# What are the crypto algorithm Top Ten?

Discussion in 'privacy technology' started by Devinco, Jul 11, 2004.

Not open for further replies.
1. ### DevincoRegistered Member

Joined:
Jul 2, 2004
Posts:
2,524
Hi all,

What are the current Top Ten of encryption algorithms?
Consider they would each have the same bit strength (either 128 or 256).
From what I understand, AES was a competition that Rijndael won, so does AES equal Rijndael?
Number 1 would be the one that is hardest to crack.
Here are the impressions that I have of the top 10:

1. AES/Rijndael (if they are the same thing)
2. Twofish
3. BlowFish
4. 3DES
5. ?
6. ?
7. ?
8. DES
9. MD5
10. WindowsXP Pro native file encryption

Opinions, comments, and insights are appreciated.

2. ### ronjorGlobal Moderator

Joined:
Jul 21, 2003
Posts:
65,881
Location:
Texas

Here is an interesting page. Kremlin

3. ### FanJGuest

Hi,

What kind of "crypto algorithm" do you mean?

There are different kind of encryption techniques.
A very nice introduction can be found here:
http://hotwired.lycos.com/webmonkey/backend/security/tutorials/tutorial1.html

Quotes:

In this tutorial, you'll learn something or another about the common, Web-based uses for the following basic encryption techniques

Asymmetric key-based algorithms. This method uses one key to encrypt data and a different key to decrypt the same data. You have likely heard of this technique; it is sometimes called public key/private key encryption, or something to that effect.
Symmetric key-based algorithms, or block-and-stream ciphers. Using these cipher types, your data is separated into chunks, and those chunks are encrypted and decrypted based on a specific key. Stream ciphers are used more predominantly than block ciphers, as the chunks are encrypted on a bit-by-bit basis This process is much smaller and faster than encrypting larger (block) chunks of data.
Hashing, or creating a digital summary of a string or file. This is the most common way to store passwords on a system, as the passwords aren't really what's stored, just a hash that can't be decrypted.

- end quotes -

We had in the past here at Wilders a dedicated sub-forum for NISFileCheck, one of the best file-integrity-checkers; alas it is no longer maintained .
You can find that forum in the Archive at the bottom of the Wilders-board.
In the guidelines thread you can find several links, but several of them are no longer available (sorry for not having maintained that thread anymore).

PS-1:
NISFileCheck was made by Albjan, based on ideas of Joseph, and with input from several others.

PS-2:
I had a quick look at that Kremlin site.
I have to admit that I'm a little bit surprised not to see mentioned:
HAVAL : 128, 160, 192, 224, 256; number of passes .....
SHA : SHA1 was mentioned, but: 256, 384, 512 ...
CryptoSuite from DiamondCS: http://www.diamondcs.com.au/cryptosuite/

PS-3:
One of the most well known writers/experts about Cryptography is Bruce Schneier.
DiamondCS has his standard book and several others at their site:
http://www.diamondcs.com.au/index.php?page=books&cat=crypto

4. ### DevincoRegistered Member

Joined:
Jul 2, 2004
Posts:
2,524
Thank you ronjor. The page is very useful.
From it I learned several things:
AES (Advanced Encryption Standard) is only a standard not an algorithm.
Within the AES is the Federal Information Processing Standard (FIPS).
Of the several competing algorithms, Rijndael won and is now FIPS/AES approved.
Also, MD5 is not a block cipher (for encrypting files), it is a hash algorithm used for checksums.

What do they mean by round?
Does it mean that you encrypt a file and it is one round? If you encrypt the already encrypted file, two rounds?

So taking into account this new information, here are my revised encryption algorithm Top Ten. The rank is only based on my impressions of information I read.

1. Rijndael
2. Twofish
3. BlowFish
4. IDEA
5. 3DES
6. CAST
7. MARS
8. Serpent
9. DES
10. WindowsXP Pro native file encryption

So, the question remains, what do you think?
Would you change the order or substitute a different one?
Or do you think the comparison is unfair comparing apples to orang..er...twofish?

Thanks

5. ### FanJGuest

Counterpane:
http://www.counterpane.com

You will find there also links to books by Bruce Schneier (Founder and CTO of Counterpane), and you can also from there subscribe to his monthly newsletter.

