Common encryption algorithm Classification

Common EncryptionAlgorithmIt can be divided into three types: symmetric encryption algorithms, asymmetric encryption algorithms, and hash algorithms.

Symmetric encryption

RefersEncryption and decryption using the same key encryption algorithm. The advantage of symmetric encryption algorithms is thatHigh encryption and decryption speed and hard-to-crack performance when using long keys. Assume that two users need to use symmetric encryption to encrypt and exchange data, then the user needs at least two keys for exchange and use. If there are n users in the enterprise, the entire enterprise requires a total of n × (n-1) keys. the generation and distribution of keys will become a nightmare for the Enterprise Information Department. The security of symmetric encryption algorithms depends on the storage of encryption keys. However, it is impossible for everyone in the enterprise to keep a secret, generally, they intentionally or unintentionally disclose the key. If a user's key is obtained by an intruder, the hacker can read all the documents encrypted by the user key, if the entire enterprise shares an encryption key, the confidentiality of the entire enterprise document cannot be discussed.

Common symmetric encryption algorithms: des and 3DES, Desx, blowfish, idea, RC4, RC5, rc6, andAES

 

Asymmetric encryption

RefersEncryption and decryption use encryption algorithms with different keys, also known as public/private key encryption. Assume that two users want to encrypt and exchange data, and both parties exchange public keys. One party uses the other party's public key to encrypt the data, and the other party can use its own private key to decrypt the data. If the enterprise has n users, the enterprise needs to generate n pairs of keys and distribute n public keys. Since the public key can be made public, users only need to keep their own private key, so the distribution of encryption keys will become very simple. At the same time, because each user's private key is unique, other users can verify the authenticity of the information source by using the public key of the Information sender, the sender cannot deny that the message has been sent. Asymmetric encryptionThe disadvantage is that encryption and decryption speed is far slower than symmetric encryption.In some extreme cases, it is even 1000 times slower than asymmetric encryption.

Common asymmetric encryption algorithms: RSA, ECC (for mobile devices), Diffie-Hellman, El Gamal, and DSA (for digital signatures)

 

HashAlgorithm

In particular, the hash algorithm isOne-way AlgorithmYou can use the hash algorithmGenerate a unique hash value of a specific length for the target information.,You cannot use this hash value to obtain the target information again.. Therefore, hash algorithms are commonly used inUnrecoverable Password StorageInformation integrity verification.

CommonHashAlgorithm:Md2, md4, MD5, haval,Sha, SHA-1, HMAC, HMAC-MD5, HMAC-SHA1

 

The efficiency of an encryption algorithm is usually measured by the complexity of the algorithm, the length of the key (the longer the key, the more secure), and the encryption/Decryption speed. In the above algorithms, except for the insufficient des key length and the slow md2 speed, it has been gradually eliminated. Other algorithms are still used in the current encryption system products.

 

Encryption Algorithm Selection

The previous sections have already introduced symmetric encryption algorithms and asymmetric encryption algorithms. Many people are wondering: Which one should we use in actual use?

We should determine based on our own usage characteristics that since asymmetric encryption algorithms run much slower than symmetric encryption algorithms, when we need to encrypt a large amount of data, we recommend that you use symmetric encryption algorithms to increase the encryption and decryption speed.

Symmetric encryption algorithms cannot implement signatures, soThe signature can only be an asymmetric algorithm..

BecauseKey Management of symmetric encryption algorithms is a complex process.Key management directly determines its security. Therefore, when the data volume is small, we can consider using asymmetric encryption algorithms.

In actual operation, we usually adopt the following methods:Use asymmetric encryption algorithms to manage the keys of symmetric algorithms, and then use symmetric encryption algorithms to encrypt data.In this way, we integrate the advantages of the two types of encryption algorithms, which not only achieves the advantages of fast encryption speed, but also realizes the advantages of secure and convenient key management.

If the encryption algorithm is selected, how many keys are used? In general, the longer the key, the slower the running speed. We should choose based on the actual security level. In general, RSA recommends 1024-bit numbers, we recommend that you use 160 bits for ECC and 128 for AES.