Common cryptographic algorithms

The common encryption algorithms can be divided into three kinds, symmetric encryption algorithm, public key encryption algorithm and one-way encryption algorithm.

Symmetric encryption

　　Encrypt and decrypt encryption algorithms that use the same key. The advantages of symmetric encryption algorithms are the high speed of decryption and the difficulty of cracking when using long keys. Assuming that two users need to encrypt and then exchange data using a symmetric encryption method, the user needs at least 2 keys and is exchanged, and if there are N in the enterprise, the entire enterprise needs NX (n-1) keys, and the generation and distribution of the keys will become the nightmare of the Enterprise Information Department. The security of the symmetric encryption algorithm depends on the storage of the encryption key, but it is impossible for everyone in the enterprise to keep a secret, and they usually leak the key out-if a user uses a key that is obtained by the intruder, the intruder can read all the documents encrypted by the user key. If a single encryption key is shared across the enterprise, the confidentiality of the entire enterprise document will not be discussed.

a common symmetric encryption algorithm: DES, 3DES, DESX, Blowfish, Idea, RC4, RC5, RC6, and AES

Public Key Cryptography

Encrypt and decrypt encryption algorithms that use different keys, also known as asymmetric encryption. Assuming that two users want to encrypt the exchange of data, the two sides exchange the public key, using the other side of the public key encryption, the other side can be decrypted with their own private key. If there are n users in an enterprise, the enterprise needs to generate N-pair keys and distribute n public keys. Because the public key can be exposed, the user simply takes care of their private key, so the distribution of the encryption key becomes very simple. Also, because each user's private key is unique, other users can verify that the source of the information is true, in addition to the sender's public key, and that the sender cannot deny that the message was sent. The disadvantage of asymmetric encryption is that the decryption speed is much slower than symmetric encryption, and in some extreme cases, it can be even 1000 times times slower than asymmetric encryption.

Common Asymmetric encryption algorithms: RSA, ECC (for mobile devices), Diffie-hellman, El Gamal, DSA (for digital signatures)

One-way encryption algorithm

The special place of hash algorithm is that it is a one-way algorithm, the user can use the hash algorithm to generate a specific length of the unique hash value of the target information, but not through this hash value to regain the target information. Therefore, the hash algorithm is commonly used in non-reversible password storage, information integrity check and so on.

Avalanche effect, a very small difference of two files, after one-way encryption to obtain the data summary information is very different

A common hash algorithm: MD2, MD4, MD5, HAVAL, SHA, SHA-1, HMAC, HMAC-MD5, HMAC-SHA1

The effectiveness of cryptographic algorithms can usually be measured by the complexity of the algorithm itself, the length of the key (the longer the key is more secure), and the speed of encryption and decryption. In the above algorithm, in addition to the DES key length is not enough, the MD2 speed is gradually eliminated, other algorithms are still in the current encryption system products used.

Selection of cryptographic algorithms

The previous chapters have introduced symmetric decryption algorithms and asymmetric encryption algorithms, and many people wonder: what is the best way to use the actual process?

We should according to our own characteristics to determine, because the asymmetric encryption algorithm runs faster than the symmetric encryption algorithm is much slower, when we need to encrypt a large amount of data, we recommend the use of symmetric encryption algorithm, improve the encryption and decryption speed.

A symmetric encryption algorithm cannot implement a signature, so the signature can only be an asymmetric algorithm.

Because the key management of symmetric encryption algorithm is a complex process, the management of the key directly determines his security, so when the amount of data is very small, we can consider using asymmetric encryption algorithm.

In the actual operation process, we usually adopt the method of using asymmetric encryption algorithm to manage the key of symmetric algorithm, then encrypt the data with symmetric encryption algorithm, so we can integrate the advantages of two kinds of encryption algorithm, not only realize the advantages of fast encryption speed, but also realize the advantages of safe and convenient management key.

If the encryption algorithm is selected, how many bits of the key are used? In general, the longer the key, the slower the speed of operation, should be based on the security level we actually need to choose, in general, RSA recommended 1024-bit number, ECC recommended 160-bit, AES using 128.

Common cryptographic algorithms