# Encryption Algorithms

In our previous blog post ‘Encryption‘ wherein we explained encryption and different encryption methods. This blog post is subsequent to that and here we will explain different types of encryption algorithms that are most commonly used in cyber-security world.

## Types of Encryption Algorithms

- Triple DEC/DEC
- RSA
- AES
- Blowfish
- Twofish
- MD5
- SHA
- HMAC

### Triple DES or DES/3DES

Data Encryption Standard encryption algorithm was first used and endorsed by US Government in 1977. DES encryption algorithm forms the basis for ATM PIN authentication and also utilized in UNIX encryption password. DES is a block cipher with 64-bit block size and uses 56-bit keys.

Triple DES or 3DES was designed as a more secure and stronger encryption algorithm to replace the original version of DES algorithm. Triple DES encrypts the data three times with three different individual keys of 56-bits each, which makes the total cumulative key length up to 112-168 bits long.

### RSA

RSA is a public-key encryption algorithm and a standard for encrypting sensitive data sent over an insecure network like the Internet.

RSA encryption algorithm was first introduced by Rivest, Shamir and Adleman at Massachusetts Institute of Technology in the year 1977. It is with reference to these three individuals that this method of encryption was named as RSA (Rivest-Shamir-Adleman).

RSA, a public-key cryptography, is an asymmetric encryption which uses two different but mathematically linked keys for encryption and decryption. In RSA encryption algorithm, a public-key is used for encryption and a private-key for decryption. The public-key could be shared with others but the private-key must always be kept secret.

RSA is one of the most popular and widely used encryption algorithm for encryption and digital signatures in the cyber-security world today.

### AES

AES or Advanced Encryption Standard is an encryption algorithm that was announced and approved by the United States National Institute of Standards and Technology (NIST) in November 2001. AES replaced DES encryption algorithm and became a standard encryption technique for the US government in 2002.

AES encryption algorithm was developed by two cryptographers from Belgium, Joan Daemen and Vincent Rijmen, who submitted it to NIST where it was approved. AES, originally named Rijndael, is a family of ciphers with different key and block sizes.

AES encryption algorithm comprises of three block ciphers of 128-bits, 192-bits and 256-bits. Although encryption with AES 128-bits is quite strong and efficient, 192-bits and 256-bits key is used for higher grade of encryption.

AES is a symmetric encryption algorithm and uses a single private-key for both encryption and decryption processes. AES encryption algorithm is used by numerous organizations worldwide apart from being trusted by the US government.

### Blowfish

Blowfish is a symmetric block cipher that was developed and introduced by Bruce Schneier in 1993 as an alternative to the encryption algorithms existing at that point in time.

Blowfish has a 64-bit block size and a variable key length from 32-bits up to 448-bits. Blowfish encryption algorithm splits a message into the blocks of 64-bits and then encrypts the blocks individually.

Blowfish is unpatented and a free to use encryption algorithm, easily available in the public domain.

### Twofish

Twofish is a block cipher encryption algorithm based on Blowfish encryption algorithm. Twofish was one of the five finalists at NIST to replace DES encryption algorithm where NIST eventually selected and standardized the Rijndael algorithm, commonly known as Advanced Encryption Standard (AES) algorithm.

Twofish is a symmetric key block cipher with a block size of 128-bits and key size ranging from 128-bits to 256-bits. Twofish algorithm being a symmetric encryption technique uses a single key for encryption and decryption.

Twofish encryption algorithm was designed by a team of cyber-security experts led by Bruce Schneier at Counterpane Labs in the year 1998. Like Blowfish, Twofish is also unpatented, license-free, free-to-use and available in public domain.

### MD5

MD5 Algorithm was developed by Professor Ronald L. Rivest of MIT in 1991, and is widely used to verify data integrity. MD5 is a one-way hash function which creates a 128-bit hash value, and is most commonly used in digital signature applications.

MD5 algorithm has been optimized for 32-bit machines and was designed to replace MD4, an earlier hash function also designed by Rivest.

MD5 algorithm verifies data integrity by processing a variable-length message into a fixed-length output hash of 128-bits. MD5 algorithm is sometimes also referred to as Message-Digest algorithm.

### SHA

SHA or Secure Hash Algorithm is a family of cryptographic functions which includes SHA-0, SHA-1, SHA-2 and SHA-3.

SHA algorithms are component of SSL certificates to verify data integrity, that is to ensure that the data has not been modified.

SHA-1 cryptographic hash function that was designed by the United States’ NSA in 1995. However, SHA-1 is no longer considered to secure enough and post 2010 many cyber-security experts have recommended the use of SHA-2 or SHA-3 as a replacement to SHA-1. Most of the popular browsers would stop the support for SHA-1 based SSL certificates.

SHA-2 is also designed by NSA and was first published in 2001. SHA-2 is a set of cryptographic hash functions which includes six hash functions of different digest sizes: SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, and SHA-512/256.

SHA-3, formerly named Keccak, was designed by cryptographers Guido Bertoni, Joan Daemen, Michael Peeters, and Gilles Van Assche and was approved by National Institutes of Standards and Technology (NIST) as a part of a competition which received 64 submissions from all over the world. Subsequently, SHA-3 standard was released by NIST in August 2015.

### HMAC

HMAC or Hash-based Message Authentication Code (HMAC), first published in 1996, is a type of message authentication code that involves both a secret cryptographic key and hash function. HMAC simultaneously verifies the data integrity and authenticates the message.

In HMAC, the message and the key are hashed in separate steps which adds to the security of HMAC. The cryptographic strength of HMAC is dependent on the strength and size of the hash function and size of the key.

IPSec and TLS protocols use HMAC-SHA1 and HMAC-MD5 encryption algorithms.

– Captain Krypto

*Kryptotel is an IT Security Services and Product Development Company specializing in Cyber Security and Secure Communications. Kryptotel develops secure communication applications with strong encryption and security features. Feel free to consult Kryptotel for your cyber-security challenges. www.kryptotel.net.*