Symmetric Cryptography
External
- Performance Analysis of Data Encryption Algorithms https://www.cse.wustl.edu/~jain/cse567-06/ftp/encryption_perf/
Internal
Overview
Symmetric encryption is a type of encryption where the sender and the receiver agree on a secret (shared) key. The main concern behind symmetric encryption is how to share the secret key securely between the two peers. If the key gets known for any reason, the whole system is compromised.
Concepts
Block Cipher
Block ciphers process entire blocks at a time. The plain text is divided into blocks of equal size, which are then fed into the cipher to produce blocks of cipher text. If there is not enough data to make a complete input block the data must be padded. These bytes are stripped off during the decryption phase. Block encryption is also called bulk encryption.
Stream Cipher
Stream ciphers operate on streams of data, encrypting it bit by bit. A stream cipher consists of two major components: a key stream generator, and a mixing function. Mixing function is usually just an XOR function, while key stream generator is the main unit in stream cipher encryption technique.
Initialization Vector (IV)
An initialization vector (IV) is an arbitrary number that can be used along with a secret key for data encryption. This number, also called a nonce, is employed only one time in any session. The use of an IV prevents repetition in data encryption, making it more difficult for a hacker using a dictionary attack to find patterns and break a cipher.
Symmetric Encryption Algorithms
Advanced Encryption Standard (AES)
The Rijndael algorithm is a block cipher recommended by NIST to replace DES. Brute force attack is the only effective attack known against it, in which the attacker tries to test all the characters combinations to unlock the encryption. The algorithm can usually be used with 256-bit, 192-bit and 128-bit keys. A brute force attack on a 256 bit key using the fastest supercomputer publicly known at the moment would take 1053 years.
AES-GCM
Advanced Encryption Standard in Galois/Counter Mode (GCM).
Blowfish
Blowfish is a variable length key, 64-bit block cipher, one of the most common public domain encryption algorithms provided by Bruce Schneier.
Data Encryption Standard (DES)
There are many attacks and methods to exploit it, which makes it an insecure block cipher.
3DES
3DES is an enhancement of DES, where the encryption method is similar to the one in original DES but applied three times to increase the encryption level. 3DES is slower than other block cipher methods.
DESede
IDEA
To Process
- Password Based Encryption Example http://localhost:9627/personal/Wiki.jsp?page=SymmetricEncryptionInJava