Symmetric algorithms require both ends of a communications (sender and receiver) to have the same key. Hence the term symmetric.
This key is generated by the algorithm and must be protected. The disclosure of a private key breaches the security of the whole encryption. Kinda like locking your door and loosing your key or getting it stolen from you.
The lock will be useless.
Another problem is key distribution. How do you give the key to a friend in an other city?
The good part however, is that symmetric algorithms are always faster than asymmetric ( which I’ll be discussing next week), but can be just as secure with a smaller key size.
Symmetric algorithms use either a block or stream sipher.
Block cipher works kinda like the transposition example in last weeks post. But it doesn’t scramble the blocks, it encrypts them.
A stream cipher encrypts the data one bit at a time.
|Data Encryption Standard (DES)||Has been used since the mid-1970.||56-bit||has several modes that offer security||
|Triple-DES (3DES)||A technological upgrade of DES.||168-bit||Harder to break than many other systems||
|Advanced Encryption Standard (AES)||Has replaced DES as the current standard, and it uses the Rijandel algorithm.||
||AES in Galois/Counter Mode (GCM) is challenging to implement in software in a manner that is both performant and secure.|
|AES256||like AES but with 256 bit key for default||–||–||–|
|CAST||Developed by Carlisle Adams and Stanford Tavares (C.A.S.T.). Used in some products offered by Microsoft and IBM.||128 bit and 256 bit||It’s very fast and efficient||–|
|Ron’s Cipher (RC)||An encryption family produced by RSA laboratories. Current levels are RC4, RC5 and RC6.
Used in wireless (WEP/WPA), SSL and TLS.
|Up to 2048 Bits||Very strong (long) key||–|
|Blowfish and Twofish||A symmetric block cipher that can use variable length keys. Twofish has a more complex key schedule than Blowfish.||32 to 448 bits||Very fast||–|
|International Data Encryption Algorithm
|Developed by a Swiss consortium||128 bit||Similar in speed and capability to DES, but more secure.||–|
|One- TIme Pads||The only truly secure cryptographic implementations. The key is as long as the plaintext message. And the key is used only once.||Variable||–||–|
As touched on before, key exhange is a “difficult” topic with symmertic algorithms. So importan in fact, that there are two approaches for it: in-band and out-of-band.
In- Band means the key is exchange on the same channel of communication that is going to be encrypted. (IPsec is an example).
Out- of- Band exchanges the key on some other channel, instead of the one that’s getting encrypted.