When it comes to encryption, you should always use the algorithm that's right for the job and has been extensively...
and publicly tested -- something the cryptographic community won't have had the chance to do with brand-new algorithms.
Let's have a look at some of the most widely used symmetric and asymmetric algorithms and how to evaluate the best encryption method for your enterprise.
Types of symmetric encryption algorithms and use cases
For most people, encryption means converting plaintext to ciphertext using the same key, or secret key, to encrypt and decrypt it. This is called symmetric encryption, which is relatively fast compared to other types of encryption, like asymmetric encryption.
The most widely used algorithm in symmetric key cryptography is the Advanced Encryption Standard, or AES. It is the successor to the Data Encryption Standard (DES), which, with insecure 56-bit key lengths, was replaced with AES by NIST in 2001. AES comprises three block ciphers -- AES-128, AES-192 and AES-256 -- each of which is deemed sufficient to protect government-classified information up to the Secret level, with Top Secret information requiring either 192-bit or 256-bit key lengths.
Other common symmetric encryption algorithms include Blowfish, Twofish, Triple DES (3DES) and Rivest Cipher 4 (RC4). Attacks in the 2000s and 2010s revealed weaknesses in the RC4 algorithm, and its use in Transport Layer Security was prohibited by the Internet Engineering Task Force in February 2015. While some symmetric encryption algorithms, like AES, use block ciphers, others use stream ciphers, like RC4. Symmetric encryption types, like 3DES and AES, are often used by VPN products. Other uses of symmetric encryption include payment applications, validations, and random number generation or hashing.
Types of asymmetric encryption algorithms and use cases
Unlike symmetric encryption algorithms, asymmetric algorithms use two interdependent keys: one to encrypt the data and one to decrypt it. This interdependency provides a number of different features, the most important probably being digital signatures. Among other things, digital signatures are used to guarantee that a message was created by a particular entity or authenticate remote systems or users.
One of the most common asymmetric encryption algorithms is the Diffie-Hellman (DH) key exchange, which enables two parties to exchange cryptographic keys in a secure manner, regardless of whether the communication channel is public or private. RSA (Rivest-Shamir-Adleman) is another widely used asymmetric encryption algorithm. Based off DH, it is often used in e-commerce protocols and is believed to be secure given sufficiently long keys and the use of up-to-date implementations. Asymmetric cryptography use is also common in cryptocurrencies, such as Bitcoin.
Elliptic curve cryptography (ECC) is another type of asymmetric encryption growing in popularity. Based on elliptic curve theory, ECC uses algebraic functions to generate security between key pairs.
A cryptographic hash function has a somewhat different role compared to other cryptographic algorithms. It is used to return a value based on a piece of data, a file or a message, for example. Any accidental or intentional change to the data will change this hash value.
A good hash algorithm should make it impossible to either create an initial input that produces a specific hash value or allow the original input to be calculated from the hash value. MD5 and Secure Hash Algorithm (SHA) 1 were widely used hash algorithms that are now considered weak. They were depreciated in 2014 and were replaced by SHA-224, SHA-256, SHA-384 and SHA-512, collectively referred to as SHA-2. SHA-3 -- composed of SHA3-224, SHA3-256, SHA3-384 and SHA3-512, as well as two extendable output functions, SHAKE128 and SHAKE256 -- was released in 2015. SHA-3 was labeled a backup standard, rather than a replacement for SHA-2.
Symmetric vs. asymmetric: Which is better?
When choosing an encryption algorithm, it's important to consider the type of data being encrypted. High-risk data, such as confidential customer information, needs stronger encryption than marketing plans, for example.
Performance is another key factor. In general, asymmetric encryption is slower than symmetric encryption due to the creation of two keys instead of one. The main disadvantage of symmetric key cryptography, however, is that all parties involved have to exchange the key used to encrypt the data before they can decrypt it, and key exposure is a concern.
In asymmetric cryptography, the keys are never distributed and, therefore, are more secure. It is also impossible to derive a private key from a public key. If, in an asymmetric schema, an individual loses his key, however, he can't decrypt messages. Authentication also can be a concern in asymmetric cryptography because users and systems need to ensure the public key is authentic and belongs to the person or entity that claims it does. This is where using a public key infrastructure or an encryption program that provides authentication comes in.
Symmetric and asymmetric encryption algorithms each have different vulnerabilities. Symmetric cryptography is vulnerable to attacks that include brute force, chosen plaintext and known plaintext, as well as differential and linear cryptanalysis. Asymmetric cryptography is subject to brute force and man-in-the-middle attacks. Additionally, if hackers know a user's key, they can use it to decrypt and read the data.
In many scenarios, such as SSL, both symmetric and asymmetric algorithms are used to boost security. As asymmetric encryption is much slower than symmetric encryption, data typically is encrypted with a symmetric algorithm, and then the comparatively short symmetric key is encrypted using asymmetric encryption. This enables the key necessary to decrypt the data to be securely sent to other parties along with the symmetrically encrypted data. In another example, Secure/Multipurpose Internet Mail Extensions uses an asymmetric algorithm -- public/private key algorithm -- for nonrepudiation and a symmetric algorithm for efficient privacy and data protection.
The landscape of cryptography is constantly changing. To stay abreast of the latest developments, follow the news and recommendations from standards bodies, such as NIST.
Is it time to prepare for post-quantum cryptography?
Read up on the strength of 3DES
Learn more about elliptic curve cryptography
Dig Deeper on Disk and file encryption tools
Related Q&A from Michael Cobb
WhatsApp vulnerabilities can enable hackers to bypass end-to-end encryption and spoof messages. Expert Michael Cobb explains how these attacks work ... Continue Reading
Disabling Google location tracking involves more than turning off Location History. Learn how to manage your account settings to stop tracking ... Continue Reading
Compared to TLS 1.2, TLS 1.3 saw improvements in security, performance and privacy. Learn how TLS 1.3 eliminated vulnerabilities using cryptographic ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.