The always nice List of Lists about checksum tools:
http://lists.gpick.com./pages/Checksum_Tools.htm

To quote from the sig of CrazyM:
The best thing we can do in cyberspace is exactly what we do in the real world: do our best to manage the risks."
- Bruce Schneier

6. ### ronjorGlobal Moderator

Joined:
Jul 21, 2003
Posts:
65,881
Location:
Texas

Actually, rot 13 throws me for a loop! I couldn't tell you the safest encryption to use.

I'm sure others will be along to give their thoughts.

I use the little Kremlin program and I use blowfish. I've been using it since 1998 migrating from Win98 to XP. It takes care of my modest needs.

7. ### DevincoRegistered Member

Joined:
Jul 2, 2004
Posts:
2,524
Hi FanJ,

Thank you for the reply. I am learning more about cryptography in a few minutes time then I previously knew in several years!

I guess I am talking about Symmetric key-based algorithms (one password/key to encrypt and decrypt). Which algorithms are most secure (in descending order) for encrypting/decrypting a file with one password.

What is NISFileCheck?

From what I understand, CryptoSuite is an encryption program that uses both the Rijndael and Twofish algorithms in a fixed sequence rather than being an algorithm itself.

The book looks interesting, but is probably too heavy (mathematically) for me. I will look at the link you provided and learn more.

I am still interested in what are your preferred Symmetric key-based algorithms.

Thanks!

8. ### FanJGuest

Hi Devinco,

For the moment your question about "What is NISFileCheck?" is the easiest one to answer for me.

What can it do for you?

It is able to tell you whether files are changed, deleted, newly added.
In my humble opinion this is an important part of your security set-up.
Of course, not ANY doubt about that, your AV/AT/anti-spyware/firewall are very important parts of your security set-up.
But it could be that for example your AV hasn't published a definition for a new malware.
A file-integrity-checker, along with a registry-integrity-checker like RegRun Gold, could warn you about file (registry) changes.
I myself DO want to know which files are changed on my system.
A file-integrity-checker does not tell you why a file has been changed (or what change was made, nor whether it was legitimate) -it is up to the user to decide on that-; nevertheless I strongly believe in the value of such kind of information.

There are several file-integrity-checkers available, to name a few:
File Checker from Javacool;
ADinf32 (Pro) from the same company that makes the AV Dr.Web;
Inspector in KAV Personal Pro.
Note: all three of them does not run in real time; FileChecker from Javacool in near-real time.

A program like Process Guard from DiamondCS is also extremely valuable in this respect to monitor in real time changes in important files.

9. ### DevincoRegistered Member

Joined:
Jul 2, 2004
Posts:
2,524
I see, so NISFileCheck uses a hash encryption algorithm to create a file's checksum then monitors it for changes and alerts you of a change.
Thanks.

I am primarily interested in encrypting a file with a symmetric key-based algorithm (one password/key to encrypt and decrypt).
I would still like to know your and other people's top ten encryption algorithms. It doesn't need to be a scientific test, just your opinions and impressions from what you have read or learned.
Here are mine so far:

1. Rijndael
2. Twofish
3. BlowFish
4. IDEA
5. 3DES
6. CAST
7. MARS
8. Serpent
9. DES
10. WindowsXP Pro native file encryption

10. ### ronjorGlobal Moderator

Joined:
Jul 21, 2003
Posts:
65,881
Location:
Texas

This would be one of the people to ask. His email is at the bottom of the page.

11. ### DevincoRegistered Member

Joined:
Jul 2, 2004
Posts:
2,524
I will contact some authorities on encryption and post the knowledge gleaned.

Thanks

Last edited: Jul 15, 2004
12. ### RoninGuest

The thing is this poll is useless, only professional crypto people who keep up with developments will be able to tell you without completely guessing.

That said some comments of a complete lay person.

Won the race for AES to replace the aging 3DES. Does not mean it's most secure however, since the winner must not only be most secure, but must provide reasonable performance.

The paranoid might even speculate that because the NSA has choosen this, perhaps they know of a viable attack against it.

On the other hand, as the chosen standard, it is and has being subject to more attacks than any of the other finalists, and is likely to be more tested.

