Brute force means that the user tries all keys till the end result resembles estimated plain text. Given enough time and computing power, and/or special hardware, all key-based algorithms are theoretically breakable depending on the time and computing resources available. For example a 56-bit key algorithm broken in 1995 was said to have taken one week and about 120,000 processors

Encryption can be deceptive: Encryption becomes redundant if the intruder is able to penetrate your system and access the plain text data directly from the stored files. Intruders can access memory contents by means of modifying network protocols, placing key loggers or using Trojans to get access to keys or plain text data or to completely subvert the encryption process. Also, be wary of rumors regarding encryption. Claims such as ‘encryption could stop computer crackers’ are false. Encryption does nothing to protect one against the many common methods of attack. These may include those that exploit bad default settings or vulnerabilities in network protocols or software.

Bugs: Finally, even with the strongest encryption algorithms, you can never be hundred percent sure that there are no loopholes or bugs. They are after all, codes which are bound to have alternate ways to hack, which might make passwords etc easy to hack. This in turn means that no matter how good your encryption is, the supposedly secured information can still be read

But there’s a small catch. True, public key is ultra secure, but it comes at a huge price- it’s generally anywhere from 100 to 1000 times slower than the equivalent single key encryption. This is basically due to the overhead associated with the calculation of the tremendous mathematical relationship between public and private keys.

Another prime variable that affects the encryption is the key length used by the algorithms. The key length is basically the number of bits used for the encryption key.

All tools encrypt data in blocks, and the key length for modern encryption algorithms varies from 128 bits to 448 bits and beyond. The most common key lengths used are 64-bit, 128-bit, 256-bit and 448-bit. The most secure keys today are the ones with ‘pattern-less’ algorithms that can be attacked only by “brute force’
, thait is ,by trying every possible combination. Algorithms that use longer keys are generally more secure for the simple reason the longer the key, the more possible combination exist.

The biggest drawback with secret key cryptography is the issue of handling the distribution of the keys. The recipient needs to be in possession of the secret key before you can send the encrypted data. Making sure that the key gets distributed securely is again a risky deal. But symmetric key algorithms-due to their speed-are usually preferred over key encryption where a huge chunk of data is concerned.
But if you want a higher level of security, public key or asymmetric key algorithms are a better deal.

Public key encryption is considered significantly more secure than symmetric key encryption, not because of the algorithms used-in fact, the algorithms used in both types are equally secure but because the method of key transmission is so much more secure.

Going back to our earlier example where you need to send your tender document to your boss, this is what you would do using the public key algorithm: your boss would generate a set of keys - public key and private key. He would then send you the public key, which you would use to encrypt the document, and you would transmit only this encrypted document back. And he would use the other key of the pair (private key) to decrypt the data. So, unlike symmetric key encryption, here the private key (actual key used to unlock the data) is never transmitted. So even if you publish your public key on the front page of the Times of India, as long as your private key is with you, your data is safe.

Encryption basically applies various mathematical algorithms and jumbles plain-readable text into scrambled cipher-text,which is unreadable until it’s unscrambled back .

Two prime factors that you have to take into consideration while encrypting are the types of algorithms and key length used by the tools.

Encryption algorithms can be of two basic types: symmetric (single-key) algorithms, which are comparatively faster but less secure, and asymmetric (public key) algorithms that are slower but more secure than the normal single-key techniques.

Symmetric algorithms use the same key for both encryption and decryption. For example, if you were to transfer the details of your tender to your boss, using symmetric key algorithms this is what you would do: generate a secret key, encrypt the data using that key and mail the encrypted data. Later, you wouId have to transmit the secret key to your boss either by mail, fax or phone. On receiving the key, your boss would be able to decrypt the data. Now even if your competitors were to intercept this transaction, they would not have the key to decrypt the data. So essentially, the data would be worthless without the decryption key.