Skip to main content

Encryption Algorithms - what are they, and how do they secure your data?

Encryption Algorithms - what are they, and how do they secure your data?

An encryption algorithm is a clever way of keeping data private and secure. An encryption works by encoding the message with two keys, one to code and one to decrypt. That means only the sender and receiver can read the message. This is what WhatsApp uses to keep data secure while in transit. Should anyone get to it, they won't be able to make sense of it. 

Encryption algorithms are commonly used in computer communications, including FTP transfers, VPN service protected data, banking, government communications and in secure emails, to name a few. Usually they are used to provide secure transfers. 

There are quite a few different algorithms uses to create encryptions. So, a bit like languages, there are lots to use. Each one has a different set of positives and negatives. These fall into two basic categories: asymmetric and symmetric.

Asymmetric encryptions use a key that is published for anyone to use when encrypting messages. Only the receiving party will have access to the key that allows the message to be read.

Symmetric encryptions use a single key for encrypting and decrypting messages. Both the sender and receiver must have the same key to achieve the secure connection.

If you're looking into getting a secure VPN and want to know a bit more about how the encryption works, here are some commonly used algorithms:

TripleDES, also known as DES/3DES

This is an encryption algorithm called Data Encryption Standard that was first used by the U.S. Government in the late 1970's. It is commonly used in ATM machines (to encrypt PINs) and is utilized in UNIX password encryption. 

Triple DES or 3DES has replaced the older versions as a more secure method of encryption, as it encrypts data three times and uses a different key for at least one of the versions.

This system, as one of the oldest, is slowly being phased out – although it's still dependable for financial services.

Blowfish

Blowfish is a symmetric block cipher that is unpatented and free to use. It was developed by Bruce Schneier and introduced in 1993.

This is being accepted as a strong cipher as it gets more testng and exposure. Since it can be used for 32 bits or way up to 448 bits, it is possible to make it very secure if needed.

Best web browsers | Best antivirus software | Best encryption software

AES

The Advanced Encryption Standard (AES) or Rijndael, uses the Rijndael block cipher approved by the National Institute of Standards and Technology (NIST). As such it is the trusted standard used by the US Government since 2000, when it replaced DES.

Twofish

Twofish is a block cipher designed by Bruce Schneier – yup, the same one that came up with Blowfish. This is the next generation of that creation making it related to both Blowfish and AES.

It was one of the five Advanced Encryption Standard (AES) finalists and is unpatented and open source. The block size options are either 128 bits or 256 bits. This is seen as a very secure cipher but isn't as fast as some others, hence not being selected as an advanced encryption standard. 

IDEA

The International Data Encryption Algorithm (IDEA) cipher was used in Pretty Good Privacy (PGP) Version 2 and is an optional algorithm in OpenPGP. IDEA features 64-bit blocks with a 128-bit key. That means it performs eight identical rounds for encryption where six different subkeys are used with four keys for output transformation.

All that means this is a highly trusted algorithm which has been patent-free since 2012, making it available for anyone to use.

MD5

MD5 was developed by Professor Ronald Riverst in 1991 and was used to create digital signatures. It replaced the MD4 algorithm and uses 128-bit hash value for 512-bit block sizes. 

MD5 is a weak system as the requirement for a cryptographic hash function is that two distinct messages that have the same value should not be found. This can be found with the power of a home computer. Not one to be trusted then, despite its continued use.

SHA 1

SHA 1 is a hashing algorithm similar to MD5, yet SHA 1 largely replaces MD5 since it offers more security. It was designed by the US National Security Agency and is the US Federal Information Processing Standard.

However, since then it has shown lots of weaknesses to attacks and in 2011 NIST formally depreciated its use. In 2013 its use was disallowed for digital signatures. All major web browsers ceased use of SHA 1 in 2017. 

HMAC

This is a hashing method similar to MD5 and SHA 1, sometimes referred to as HMAC MD5 and HMAC SHA1. Despite this using MD5, which is insecure, the current attacks on HMAC-MD5 don't appear to show any vulnerabilities. 

This does not encrypt the message itself but rather is sent alongside it to be hashed to find authentic matches. 

RSA Security

This is a public-key encryption, the standard used for sending data over the internet. Since it uses a pair of keys this is classed as asymmetric, with a public key used to encrypt and a private key to decrypt messages. This is a tough code to break by would be attackers.

  • RC4  RC4 is a variable key size stream cipher based on the use of a random permutation.
  • RC5  This is a parameterized algorithm with a variable block, key size and number of rounds.
  • RC6  This an evolution of RC5, it is also a parameterized algorithm that has variable block, key and a number of rounds. This algorithm has integer multiplication and 4 bit working registers.