These 3 were finalists + MARS, RC6? in the AES contest I believe. From what I have read, these 2 were considered slightly more secure, but slower. Serpent espically is described by some as a slower but more secure Rijndael[

The older generation of symmetric cyphers.

Insecure.

13. ### KhaineRegistered Member

Joined:
Oct 2, 2002
Posts:
127

For starters AES is an algorithm because it is a standard and the standard is now Rijndael, so it is acceptable to saw AES is an algorithm. Second Serpant was a AES finalist, it uses 128 bit blocks and is considered the more securer of the finalists, blowfish is bad for very large files (read 300 gigabytes) IDEA, Cast and DES have all been cracked, 3DES is barely secure, it is unadvisable for long term use, and MARS is not really tested. Finally Windows XP normally uses 3DES.

Read applied cryptography that will explain alot

Joined:
Jan 23, 2003
Posts:
667
Location:
16. ### DevincoRegistered Member

Joined:
Jul 2, 2004
Posts:
2,524
This post has been very useful to me, at least, and your comments are much appreciated. You are right, a crypto professional would add authority to the ranking. However, a lot can be learned from the shared knowledge and experience of "lay people".

Thank you

17. ### DevincoRegistered Member

Joined:
Jul 2, 2004
Posts:
2,524
Thank you Khaine!
This clears up several things.
The book looks interesting. I like that it is written for general readers and not just math geniuses.

18. ### DevincoRegistered Member

Joined:
Jul 2, 2004
Posts:
2,524
Re: What are the crypto algorithm Top Four?

Hi Everyone,

I have been contacting several encryption authorities and received answers to my questions from one. The encryption authority was very kind in replying to my questions. Unfortunately, on my initial contact, I did not ask if I could quote the person in a post here on Wilders. So I sent a second email asking permission three days ago. I have not received a reply yet and I don't want to delay this post more than necessary. So the encryption authority will remain anonymous until I receive permission.
The following are my own opinions which have been directly influenced by knowledge learned from the encryption authority:

There are different criteria that could be used to make such a selection. But I would drop DES and Blowfish from the list. DES because the key is too short, and Blowfish because I don't feel its design has enough academic rigor, especially in the lack of analysis that went into the design. Twofish is far better than Blowfish.

All of the rest are algorithms that I would trust to encrypt anything of importance. But I would not use 3DES for some applications simply because it is too slow, especially for a speed critical applications such as disk encryption. MARS is too complex for my taste, requiring too much fancy hardware to implement. Serpent is too slow in software, but is strong enough for protecting anything I care about.

I would tend to just stick with AES, simply because it's the new standard. Twofish may be slightly stronger, but I think it does not matter much, because no one knows of an attack on AES that requires less than key exhaustion to complete.

For 128 bit keys and 64 bit blocks, I like CAST and IDEA, but I would prefer CAST because it has no patent royalty.

I would not even consider number 10, because I am not familiar with whatever peer review it has received.

So, based on all of the info obtained so far including your posts, my Crypto Algorithm Top Ten has really become the Top Four:
(encryption performance and strength considered)

1. AES (Rijndael)
2. Twofish
3. Serpent
4. 3DES

Before I posted this question, all these encryption algorithms had cool names but were basically meaningless. Now I have a basis for comparing the security and perfomance of any software that uses encryption and a way to learn more.

Thank you very much.

19. ### luv2bsecureInfrequent Poster

Joined:
Feb 9, 2002
Posts:
713
Hi Devinco,

You invited me over to this thread to offer my opinions and I'm afraid they are just that. It's very difficult to actually rank algorithms in a top ten because there are many variables in these block ciphers. For example, Triple-DES is considered very secure, but a bit slow. I'm talking 3DES, remember, not the old AES "DES" (though 3DES was an interim AES after DES was cracked)......Most consider the fact that Triple-DES has been around a while to be an asset and not a liability. Triple-DES has never been cracked. It is still considered extremely solid.

The new AES, Rijndael, is a solid algorithm, but has a few detractors because of attacks based on modelling. At any rate, it would be a long time to bring a serious attack against AES. Of course, there are those who would not use it simply because it is NIST approved. But, remember, the NSA told NIST that all of the AES finalists were secure enough to be the new standard. Also remember that all of the AES applicant algorithms were submitted with source code and Rijndael is, in fact, open-source and any "back door" (IMO) would have long been found.

