{"id":2071,"date":"2019-02-01T10:15:14","date_gmt":"2019-02-01T10:15:14","guid":{"rendered":"https:\/\/ibex.tech\/resources\/?p=2071"},"modified":"2024-10-26T14:04:27","modified_gmt":"2024-10-26T13:04:27","slug":"encryption-algorithms","status":"publish","type":"post","link":"https:\/\/ibex.tech\/resources\/geek-area\/security\/encryption-algorithms","title":{"rendered":"Encryption Algorithms"},"content":{"rendered":"\n

A few notes as we come across them on various encryption algorithms. Please note this isn’t intended to be an exhaustive or detailed list of everything, you should carry out your own research before selecting an encryption algorithm, don’t just blindly rely on comments like these here, they may be wrong or out of date!<\/em><\/p>\n\n\n\n

Hashing algorithms to use<\/h4>\n\n\n\n

A cryptographic hash function can be used to prove that something is unchanged, they basically force a malicious user to do an impossible amount of work to fake a change they’d like to get past it.<\/p>\n\n\n\n

SHA2<\/h5>\n\n\n\n

The SHA-2 family consists of six hash functions with digests (hash values) that are 224, 256, 384 or 512 bits: SHA-224, SHA-256, SHA-384, SHA-512, SHA-512\/224, SHA-512\/256.<\/p>\n\n\n\n

Has the advantage that is hardware-accelerated on basically any modern hardware, so usually it’s the fastest. There are well-optimized implementations and they typically run acceptably fast unless you’re dealing with really large files (e.g. hundreds of gigabytes).<\/p>\n\n\n\n

SHA256 is fast and gives the closest thing we have to a guarantee that even someone trying to cause a collision will not succeed.<\/p>\n\n\n\n

SHA3 (Keccak)<\/h5>\n\n\n\n

A more modern hash than SHA256.<\/p>\n\n\n\n

BLAKE2<\/h5>\n\n\n\n

Good<\/p>\n\n\n\n

BLAKE3<\/h5>\n\n\n\n

A more modern hash than SHA256.<\/p>\n\n\n\n

A good choice if working with huge files as it is a cryptographic hash that can run in parallel.<\/p>\n\n\n\n

SHA1<\/h5>\n\n\n\n

Do not use, no longer cryptographically secure.<\/p>\n\n\n\n

MD5<\/h5>\n\n\n\n

Do not use, no longer cryptographically secure<\/p>\n\n\n\n

xxhash<\/h5>\n\n\n\n

Do not use, not intended to be cryptographically secure.<\/p>\n\n\n\n

crc32<\/h5>\n\n\n\n

Do not use, not intended to be cryptographically secure.<\/p>\n\n\n\n

Encryption Algorithms<\/h4>\n\n\n\n

AES<\/h5>\n\n\n\n

Very efficient computationally.
Symetric not asymetric which is better for computation power.
AES128 – fine at todays standards. Used by many password apps etc
AES256 – VStrong<\/p>\n\n\n\n

Blowfish<\/h5>\n\n\n\n

Has resisted all attacks despite being quite old. However only has a 64bit block size (give it 64bits to encrypt at a time). This is considered too small these days. However has a slow key setup approach which whilst computationally intensive adds more security compared to other faster key setup methods.<\/p>\n\n\n\n

MD5<\/h5>\n\n\n\n

MD5 is completely broken. Widely used and used for many web SSL security certificates. Has recently become vulnerable to attack due to weaknesses that we’re not intended by the original desingners, allowing a new form of attack whereby fake valid SSL certificates have been created appearing to have been signed by a root authority (i.e. thawte etc).
MD5 without a salt is easily cracked by rainbow tables. Many password apps use it to store a hash of the users master password – without a salt its rubbish and the rainbow tables can be used to look up the source password.
Using with a salt removes the rainbow tables reverse engineer method and makes the hash much better.<\/p>\n\n\n\n

Replacements<\/p>\n\n\n\n