- Widespread encryption algorithms and how they work
- Most secure encryption - AES
- How AES works
- Encryption keys and possible combinations
When you use an online privacy tool to connect to the World Wide Web, an encryption algorithm is usually in place. These algorithms transform your data into secret code upon transmission, then decipher the information when it reaches its destination point. As a result, even if someone intercepts your data when it’s en route, they won’t be able to read it.
Virtual private networks (VPNs), for example, encrypt the data on your device, then the VPN server decrypts it before it reaches its target destination (i.e., websites, apps, or remote computers). Secure e-mail clients work in a similar fashion, except that decryption is performed on the destination device.
There are several encryption algorithms and each one works differently. So let’s explore your options when selecting a proper method.
Major Types of Encryption Algorithms
There are two major categories of encryption algorithms – asymmetric and symmetric.
- Asymmetric algorithms work by using a public key to encrypt messages. Anyone can use the key to encrypt the data but only the final recipient has a key to decrypt the message.
- Symmetric algorithms, on the other hand, work by using a single key for both encryption and decryption. You and the recipient must have the same key to encrypt and decrypt the messages you exchange.
Several popular encryption algorithms rely on both asymmetric and symmetric cryptography to deliver secure messages. VPN clients, FTP connections, and online banking and financial services use such algorithms to protect their users’ sensitive data. In fact, the majority of secure online services utilize one of the encryption algorithms below.
Most Used Encryption Algorithms
Although there are many encryption algorithms available, the ones we reviewed are the most common among governments and private entities across the world. Two of these algorithms are considered encryption standards – the RSA and the AES.
But it all started with the DES algorithm in the 1970s.
The Advanced Encryption Standard was introduced in 1998 by Vincent Rijmen and Joan Daemen. It was later selected to replace the DES standard by the US National Institute of Standards and Technology (NIST) in 2001.
AES is a symmetric encryption algorithm, which is now widely used in most consumer apps as well as enterprise-grade software. Therefore, we will take a more detailed look at how it works.
How AES Encryption Algorithm Works
VPN users should be familiar with the Advanced Encryption Standard. Every reputable VPN service uses AES to encrypt and protect client data, and they all advertise it in their features list. The US government selected AES as a replacement to DES back in 2001. That’s because it’s unbreakable and guarantees success.
The symmetric AES has a block size of 128 bits, with three different key lengths to encrypt and decrypt messages: 128-bit, 192-bit, and 256-bit. You can see what it means from a cryptographic point of view in the chart below.
RSA is an asymmetric encryption method named after its creators Ron Rivest, Adi Shamir, and Leonard Adleman. It works as public-key encryption because one of the keys can be given to anyone. The other key, meanwhile, remains private. RSA is often used with other types of algorithms for more efficiency.
The RSA algorithm is a significant improvement to Triple DES encryption as it uses 1024 or 2048-bit keys instead of just 168-bit.
TripleDES or DES/3DES
DES is an algorithm that the US government developed in the 1970s under the name Data Encryption Standard. But with time, it proved to be insufficient as hackers could explore all its possible combinations in less than a day. Therefore, Triple DES or 3DES came to life in the 1990s. It is a symmetric encryption method that applies DES three times, increasing the key size from 56-bit to 168-bit.
However, it will no longer be in use come 2030, perhaps even sooner. That is mostly due to the introduction of the more secure Advanced Encryption Standard (AES) in 2001. Other factors also contributed to the inevitable retirement of 3DES encryption. They include the termination of DES in 2005 and the ending of the two-key variant of 3DES in 2015.
Nonetheless, it is still in use in ATM machines to encrypt PINs, as well as Microsoft Office apps and the Mozilla Firefox browser.
