CompTIA Security_ Deluxe Study Guide_ SY0-201 - Emmett Dulaney [174]
Working with Symmetric Algorithms
Symmetric algorithms require both ends of an encrypted message to have the same key and processing algorithms. Symmetric algorithms generate a secret key that must be protected. A symmetric key—sometimes referred to as a secret key or private key—is a key that isn’t disclosed to people who aren’t authorized to use the encryption system. The disclosure of a private key breaches the security of the encryption system. If a key is lost or stolen, the entire process is breached. These types of systems are common, but the keys require special handling. Figure 7.4 illustrates a symmetric encryption system; in this example, the keys are the same on each end.
FIGURE 7.4 Symmetric encryption system
Typically, a new key isn’t sent across the encrypted channel (if the current key has been compromised, the new key may also be compromised). Keys are sent using an out-of-band method: by letter, by courier, or by some other method. This approach may be cumbersome, and it may leave the key subject to human error or social engineering exploitation.
The other disadvantage of a symmetric algorithm is that each person who uses the encryption algorithm must have the key. If you want 50 people to access the same messages, all 50 people must have the key. As you can imagine, it’s difficult for 50 people to keep a secret. On the other hand, if you want to communicate with 50 different people in private, you need to know who uses which key. This information can be hard to keep straight—you might spend all your time trying to remember who uses which key.
Encryption methods usually use either a block or stream cipher. As the name implies, with a block cipher the algorithm works on chunks of data—encrypting one and then moving to the next. With a stream cipher, the data is encrypted a bit, or byte, at a time.
Several successful encryption systems use symmetric algorithms. A strong algorithm can be difficult to break. Here are some of the common standards that use symmetric algorithms:
Data Encryption Standard The Data Encryption Standard (DES) has been used since the mid-1970s. It was the primary standard used in government and industry until it was replaced by AES. It’s a strong and efficient algorithm based on a 56-bit key. (Strong refers to the fact that it’s hard to break.) A recent study showed that a very powerful system could break the algorithm in about two days. DES has several modes that offer security and integrity. However, it has become a little dated as a result of advances in computer technology, and it’s being replaced. For its time, it was one of the best standards available.
Advanced Encryption Standard Advanced Encryption Standard (AES) has replaced DES as the current standard, and it uses the Rijndael algorithm. It was developed by Joan Daemen and Vincent Rijmen. AES is now the current product used by U.S. governmental agencies. It supports key sizes of 128, 192, and 256 bits, with 128 bits being the default.
For more information about Rijndael (AES), see its website at http://csrc.nist.gov/encryption/aes/rijndael/.
AES256 AES256 (also often written as AES-256) uses 256 bits instead of 128. This qualifies for U.S. government classification as Top Secret.
Triple-DES Triple-DES (3DES) is a technological upgrade of DES. 3DES is still used, even though AES is the preferred choice for government applications. 3DES is considerably harder to break than many other systems, and it’s more secure than DES.
CAST CAST is an algorithm developed by Carlisle Adams and Stafford Tavares (hence the name). It’s used in some products offered by Microsoft and IBM. CAST uses a 40-bit to 128-bit key, and it’s very fast and efficient.
Rivest’s Cipher RC is an encryption family produced by RSA laboratories. RC stands for Rivest’s Cipher or Ron’s Code. (Ron Rivest