Today, we will introduce commonly used encryption algorithms, their classifications, and applications.
1. Symmetric Encryption Algorithms
Symmetric means that both parties using this encryption method use the same key for encryption and decryption. The key is the instruction that controls the encryption and decryption process. The algorithm is a set of rules that specifies how to encrypt and decrypt.
Classification
The commonly used algorithms include: DES, 3DES, AES, etc.
DES
The full name is Data Encryption Standard, which is a block algorithm that uses a key for encryption. In 1977, it was established as a federal standard by the National Institute of Standards and Technology (NIST) in the United States and authorized for use in non-classified government communications. Subsequently, this algorithm became widely used internationally.
3DES
TripleDES is an encryption algorithm transitioning from DES to AES. It uses three 56-bit keys to encrypt data three times, making it a more secure variant of DES. It is designed as a block encryption algorithm by combining grouping methods based on DES.
AES
The full name is Advanced Encryption Standard, also known as Rijndael encryption, which is a block encryption standard adopted by the United States federal government. This standard was established to replace the original DES and has been widely analyzed and used globally.
Advantages and Disadvantages
The advantages of symmetric encryption algorithms include public algorithms, low computation, fast encryption speed, and high encryption efficiency.
The disadvantages of symmetric encryption algorithms are that before data transmission, the sender and receiver must agree on a secret key and ensure both parties can securely store the key. Additionally, if one party’s key is leaked, the encrypted information becomes insecure. Furthermore, each pair of users needs to use a unique key that others do not know each time they use a symmetric encryption algorithm, which results in a large number of keys that both parties must manage, becoming a burden.
Applications
To store sensitive information that can be decrypted, such as user phone numbers and ID cards.
2. Asymmetric Encryption Algorithms
Unlike symmetric encryption algorithms, asymmetric encryption algorithms require two keys: a public key and a private key. The public key and private key form a pair; if data is encrypted with the public key, only the corresponding private key can decrypt it; conversely, if data is encrypted with the private key, only the corresponding public key can decrypt it. Because encryption and decryption use two different keys, this algorithm is called asymmetric encryption.
Classification
The commonly used algorithms include: RSA, DSA, ECC, etc.
RSA
The full name is Digital Signature Algorithm, which is the first algorithm that can be used for both encryption and digital signatures and is easy to understand and operate. RSA is the most widely studied public key algorithm, having undergone various attacks over more than thirty years, and is generally considered one of the best public key schemes available today.
DSA
The full name is Digital Encryption Standard, which is based on the difficulty of the discrete logarithm problem in finite fields, and its security is comparable to that of RSA. An important feature of DSA is that two prime numbers are public, so when using someone else’s p and q, even without knowing the private key, you can verify whether they were randomly generated or manipulated, which RSA cannot do.
ECC
The full name is Elliptic Curves Cryptography, also known as the elliptic encryption algorithm, was initially proposed by Koblitz and Miller in 1985. Its mathematical basis is the difficulty of computing the discrete logarithm on the group of rational points on an elliptic curve.
Compared to RSA and DSA, ECC has the following advantages:
High security; research indicates that a 160-bit elliptic key has the same security as a 1024-bit RSA key.
Fast processing speed; in terms of encryption and decryption speed of private keys, ECC algorithms are faster than RSA and DSA.
Small storage space requirement.
Low bandwidth requirements.
Advantages and Disadvantages
Asymmetric encryption is considered more secure than symmetric encryption; in symmetric encryption, both parties use the same key, and if one party’s key is leaked, the entire communication can be compromised. In contrast, asymmetric encryption uses a pair of keys, one for encryption and one for decryption, with the public key being public and the private key being kept secret, eliminating the need to synchronize keys before communication as in symmetric encryption.
The disadvantage of asymmetric encryption is that encryption and decryption take longer and are slower, making it suitable only for encrypting small amounts of data.
Applications
Generally used for signatures and authentication.
3. Hash Algorithms
In information security technology, it is often necessary to verify the integrity of messages. Hash functions provide this service by producing a fixed-length output for input messages of varying lengths. This fixed-length output is called the “hash” or “message digest” of the original input message.
Classification
The commonly used algorithms include: MD5, SHA, HMAC, etc.
MD5
The full name is Message Digest Algorithm, which is widely used in the field of computer security as a hash function to provide message integrity protection.
SHA
The full name is Secure Hash Algorithm, which is primarily used in the digital signature standard (Digital Signature Standard DSS) defined digital signature algorithm (Digital Signature Algorithm DSA). There are several one-way hash algorithms, including SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512, among which SHA-1 is no longer considered secure.
HMAC
The full name is Hash Message Authentication Code, which mainly uses a hash algorithm to generate a message digest as output from a key and a message as input. Generally, message authentication codes are used to verify messages transmitted between two parties sharing a common key. HMAC can be bundled with any iterative hash function. MD5 and SHA-1 are such hash functions. HMAC can also use a key for calculating and verifying the message authentication value.
Applications
To verify the integrity of downloaded files; it is common to see this when downloading files from websites.
To store sensitive user information, such as passwords and card numbers, which cannot be decrypted.
Recommendations
Use AES with a 128-bit key, recommend using a 1024-bit number for RSA, and a 160-bit key for ECC. RSA has a limitation on the length of encrypted characters, and it is generally recommended to use a combination of AES and RSA.
Common Misunderstandings
Many blogs inaccurately describe Base64 encoding as an encryption algorithm, which is not rigorous. Base64 is not readable, but it does not mean that this encoding is encryption. Encryption must ensure that anyone without the key cannot decrypt the information, nor can they deduce any plaintext information from the ciphertext, while Base64 can be easily decoded. Furthermore, Base64 clearly does not involve a key and lacks the security of an encryption algorithm, so this misunderstanding should be corrected.
