Cryptography, Symmetric Algorithms – CompTIA Security+ Lesson 17

Last time I wrote about old cryptographic methods. These methods however, can easily be cracked. So let’s talk about an efficte way: symmetric algorithms.


Symmetric algorithms require both ends of a communications (sender and receiver) to have the same key. Hence the term symmetric.

This key is generated by the algorithm and must be protected. The disclosure of a private key breaches the security of the whole encryption. Kinda like locking your door and loosing your key or getting it stolen from you.

The lock will be useless.

Another problem is key distribution. How do you give the key to a friend in an other city?

The good part however, is that symmetric algorithms are always faster than asymmetric ( which I’ll be discussing next week), but can be just as secure with a smaller key size.

symmetric algorithms keys

Symmetric algorithms use either a block or stream sipher.

Block cipher works kinda like the transposition example in last weeks post. But it doesn’t scramble the blocks, it encrypts them.

A stream cipher encrypts the data one bit at a time.

Common standards that use symmetric algorithms

Name Description key sizes pros cons
Data Encryption Standard (DES) Has been used since the mid-1970. 56-bit has several modes that offer security
  • key size to small to be secure
  • was replaced by AES
Triple-DES (3DES) A technological upgrade of DES. 168-bit Harder to break than many other systems
  • uses three 56-bit DES keys
Advanced Encryption Standard (AES) Has replaced DES as the current standard, and it uses the Rijandel algorithm.
  • 128
  • 192
  • 256
  • AES is more secure (it is less susceptible to cryptanalysis than 3DES).
  • AES supports larger key sizes than 3DES’s 112 or 168 bits.
  • AES is faster in both hardware and software.
AES in Galois/Counter Mode (GCM) is challenging to implement in software in a manner that is both performant and secure.
 AES256  like AES but with 256 bit key for default
CAST Developed by Carlisle Adams and Stanford Tavares (C.A.S.T.). Used in some products offered by Microsoft and IBM. 128 bit and 256 bit It’s very fast and efficient
Ron’s Cipher (RC) An encryption family produced by RSA laboratories. Current levels are RC4, RC5 and RC6.

Used in wireless (WEP/WPA), SSL and TLS.

Up to 2048 Bits Very strong (long) key
Blowfish and Twofish  A symmetric block cipher that can use variable length keys. Twofish has a more complex key schedule than Blowfish. 32 to 448 bits Very fast
International Data Encryption Algorithm


Developed by a Swiss consortium  128 bit Similar in speed and capability to DES, but more secure.
One- TIme Pads The only truly secure cryptographic implementations. The key is as long as the plaintext message. And the key is used only once. Variable

Key exchange

As touched on before, key exhange is a “difficult” topic with symmertic algorithms. So importan in fact, that there are two approaches for it: in-band and out-of-band.

In- Band means the key is exchange on the same channel of communication that is going to be encrypted. (IPsec is an example).

Out- of- Band exchanges the key on some other channel, instead of the one that’s getting encrypted.