tags:

views:

460

answers:

3
+2  Q: 

What's the best encryption algorithm for the iPhone in terms of speed and security?

The iPhone supports the following encryption algorithms

enum {
    kCCAlgorithmAES128 = 0,
    kCCAlgorithmDES,            
    kCCAlgorithm3DES,           
    kCCAlgorithmCAST,           
    kCCAlgorithmRC4,
    kCCAlgorithmRC2 
};

I want to use only symmetric algorithm since asymmetric encryptions requires more computation overhead.

So I want to know which of the ones listed is the best algorithm and also what is the key-length in order to avoid excessive computation overhead.

A: 

Of those algorithms you list, I believe RC4 is the fastest. In addition, the speed of RC4 does not depend on the key length once it has been initialized. So you should be able to use the maximum key size for that one without worrying about runtime cost.

Mark Wilkins  2010-01-04 13:04:27
+2  A: 

Key length

Bruce Schneier wrote back in 1999:

Longer key lengths are better, but only up to a point. AES will have 128-bit, 192-bit, and 256-bit key lengths. This is far longer than needed for the foreseeable future. In fact, we cannot even imagine a world where 256-bit brute force searches are possible. It requires some fundamental breakthroughs in physics and our understanding of the universe. For public-key cryptography, 2048-bit keys have same sort of property; longer is meaningless.

Block ciphers

AES

It's the current standard encryption algorithm. It's considered to be safe by most people. That's what you should be using if you haven't got a very deep knowledge in cryptography.

DES

DES is the predecessor of AES and is considered broken because of its short key length.

3DES

Is a variation of DES with a longer key length. It's still in use but there are some known attacks. Still it's not yet broken.

RC2

It's considered to be weak.

Stream ciphers

RC4

It has some known vulnerabilities but is still used today, for example in SSL. I recommend not to use it in new products.

Conclusion

Use either RC4 or AES, depending if you need a stream or a block cipher.

Georg  2010-01-04 13:07:11
what about CAST?whether AES 256 is supported by the iPhone?
Rupesh  2010-01-04 13:19:45
@Rupesh: I've never heard of CAST myself, that's why I've left it out. Apparently the Canadian government allows it's use for confidential documents. http://en.wikipedia.org/wiki/CAST-128 But it's quite certain that it hasn't received the same amount of security review that AES (Rijndael) has.
Georg  2010-01-04 13:26:55
@Rupesh: I don't think that AES256 is supported. I can only guess why. (The USA don't want to export such a strong algorithm; it doesn't fit into the iPhone's registers and is therefore slow; encryption is performed by a separate chip which doesn't support AES256.) Still, AES128 is considered to be strong enough for the next few decades.
Georg  2010-01-04 13:29:13
A: 

RC4 is probably the fastest, but it has some security issues. If security is an important factor, I would recommend going for AES128. AES is the standard solution and on the top of excellent security you might expect the implementations to get faster over time as people are still actively working on them. Maybe future CPUs will also include support for it, just like new Intel desktop processors will.

Krystian  2010-01-04 13:08:42

related questions

How to implement password protection for individual files?
Encrypting appSettings in web.config
Usefulness of SQL Server "with encryption" statement
How can I use a key blob generated from Win32 CryptoAPI in my .NET application?
CodeReview: Tiny Encryption Algorithm for arbitrary sized data
Simple encryption implementation in C
Which hard disk encryption software to choose?
Passing untampered data from Flash app to server?
How do I prevent replay attacks?
Is there a best .NET algorithm for credit card encryption?
Encrypt data from users in web applications
How to encrypt one message for multiple recipients?
Two-way password encryption without ssl
What's the answer to this Microsoft PDC challenge?
GPG: How does key signing work and how is it done?
Secure Online Highscore Lists for Non-Web Games
Programmatically encrypting a config-file in .NET
How do I use 3des encryption/decryption in Java?
Encryption in C# Web-Services
Suitable alternative to CryptEncrypt
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
C# - CryptographicException: Padding is invalid and cannot be removed
How can I encode xml files to xfdl (base64-gzip)?
How do I add SSL to a .net application that uses httplistener - it will *not* be running on IIS
Encrypting Passwords