Cryptographic Algorithms

Cryptographic algorithms can be roughly classified in two categories:

• Encryption algorithms transform an input file into an output file from which it is (quite) impossible to recover the original without the appropriate key. Encryption requires either a key (e.g., a predefined sequence of bytes) or a key pair. In the former case, the same key is used for both encryption and decryption (symmetric crypto). In the latter case, the key is split into a public part and a private part (public key crypto).

• Hash algorithms create a brief representation of the input message, called a digest. A hashing algorithm must fulfill three requirements: it must not be reversible; it must produce fixed-length output sequences (regardless of the input data length); and it must not generate collisions (i.e., two different messages must always yield different digests).

Symmetric cryptography algorithms are subdivided further as flow ciphers, encrypting one byte at a time, and block ciphers, encrypting blocks of input data at a time. Block ciphers operate either in ECB (electronic codebook) mode or in CBC (Cipher block chaining) mode.

Public key cryptography (PKC) algorithms use a pair of keys to perform data encoding and decoding. When one of them is used for encryption, the other one must be used for decryption. For a brief description of PKC mechanisms see the Resources. When used in conjunction with hash algorithms, PKC is an essential component of modern security systems. In particular, it allows to create digital signatures, a digest computed over a document encrypted with the originator's private key, and certificates, a public key signed by a trusted party called a certification authority.

Cryptography strength is given both by the algorithm and by the key length. Symmetric keys are usually shorter (around 128 bits), whereas PKC key pairs require a greater length (usually 1024 to 2048 bits) to provide the same level of security.

The following is a list of the most commonly used crypto algorithms.

Asymmetric Key Algorithms

• RSA: Rivest-Shamir-Adleman, standard PKCS#1 by RSA Data Security, Inc.
• DSA: Digital Signing Algorithm

Symmetric Key Algorithms

• Flow ciphers:
  • RC4: fixed length keys (128 bits max)
• Block ciphers:
  • DES: Data Encryption Standard, 56 bits key (broken!)
  • 3DES: Triple DES, 3*56 bits key
  • IDEA: International Data Encryption Algorithm, 128 bits key RC2

Digests

• SHA-1: Secure Hash Algorithm, produces 160 bits strings
• MD5: Message Digest 5, RFC 1321, produces 128 bits strings

Digital Certificates

• X.509: ITU-T rec., describes in ASN.1 syntax a digital certificate
• PKCS#6: extended certificate
• PKCS#12: defines a portable format for transport and storage of private keys, certificates, and so on.