Symmetric Key Encryption Algorithms =================================== This document contains a summary of the characteristics of several popular symmetric key encryption algorithms. + DES - Data Encryption Standard. A NIST Federal Information Processing Standard (FIPS PUB 46). Adopted originally in 1977, last reaffirmed in 1999. Has been withdrawn as a standard. - Key size: 56 bits - Block size: 64 bits - Somewhat controversial. Some details of the design were classified. - Strength: Mathematically strong. Despite its age, the algorithm is relatively resistant to linear and differential cryptanalysis. However, the key is too short to resist serious brute force attacks. Algorithm still considered good enough for light to medium duty use. - Good execution performance; especially with hardware implementations. - May be freely implemented (public government standard). + Triple DES with two keys (C = Ek1[Dk2[Ek1[P]]]) - Effective key length of 112 bits. Too much to brute force directly. - Strength: Difficult to attack mathematically, but some results suggest that it might be possible. + Triple DES with three keys (C = Ek3[Dk2[Ek1[P]]]) - Effective key length of 168 bits. Far too much to brute force directly. - More secure than triple DES with two keys. Widely used. One significant disadvantage is that it is relatively slow due to the three encryption operations. + IDEA - International Data Encryption Algorithm. Developed in 1990 by Xuejia Lai and James Massey of the Swiss Federal Institute of Technology. Revised in 1991 to improve its strength against differential cryptanalysis. - Key size: 128 bits - Block size: 64 bits - Easy to implement in either hardware or software. - Considered very strong - Patented. The patent expired in 2007. + Blowfish - Developed by Bruce Schneier in 1993. - Key size: 32 bits to 448 bits - Block size: 64 bits - Easy to implement in software. Very fast encryption. However, there is a large set-up time required whenever the key is changed, making it a poor choice for situations where keys change frequently. Uses a modified Feistel network. - Strength: Considered strong. No known practical attacks (some weak keys but they can be easily avoided). - Unpatented. Developed specifically for open usage. + RC5 - Developed by Ron Rivest in 1994. - Key size: 8 bits to 2040 bits. - Block size: 32, 64, or 128 bits. - Strength: Considered strong (provided a sufficiently large key is used). - Patented. + RC6 - One of five AES finalists. + CAST-128 - Developed by Carlisle Adams and Stafford Tavares. - Internet standard (RFC-2144) - Key size: 40 bits to 128 bits. - Block size: 64 bits - Strength: Considered strong. - May be freely implemented. From RFC-2144: "The CAST-128 cipher described in this document is available worldwide on a royalty-free basis for commercial and non-commercial uses." + Rijndael, pronounced: "Rhine-Dahl" - Developed by Joan Daemen and Vincent Rijmen (the name of the algorithm is a combination of the inventor's names). Accepted by NIST as a Federal Information Processing Standard (FIPS PUB 197) in November 2001. Winner of the Advanced Encryption Standard (AES) competition to find an encryption algorithm to replace the aging DES family. - Key size: 128 bits, 192 bits, or 256 bits. - Block size: 128 bits. - Strength: Considered strong. Recent results [1] have shown that the algorithm can be attacked more efficiently than brute force. However, the attack is impractical because either a) an absurd about of ciphertext is necessary or b) the amount of time required is still obscenely long. - Variation of the Square Algorithm; not a Feistel network. - Can be implemented with a small memory footprint (useful in embedded devices and smart cards). Fast execution. - May be freely implemented (public government standard). + TWOFISH - Designed by Bruce Schneier as a successor to BLOWFISH for the AES competition. - 128-bit block - 128, 192, or 256-bit key - 16 rounds. - May be freely implemented (unpatented). + REDOC II - Designed by Michael Wood for Cryptech, Inc. - Key size: 160 bits. - Block size: 80 bits. - Strength: Apparently secure. Not extensively analyzed. - A much faster variant, REDOC III is not secure. - Patented. + MARS - One of five AES finalists + Serpent - One of five AES finalists + LOKI91 - Key size: 64 bits. - Block size: 64 bits. - Strength: Key too small. Under certain circumstances, a weakness allows a brute force attack to be done four times faster than what is implied by the key size. - An earlier algorithm named LOKI89 is not secure and should not be used. - Unpatented. Free to use in all applications. [1] See the Wikipedia page on AES: https://en.wikipedia.org/wiki/Advanced_Encryption_Standard