Symmetric Algorithms – CompTIA Security+ SY0-501 – 6.2

Symmetric ciphers are some of the most commonly used encryption methods on the Internet. In this video, you’ll learn about DES, 3DES, RC4, AES, Blowfish, and Twofish.

<< Previous Video: Common Cryptography Use Cases Next: Block Cipher Modes >>

DES, or the Data Encryption Standard, was one of the most popular symmetric encryption algorithms in use. The United States National Security Agency had IBM create this encryption standard between 1972 and 1977, and it was part of FIPS, or the Federal Information Processing Standards. DES used a 64-bit block cipher, so it encrypted 64 bits of data at a time. And it used a 56-bit key, to be able to encrypt this information. Because of this very small key size, though, today, it’s very easy to brute force a DES key. And that’s why you’ll no longer see DES used for any practical purpose today.

A variant of DES called triple DES was used to extend the use of the DES cipher. Triple DES uses three different keys to be able to perform its encryption process. It actually performs three separate passes through the data. That’s the triple in triple DES. The first pass encrypts with the first key, the second pass decrypts the result of that with the second key, and the third pass performs an encryption of DES with the third key. We no longer use triple DES either. You’ll find that the advanced encryption standard, or AES, is the workhorse of encryption that you’ll commonly see used today.

Visually, this is how triple DES worked. We start with some plaintext, and we’ll perform a normal DES encryption by using the first key– or our DES key one– to create the ciphertext. We’ll then use that ciphertext and perform a DES decryption using a completely different key. Since this is a different key, this is obviously not going to create the original plaintext. It’s going to create some additional ciphertext. And for the third pass, we’re going to use that ciphertext along with the third key and perform a DES encryption to come up with the final ciphertext that’s used in triple DES.

Another legacy symmetric encryption algorithm is RC4, or Rivest Cipher 4. This was created by Ron Rivest. It was part of the original WEP standard that’s no longer in use in today’s wireless networks. It was also part of the SSL standard. But when TLS replaced SSL, we also replaced RC4.

One of the problems we ran into with RC4 is that it has what is called a biased output. That means if the third byte of the original state is zero and the second byte is not equal to two, then the second output byte is always zero. And it was this little quirk that caused us to deprecate the use of RC4, so it’s not very common to see this type of symmetric encryption used today.

What is undoubtedly the most popular symmetric encryption in use today is AES, or the Advanced Encryption Standard. This is also a standard of the United States federal government. It was added to FIPS 197 in the year 2001. It took five years to standardize on what would effectively be the replacement for DES. This used a block cipher that was twice the size of DES. You could encrypt 128 bits in a single pass. And AES supports 128, 192, and 256-bit key sizes.

It’s very common to see AES in use today. For example, if you’re communicating over a wireless network and all of that information is encrypted with WPA2, then you’re taking advantage of the AES symmetric encryption.

One of the challenges you’ll find with some encryption standards is that the use of them is limited by patents. That’s why Blowfish was created in 1993 to remove this limitation of patents. Blowfish uses a 64-bit block cipher, and you can have a variable length key that’s anywhere between 1 and 448 bits long. This is a very powerful cipher, and there is no known way to break the full 16 rounds of encryption that are used with Blowfish.

There’s an update to Blowfish that doubles the block size. This is Twofish, where you have a 128-bit block size, and you have key sizes up to 256 bits. And again, there was no patent. This is in the public domain, and anyone can take advantage of using Twofish for their applications.