Login/Register
Comparison of DES, Triple DES, AES, blowfish encryption for data
Asked Answered
Solved aesblowfishdestripledes
M

9

143

Does anyone have pros and cons together for comparing these encryption algorithms ?

Misbelief answered 5/4, 2011 at 15:39 Comment(2)
This question would be a better fit at: security.stackexchange.comSquawk
Maybe you meant crypto.stackexchange.com? :)Manpower
F
253

Use AES.

In more details:

  • DES is the old "data encryption standard" from the seventies. Its key size is too short for proper security (56 effective bits; this can be brute-forced, as has been demonstrated more than ten years ago). Also, DES uses 64-bit blocks, which raises some potential issues when encrypting several gigabytes of data with the same key (a gigabyte is not that big nowadays).
  • 3DES is a trick to reuse DES implementations, by cascading three instances of DES (with distinct keys). 3DES is believed to be secure up to at least "2112" security (which is quite a lot, and quite far in the realm of "not breakable with today's technology"). But it is slow, especially in software (DES was designed for efficient hardware implementation, but it sucks in software; and 3DES sucks three times as much).
  • Blowfish is a block cipher proposed by Bruce Schneier, and deployed in some softwares. Blowfish can use huge keys and is believed secure, except with regards to its block size, which is 64 bits, just like DES and 3DES. Blowfish is efficient in software, at least on some software platforms (it uses key-dependent lookup tables, hence performance depends on how the platform handles memory and caches).
  • AES is the successor of DES as standard symmetric encryption algorithm for US federal organizations (and as standard for pretty much everybody else, too). AES accepts keys of 128, 192 or 256 bits (128 bits is already very unbreakable), uses 128-bit blocks (so no issue there), and is efficient in both software and hardware. It was selected through an open competition involving hundreds of cryptographers during several years. Basically, you cannot have better than that.

So, when in doubt, use AES.

Note that a block cipher is a box which encrypts "blocks" (128-bit chunks of data with AES). When encrypting a "message" which may be longer than 128 bits, the message must be split into blocks, and the actual way you do the split is called the mode of operation or "chaining". The naive mode (simple split) is called ECB and has issues. Using a block cipher properly is not easy, and it is more important than selecting between, e.g., AES or 3DES.

Forebear answered 5/4, 2011 at 22:4 Comment(2)
Being a bit of a nut, I would almost alway recommend AES256Grasso
Holy Sh*t, the NSA could crack DES in 1976 but kept encouraging its use up to 2002! Call me paranoid but am scared of the push for AESMccalla
G
26

All of these schemes, except AES and Blowfish, have known vulnerabilities and should not be used.
However, Blowfish has been replaced by Twofish.

Gerhart answered 5/4, 2011 at 15:42 Comment(0)
E
11

The encryption methods described are symmetric key block ciphers.

Data Encryption Standard (DES) is the predecessor, encrypting data in 64-bit blocks using a 56 bit key. Each block is encrypted in isolation, which is a security vulnerability.

Triple DES extends the key length of DES by applying three DES operations on each block: an encryption with key 0, a decryption with key 1 and an encryption with key 2. These keys may be related.

DES and 3DES are usually encountered when interfacing with legacy commercial products and services.

AES is considered the successor and modern standard. http://en.wikipedia.org/wiki/Advanced_Encryption_Standard

I believe the use of Blowfish is discouraged.

It is highly recommended that you do not attempt to implement your own cryptography and instead use a high-level implementation such as GPG for data at rest or SSL/TLS for data in transit. Here is an excellent and sobering video on encryption vulnerabilities http://rdist.root.org/2009/08/06/google-tech-talk-on-common-crypto-flaws/

Ensnare answered 5/4, 2011 at 16:14 Comment(3)
Why use of blowfish is discouraged? Isn't that the most secure one?Misbelief
@yogsma: Blowfish has a block size of only 64 bit (as it was meant as a drop-in replacement for DES in protocols), and thus gets problematic after some GB of data encrypted with the same key.Threegaited
@rohannes, why BlowFish is discouraged , I read somewhere in terms of performance BlowFish is better than AES look at this article on brighthub.comNoah
I
9

AES is a symmetric cryptographic algorithm, while RSA is an asymmetric (or public key) cryptographic algorithm. Encryption and decryption is done with a single key in AES, while you use separate keys (public and private keys) in RSA. The strength of a 128-bit AES key is roughly equivalent to 2600-bits RSA key.

Insignia answered 1/12, 2012 at 3:16 Comment(2)
can you provide the math backing this answer, or a source? I'd be interested to know how you came to the conclusion that 128-bit AES is roughly equivalent to 2600-bit RSA (I realize this is an old answer)Mitchell
@RussellUhl - I agree that the history of those numbers is an interesting question, even after 2 additional years of silence. :) Those numbers appear to be derivable from this PDF paper: eprint.iacr.org/2013/635.pdf titled Universal security - from bits and mips to pools, lakes – and beyond.Urethritis
N
4

Although TripleDESCryptoServiceProvider is a safe and good method but it's too slow. If you want to refer to MSDN you will get that advise you to use AES rather TripleDES. Please check below link: http://msdn.microsoft.com/en-us/library/system.security.cryptography.tripledescryptoserviceprovider.aspx you will see this attention in the remark section:

Note A newer symmetric encryption algorithm, Advanced Encryption Standard (AES), is available. Consider using the AesCryptoServiceProvider class instead of the TripleDESCryptoServiceProvider class. Use TripleDESCryptoServiceProvider only for compatibility with legacy applications and data.

Good luck

Nuzzle answered 2/12, 2012 at 11:45 Comment(3)
This is funny given that Microsoft still actively use TripleDES in some of their products for encryption (en.wikipedia.org/wiki/Triple_DES#Usage)Helfrich
@Tom you right but don't forget many soft-wares uses old technologies and that is take a time to adapt with new methods. Specially for huge companies like Microsoft, although i agree with you about needing to be update and this is bad when our company suggest some things and do other things.Nuzzle
Microsoft is notorious for backward compatibility. Their use of TripleDES falls directly under "only for compatibility with legacy applications and data".Ascending
C
1
DES AES
Developed 1977 2000
Key Length 56 bits 128, 192, or 256 bits
Cipher Type Symmetric Symmetric
Block Size 64 bits 128 bits
Security inadequate secure
Performance Fast Slow
Canoodle answered 14/12, 2017 at 9:27 Comment(1)
AES is faster than 3DES, especially on CPUs supporting AES-NI. (but even without that - DES was designed for fast hardware implementations, not software implementations) (Normal DES is slightly faster on some benchmarks, but 56bit keys make it unsuitable for any current use)Fete
F
1

enter image description here

DES is the old "data encryption standard" from the seventies.

Fulcher answered 16/12, 2017 at 5:38 Comment(0)
M
1

All of these schemes, except AES and Blowfish, have known vulnerabilities and should not be used.

All of them can actually be securely used if wrapped.

Here is an example of AES wrapping.

Much answered 16/8, 2021 at 1:0 Comment(0)
G
0

AES is the currently accepted standard algorithm to use (hence the name Advanced Encryption Standard).

The rest are not.

Gardiner answered 5/4, 2011 at 15:43 Comment(2)
Hence the name? How does then name "AES" indicate it should be used?Marmara
What about Data Encryption Standard ? Your logic "it has <standard> in name - hence this is what should be used" is quite flawed.Confessor

© 2022 - 2024 — McMap. All rights reserved.