What is a sufficient encryption? DES, SHA1, RSA, AES, DESX, RC4, MD5-RSA, SHA1-DSA, X.509 certificate?

From PenguinSecurityWiki

Jump to: navigation, search

Source: TechTarget.com

You've given a mass of things, not all related, so here's a brief description of each:

Contents


DES

DES is venerable old symmetric cipher, so don't use it any more. It's not sufficient. Triple-DES is still secure, but there are better selections in the absence of other considerations. The obvious better choice is AES, which replaces Triple-DES as a NIST standard (more on it below). Other better choices include the other two unencumbered AES finalists, Twofish or Serpent, as well as CAST-128, which still has a good mix of speed and security. All of these are not only more secure than DES, but faster than it. Why use something that is slow and not secure?

SHA1

SHA1 is a hash function, not an encryption function. As a hash function, it's still standing, but there will be better choices in a few years. If you're designing a new system, keep in mind that you may want to replace it in a couple years. I repeat the word may.

RSA

RSA is a public key algorithm. Use it with key sizes of 2048-4096 bits. If you have an existing system that's using 1024 bit public keys, I wouldn't panic, but you can do better.

AES

AES is the replacement for DES. It comes in 128, 192 and 256 bit versions, and any of the three are fine. Even the U.S. government thinks so. They approved 128-bit AES for classified data and the 192 and 256-bit versions for secret and top secret data.

DESX

DESX was an attempt to strengthen DES. It uses a random blob to XOR on the data before encrypting and after decrypting. There are some subtle attacks on this technique, and while certainly better than DES alone, it isn't up to snuff against the many options you have. I once worked on a system that had hardware DES support; we used DESX to improve DES in a couple of places where we couldn't afford the speed overhead of Triple-DES. That is, however, a very specialized situation. If you need to use DESX, the reasons will be obvious (and similar to when I had to use it). Use AES or one of the other alternatives I mentioned above.

RC4

RC4 is a stream cipher commonly used in SSL connections. It has frayed over the years, and there are enough known and suspected flaws that you shouldn't use it for new projects. If you are presently using it and can easily remove it, it wouldn't be a bad idea. However, I suspect that if you're using it, you can't easily remove it. If you can't easily remove it from an existing system, consider how you might upgrade in the future, but don't panic. I wouldn't refuse to buy from a Web site that's using RC4 in their SSL, but if I were building a new one, I'd use something else, like AES.

I presume that when you talk about the next two, MD5-RSA and SHA1-DSA, you're talking about digital signatures. Don't use MD5; it has flaws in it. There have been cracks in it for years, and they finally opened up this last summer. If you want to read a longer discussion of this, take a look at an article I wrote here. You can use SHA1 with either RSA or DSA. DSA presently is defined for up to 1024-bit public keys, which is large enough that there's no need for panic. However, it will be better when NIST finishes the parameters for larger keys.

An X.509 certificate is a data structure; it is a way to order bits and bytes, not a cryptosystem itself. It typically holds an RSA key, but it could also hold a DSA key. It's not encryption in and of itself.

Personal tools