So guys, there's plenty of different ciphers available - but which one is the safest to use nowadays?
+1
A:
Some algorithms are better than others at different things - not sure what your criteria for "safest" is.
You certainly should not be using any of the DES based algorithms these days (assuming you have a free choice). AES (Rijndael) is the current standard for NIST and other bodies.
In general more bits for a specific algorithm means more secure, but do ensure that you use a initialization vector and do NOT use ECB.
HTH
C.
symcbean
2010-05-11 11:24:09
Hi, initialization vector - can you tell me more about that?
Industrial
2010-05-11 11:46:48
RTFM? There's much better documentation there and in the internet than I could fill in here.
symcbean
2010-05-11 11:53:10
+1 ECB mode is for suckers. Although IV's are dead simple to use, just make sure that no 2 messages are encrypted using the same IV and the same key, so you could use the primary key of a table you want to encrypt.
Rook
2010-05-11 17:51:37
+1
A:
I normally use AES-128 since AES is FIPS approved. The strongest cipher is AES-256 (MCRYPT_RIJNDAEL_256).
mcrypt has a modular design and new cipher can be added easily.
ZZ Coder
2010-05-11 11:49:56
+5
A:
If unsure use AES (also known as "Rijndael") with a 128-bit key. If you have developed some kind of fetish about key size then you could fulfill your irrational qualms by selecting a larger key, e.g. 192 or 256 bits; the extra cost is not high (+40% workload for AES-256, compared to AES-128, and it takes a very very fast network to actually observe that difference).
AES was published in 1998 and adopted by the US government as a federal standard in 2001, and it shows no sign of weakness nowadays. Some mathematical properties were found later on, but they do not impact actual security; mostly, they highlight that we have some relatively precise knowledge on why AES is secure. No other symmetric encryption algorithm has received as much attention (by thousands of talented cryptographers) than AES.
Most security issues come from how the cryptographic algorithm is used, not the algorithm itself. Use a proper chaining mode, add a MAC, manage padding, and most of all handle the keys securely. If you got all of this right (which is much more tricky than what it seems) then it becomes time to worry about choosing Rijndael, Twofish or whatever.
Thomas Pornin
2010-05-11 12:46:36
What do you mean by "proper chaining mode and add a mac" Are you talking about the cipher block chaining mode variant CMAC? Because there are probably only 2 people on SO that know what that is. Also you didn't say anything about the use of an IV.
Rook
2010-05-11 17:50:14
A complete course on how a block cipher should be used would far exceed my patience, and that of many readers as well. The point of my message is to: 1. answer the precise question which was asked, and: 2. to make the requester feel that the problem is complex and should not be addressed lightly.CBC mode with a random IV encoded with the encrypted message, and HMAC, are "proper enough" in my view. CMAC is only a MAC; for an advanced mode which combines encryption and MAC, lookup GCM (Galois/Counter Mode).
Thomas Pornin
2010-05-11 19:22:54
+1
A:
If you want to look at the details, there's an article, mainly by me, on block ciphers at http://en.citizendium.org/wiki/Block_cipher
To comply with current US standards, use AES, formerly Rijndael. Any of the other finalists from the AES competition -- Serpent, MARS, Twofish or RC-6 -- should be fine as well. I think you need a license for RC6, though.
Sandy
2010-05-11 13:30:17