All of the AES applicants had to have a block size of 128-bits. That does not mean that the "older" 64-bit ciphers are insecure. For example, Triple-DES (especially) and Blowfish are considered very secure. Many prefer using them because the peer review, etc. has proven their worthiness, whereas many of the newer generation cyphers are just that - new. Some think too new.

I DO have a favorite among the 128-bit ciphers - Serpent. It was the runner-up to Rijndael for AES, and probably would have been chosen had it not been for Rijndael's (pronounced "rain doll" if confused) relative speed. All of the finalists were, practically speaking, as secure as the next, but speed and other usability issues were also considered. Here's a good paper to read on Serpent: http://www.ftp.cl.cam.ac.uk/ftp/users/rja14/serpentcase.pdf

Oh, by the way, I think there was a post saying that CAST had been broken. Here's where you have to be careful. The older CAST5, was in fact, broken. The CAST256, which was an AES candidate is solid as a rock.

Finally, as important as the algorithm is, something that is often overlooked is the implementation of any cipher into a piece of software. Just any old encryption "program" won't suffice for true security as the implementation of the cryptography must be sound. That is harder than some make it look. Without going into great detail, many programs use the strongest algorithms, but their implementation leaves the information wide open to attack. That's where we get into hashing, etc. (for another post).....

In the interest of remaining true to your "top-ten' thread, I'll throw ten out. Take it for what it's worth. Read: not much. All in the list are all good.

1. Serpent
2. AES
3. Triple-DES
4. CAST128/CAST256
5. Twofish
6. Blowfish
7. MARS

You know, that's as far as I would be willing to go. Anything else is just info overload as most all good crypto programs will utilize at least AES and one, two, or several of the others.

No "secret" or "proprietary" algorithms in any program - ever! If there is a big no-no, that's it.

And remember, developer implementation and end-user knowledge are close on the heels of algorithm choice as keys to quality encryption. But, that's another post as well.

That's my take, for what it's worth.

John
Luv2BSecure

.

20. ### GlobalForceRegular Poster

Joined:
Jun 30, 2004
Posts:
3,581
Location:
Garden State, USA

21. ### DevincoRegistered Member

Joined:
Jul 2, 2004
Posts:
2,524
Thank you John!

Just a couple of things about 3DES:

In this thread, Khaine mentioned that the built in Windows XP Pro encrypted file system(EFS) uses 3DES. Is this correct?

Recently, there was an article at Tom's Hardware about Computer Forensics: EnCase
If EFS uses 3DES, do you think EnCase easily broke 3DES because 3DES is not strong enough? Or do you think it was poor implementation of 3DES that EnCase was able to sidestep the encryption by other means?

22. ### luv2bsecureInfrequent Poster

Joined:
Feb 9, 2002
Posts:
713
I think Tom's Hardware should stick to reviewing motherboards. That article was full of inaccuracies and was a puff piece for EnCase. I am familiar with many of the hardware forensics tools and EnCase is the one of the more well-known. One thing from the article that was completely ridiculous:

That's ridiculous. I bolded the sentence that made me laugh. I guess it all depends on who's doing the hiding! Also, "The act of trying to erase your files.....blah, blah, blah." First, I should say that I'm all for using forensics to apprehend legitimate criminals with plans on their computers. But, computer forensics is misused in many investigations and the tools are used in other settings other than criminal investigation that makes it a threat to privacy. With that said, a couple of those statements were balderdash. They do attempt, in some trials, to admit evidence of the presence of the "scrubbers" as, somehow, proof in itself that criminal activity was taking place. Most often, (at least in the USA) it is easily blown-over by a simple defense objection as to irrelevancy of the presence of the software itself as it has many uses as we all know and it's not all to cover the tracks of criminality.

Yes and no. In most cases the answer is no and this is what the article is referring to. The Windows EFS uses a variation of the old DES called "DESX"....at least that is the default option and the one used by the vast majority of uninformed users. This can be and has been broken many times. However, to use the strong encryption of 3DES it must be enabled.
http://www.microsoft.com/resources/...windows/xp/all/reskit/en-us/prnb_efs_ijvx.asp

And here to learn about enabling Triple-DES using Windows EFS:
http://www.microsoft.com/resources/...windows/xp/all/reskit/en-us/prnb_efs_cbhn.asp

Remember, EnCase is not a tool to "crack encryption" as the article would lead you to believe. To break strong encryption (properly used) requires a lot of money and more time than we have in our lifetimes. Like I said, that was a serious puff piece by Tom's Hardware.

