jansson_mark
Markus Jansson
Premium
join:2001-08-05
Finland
| reply to jaykaykay
Re: [Poll] What's the best symmetric cipher?
said by jaykaykay  :
I couldn't begin to answer that. First I would have to have a description of what a Symmetric Cipher is. 
:) »www.ssh.com/support/cryptography···hms.html
"There are two classes of key-based encryption algorithms, symmetric (or secret-key) and asymmetric (or public-key) algorithms. The difference is that symmetric algorithms use the same key for encryption and decryption (or the decryption key is easily derived from the encryption key), whereas asymmetric algorithms use a different key for encryption and decryption, and the decryption key cannot be derived from the encryption key."
»www.mccune.cc/PGPpage2.htm#128bit
"Since PGP uses public keys so much larger than this, it is easy to become confused when we hear the "reality" of PGP being "only" 128 bit encryption. To understand this, it is necessary to know that PGP uses both symmetric algorithms (IDEA, CAST, or Triple DES; Twofish is an additional option in PGP 7.0, and AES is still an additional option in 7.0.1) and asymmetric algorithms (RSA or DH). The process is the same regardless of the algorithms used, so my explanation will simplify it by referring only to the traditional use of IDEA and RSA. IDEA is a thousand (or more) times faster than RSA, but cannot be used for encrypting a file/message to one key, and then decrypting that file/message to a different matching key (public key encryption, which RSA can do). So, PGP speeds up the whole process by first encrypting the file or message to IDEA, using a randomly generated "session key" (an IDEA key used just for that one instance of encryption). That randomly generated session key is then encrypted to the recipient's public key(s), and packaged along with the IDEA encrypted file/message. The recipient(s) then uses his/her private key to decrypt the session key, which is then used to decrypt the file/message. In addition to tremendously speeding everything up, this use of underlying symmetric encryption to a randomly generated session key, improves the overall security of PGP - and also helps explain why the same file/message encrypted to the same public key always looks different (a different session key was used). These underlying symmetric algorithms are believed to be best broken by a brute force attack of trying all possible keys, which is considered impossible to do because of the sheer number of keys to try - each additional bit doubles the number of keys that would have to be tried, so that a 57 bit algorithm would have twice the number of possible keys as a 56 bit algorithm. The asymmetric RSA algorithm is believed to be best broken by mathematical factoring. It is believed that a 3000* bit RSA asymmetric key would require as much time and effort to factor, as the time and effort to do a brute force attack on 128 bit IDEA. These key size comparisons are considered roughly comparable for the other algorithms used in PGP (except that 256 bit Twofish and AES compare to a 15000 bit DH or RSA key) - so if you want the highest possible level of security in PGP, you should use an RSA or DH key at least as large as 3000 bits."
Also, check from
»www.pgpi.org/doc/pgpintro/
»senderek.de/security/secret-key.···#methods
--
My privacy related homepage & PGP keys:
»www.markusjansson.net
[text was edited by author 2002-11-19 22:55:23] |