Other Types of Known Encryption Algorithms
While the Advanced Encryption Standard is the common algorithm in use today, in addition to RSA and the soon obsolete 3DES, some apps and programs implement other known protocols, including:
Bruce Schneier designed Blowfish in 1993. It is a symmetric encryption algorithm that is free for use with a block size of 64 bits, while the key length varies from 32 to 448 bits. No one has managed to break full encryption made with Blowfish since its introduction and that is why the algorithm is widely used in apps that offer cryptographic features.
In 1998, Bruce Schneier introduced a successor to Blowfish called Twofish. This symmetric block ciphering algorithm is considered a strong favorite to replace the Data Encryption Standard, at least for open-source applications. and just like its predecessor, it is free for anyone to use. It has a block size of 128 bits and key sizes up to 256 bits.
Threefish was designed by Bruce Schneier and a team of other cryptographers in 2008. It’s a large, symmetric, and tweakable cipher that has three different block sizes: 256 bits, 512 bits, and 1024 bits. Key lengths are equal to the block size, while the tweak value is 128 bits for all blocks.
There’s no patent for the Threefish algorithm, meaning it’s free for all uses.
The Diffie–Hellman key exchange, or the DH algorithm, is an encryption method to securely exchange keys over a public channel. Named after Whitfield Diffie and Martin Hellman, the algorithm allows two sides to jointly establish a shared secret key over an insecure channel. It is based on symmetric key exchange for both encryption and decryption.
DH was one of the first public key exchange encryption methods in the cryptography field.
Basic Encryption Knowledge
The majority of users find encryption algorithms complicated, and rightly so. Most people who read how these ciphers work won’t understand every detail. Still, it’s very important to acquire some form of knowledge about this topic as it will help you determine if the product you’re using is safe.
So the next time you’re installing a cybersecurity tool, like a VPN, make sure to:
- Check out what kind of encryption it offers: It’s better to avoid DES and 3DES. The first is insecure, while the latter will cease to exist in the near future.
- Research algorithms if you’re unfamiliar with the name: Some encryption protocols work in the same way as standard versions, but carry different names. Therefore, see how the algorithm functions if it sounds unfamiliar.
Number of Possible Cipher-Key Combinations in DES and AES
|Key Size||Possible Combinations|
|56-bit (DES)||7.2 x 10^16|
|64-bit||4.2 x 10^9|
|128-bit (AES)||3.4 x 10^38|
|192-bit (AES)||6.2 x 10^57|
|256-bit (AES)||1.1 x 10^77|
In truth, the 192-bit key option is not very popular among cryptographers. They prefer using AES-128 to encrypt data that is not highly important. Meanwhile, first-rate AES-256 encryption protects classified, top-secret information and users’ sensitive data.
The very process of encrypting your data with AES involves 10 rounds of cyphering for 128-bit keys, 12 rounds for 192-bit keys, and 14 rounds for 256-bit keys. During the process, your plain text message goes through substitution, transposition, and mixing of the input content to become an encrypted message.
AES is cyberattack-proof encryption. It would take billions of years for a supercomputer to break an AES-256 code. Furthermore, it offers faster encryption compared to DES and 3DES. Hence, AES is now a standard algorithm in almost any software.
Nonetheless, AES-256 requires computing power that may significantly slow down its execution on low-power devices. Therefore, Several consumer-grade apps use AES-128 instead of AES-256.
Widespread Encryption Algorithms – Final Words
Any of the above encryption algorithms is a safe choice if you need encrypted communications. Even the DES algorithm is secure for day-to-day usage. But nowadays, most programs use AES as it is the new encryption standard. Premium virtual private networks, for example, offer AES with 256-bit keys for maximum protection, as it provides trillions of possible combinations.
With that being said, encryption algorithms aren’t the only cybersecurity solutions you must consider. Firewalls, antivirus software, strong passwords, and VPNs consist the rest of your toolkit. Moreover, you must be aware of potential the cyberthreats that lurk online. That means avoiding shady websites, phishing emails, and malicious links.
Do you use tools that offer data encryption like VPNs? Tell us all about it below.