Hope this helps.

John
Luv2BSecure

23. ### DevincoRegistered Member

Joined:
Jul 2, 2004
Posts:
2,524
John,

This is great information, many thanks!!

As far as the Windows EFS, this is so typical of Microsoft to leave its users with ineffective security, encryption is no exception. Based on this and their long term poor security track record, I wouldn't use EFS even with 3DES. Their implementation is more than likely to be flawed. (Although I have no proof of this)

The article about Serpent was also very informative.

I am curious about why you ranked Twofish below Triple-DES?
Twofish (described by the anonymous but well known expert in this thread) is slightly stronger than AES. Twofish also has 128-bit block size versus Triple-DES 64-bit block size.
I am also curious about why you ranked Twofish below CAST128/CAST256?
I am not looking for scientific mathematical evidence, just your general reasoning behind the Twofish ranking.

1. Serpent
2. AES
3. Triple-DES
4. CAST128/CAST256
5. Twofish
6. Blowfish
7. MARS

24. ### luv2bsecureInfrequent Poster

Joined:
Feb 9, 2002
Posts:
713
Here's where I would remind you of this:
That's why I debated doing the "top ten"....it's really hard to do and really of no significance ranking wise. I would think "Here's ten and they're all solid," is probably more realistic.

I place Triple-DES high for the simple reasoning that it's an older and proven algorithm. The 128-bit ciphers are all fairly new. If we are talking about today, 3DES is hard to beat - 64 blocks or not. I know some very good cryptographers who swear by it and argue that it's probably the safest of them all - today. AES was selected from this time forward into the future - with the emphasis being on the future. We can't forget that no matter how the mathematics look in modeling, all of the 128-bit ciphers are new. New is not always good. New, in this case, means, "It all sure looks good, but there's not a lot of mileage under its belt to see if it can stand up to years of scrutiny." Triple-DES has taken all attacks for quite some time. It's extremely safe in the near term. I don't take the view that all 128-bit ciphers are, by default, safer than anything 64-bit. Like I said - there's a lot of variables. We haven't even discussed hashing, reducing/increasing rounds, ease of implementation, processing power required, etc.

Quickly, as for the Twofish-AES question. There are pluses to both. The final vote on the top-3 AES finalists were:
Rijndael - 86
Serpent - 59
Twofish - 32

However, on the negative vote, it was:
MARS - 83
RC6 - 37
Twofish - 21

So, in reality, Twofish was a middle of the roader in the selection process, with many pros, but obvious negatives. But again, realistically, the finalists were all strong and "ranking" algorithms is a tricky business.

It sounds like this is something that really interests you - and that's great. I would encourage you to take the plunge and read the final NIST paper on the AES selection:
http://csrc.nist.gov/CryptoToolkit/aes/round2/r2report.pdf
It goes over all of the finalists in great detail and you'll see how it was truly difficult to select an AES. They had to select one - and they did. A good argument could be made, frankly, for (almost) all of them. After reading the final report, reading all of the officially submitted "public comments" would be a good next step. They are a gathering of many documents with papers submitted in support of a certain algorithm, as well as submitted papers arguing against others. It makes for interesting reading and gives you an idea as to why it was as difficult a selection as it was.

It's not all technology. Remember, first and foremost it is mathematics. Then it is applied mathematics, only then does it become proposed technology and finally an algorithm that is implemented (or not) in software.

.

Last edited: Aug 14, 2004
25. ### DevincoRegistered Member

Joined:
Jul 2, 2004
Posts:
2,524
Thank you very much for your time and the knowledge!

I will read the NIST paper on the AES selection, it looks very interesting. If they don't throw too many formulas at me, I'll be okay. There's A LOT of info there and it will take me some time to process.

Knowing what I do now, I would have named this thread something different.
But if I didn't create this thread, I wouldn't know what I do now!

Thanks again!