Cyber Security: Comparing Cryptographic Techinques - DES, 3-DES, AES and BlowFish

Comparing different cryptographic techniques
The field of modern cryptography is steadily growing with its increased use in everyday life when surfing the internet, using your card in a cash machine etc.

 

There are hundreds of different cryptography schemes each with different applications, some of the most notable are described below.

• DES (Data Encryption Standard)

DES was first developed in the 1970s and was adopted by the United States National Bureau Of Standards as the US government standard for encrypting sensitive information. It is a symmetric cipher using 56-bit keys.

Due to DES’s relatively small key size it was discovered that it was possible to crack the encryption with a brute force attack. Although this was a theoretical risk when first proposed, the great increases in computing power over recent years have shown that DES can be brute forced in less than a day. It was this weakness that led to official adoption of other encryption standards, such as AES, by the US government.



A variant of DES, called Triple DES was developed to provide additional security, and be compatible with the previous version, without the requirement to develop a completely new cipher. Triple DES uses three rounds of DES encryption and three separate 56-bit DES keys.

Triple DES is widely used in e-commerce and online payment applications as well as securing data in Microsoft Outlook. By current projections of the growth in computer power, Triple DES will remain secure from a brute force attack until at least 2030.

• AES (Advanced Encryption Standard)

The realisation that the DES standard was no longer adequate, led the United States government to call for a replacement. After an open competition lasting five years, AES was adopted as a US government standard in 2001. AES uses a combination of symmetric ciphers and either 128, 192 or 256-bit keys providing enhanced security over DES. Although some potential weaknesses have been identified in AES, most are theoretical, with the encryption being easiest to break in a situation where it has not been implemented correctly rather than in the case of a brute force attack where every possible key combination must be tried.



AES is now widely used in commercial applications since the underlying specification is freely available for personal or commercial use. It is used to protect archive files, encrypting computer file systems (such as Windows 2000 onwards), encrypting hard disks and for secure file transmission. Such is its importance that many microprocessors now include AES in their instruction sets to speed up encryption and decryption.

• Blowfish

Blowfish was developed in the early 1990s as a potential replacement for DES, though AES ultimately became the agreed standard form of encryption. It is a cipher supporting variable key lengths from 1 to 448 bits. To date there has been no known successful attempt to break the encryption in its full implementation, although weaknesses have been identified when Blowfish is used with relatively weak keys. The related twofish and threefish ciphers have been designed to overcome these weaknesses, although most users have switched to AES.