An Epilogue to Cryptography

This is the last part of a three-part series covering encryption and decryption, with a focus on the algorithms used. If you have missed either the first or second part, I encourage you to check them out before reading this part.

Throughout this multi-part series we examined the coding of few individual encryption and decryption algorithms. Please keep in mind that none of them were ultimately secure. With the quantum leaps that technologies and computer resources have made nowadays, their decryption would be quite easy even without knowing the password at all. This makes breaking the encryption a simple matter. However, they do provide enough security for an average Joe or a casual computer user.

Here’s my personal advice: I’d recommend the use of professional encryption algorithms for everyday and office/work purposes where data is crucial and should be protected by extreme measures. Throughout this series my intention was to familiarize you, the reader, with some of the encryption algorithms rather than writing an article about the latest bleeding-edge bulletproof security application.

I am a true believer of learning by doing it myself. The best way to learn something, especially if it’s brand new to us, is by practicing… practicing a lot after the theories are grasped. Therefore, I have mainly focused on providing you with examples of those algorithms with ready-to-run and executable code. All you had to do was practice.

As I mentioned in the first part, I have purposefully reduced the complexity of the algorithms to make them "obviously simple," easy and comprehensible for a beginner. I focused more on comprehensibility than efficiency, security and future proofing. I am aware that there are tons of variations of those algorithms and different ways to code them – more efficiently, more secure, etc. – but our top priority was to understand what cryptography is all about.

Nonetheless, after we’ve done our homework, we can move on to more challenging algorithms. Gradual advancement is the best. This way we can see the dramatic changes more easily – regarding complexity, efficiency, security, etc.

Since this part is the epilogue of the series, we will discuss some of the most cutting-edge encryption algorithms that are currently used. It is crucial to understand that cryptography never creates something unbreakable. Encryption algorithms just became more and more complex until now, when breaking one without a secure password (long and complex) is almost impossible. This is true when using the correct, most secure encryption algorithms. But it depends on a lot of factors, such as how much time and resource the attacker is willing to spend. It is preferable that he or she abandons the task. 

Anyway, let’s check out a short list of up to date encryption algorithms.

{mospagebreak title=Encryption in Our Era}

Since you’ve gained enough understanding of the cryptology-mindset I invite you to look into and research the most secure and widespread algorithms. Out of these I’d like to mention the following:

AES – Advanced Encryption Standard – block cipher; currently accepted as the "encryption standard" by the United States.

IDEA - International Data Encryption Algorithm – block cipher that was used in PGP 2.0.

DES – Data Encryption Standard – cipher based on 56-bit key; has been replaced by the AES. It was considered an encryption standard before the release of AES, but it became gradually less secure due to its low bit key.

MSRC

FEAL – The Fast Data Encipherment Algorithm – designed as an alternative to the DES but over time it proved itself insecure.

ARC4-128bit

SSH - Secure Shell Host.

PGP – Pretty Good Privacy.

Public Keys.

Hashes.

Digital Signatures and et cetera.

These previously mentioned algorithms were (and some still are) the most widely-used and popular methods of cryptography. They were/are used everywhere and thousands of hundreds of people rely/relied upon them. Therefore, their user-base is huge and the bugs were/are sorted out in a very quick manner. You should not worry or have any doubts about using these. Currently the AES is considered the best encryption; it was considered an encryption standard by the National Institute of Standards and Technology in 2001, and it is still considered to be an encryption standard.

The NSA of the U.S. Government in 2003 declared the following about AES:

"AES is secure enough to protect classified information up to the TOP SECRET level."

This statement refers to the highest security level that’s possible. This kind of information is defined by NSA as being able to cause "exceptionally grave damage" if disclosed to public. AES went through rigorous experiments before receiving this acknowledgment. Its algorithm was developed by two Belgian coders; kudos to them.

It was designed to replace DES (56-bit keys). It brought innovative solutions to the cipher block changing (CBC) algorithms and indeed became more secure than DES. AES supports variable key lengths (a 128-bit key is the default, but it can also handle 192- and 256-bit keys). Its algorithm virtually guarantees that the only way to decrypt the message is by brute-forcing every possible key solution. There isn’t or should not be any workaround.

AES was also added as an encryption algorithm to provide security to IPSec. This brought another innovation as compared to VPN (virtual private networks). AES was more secure, and in one word: efficient!

Due to the high number of key-size variations, its security improved dramatically. That is mostly because the algorithm gets more complex, tough and hard exponentially. It does not just "scramble" the data. The encryption process is amazing.

Let’s assume that the chosen key for our AES encryption is 128-bit. Then we will have 3.4 x 10^38 possible combinations. On the other hand, DES has 7.2 x 10^16. Keep in mind the rate of exponential functions. The complexity of AES is awesome.

If we assume that a supercomputer is able to decipher a DES code in only one second (255^10 combinations per second) then that exact same supercomputer would need about 149 trillion years to break an AES-based 128-bit key encryption. That is a longer amount of time than our universe has existed (less than 20 billion years).              

Prior to the launch of AES its ex-standard DES algorithm was considered a standard by NSA for approximately twenty years. After twenty years of its existence, and with the help of the technological quantum leaps sustained by Moore’s Law, specialized proprietary multi-parallel processing hardware was built with one unique purpose – "DES-cracking." These devices succeeded in breaking the DES.

Considering the improved complexity of the AES compared to the DES (up to 256-bit keys versus 56-bit) and the dramatic changes in its algorithm, we can predict that it will be safe for a dozen years, even with the possible innovations in computing throughout the next decade. Right now, AES offers long-term security and efficiency. You should trust it.

This certainly does not means that we should forget about the rest and focus only on AES. Other algorithms might not offer the ultimate in security but they still provide extensive encryption and there’s a lot of headroom for further improvements. You may not know when a completely new encryption hits the market. It may happen tomorrow.

Anyway, here is some advice that is helpful with any encryption or validation algorithm: long and complex passwords drastically reduce the possibility that they will be broken. Choose wisely.

{mospagebreak title=Further Reading and References}

Through the years I have gathered some of the most comprehensive and best literature that is available. Here I am sharing my list with you, and I truly believe that you are going to be amazed by these works. Whether you are just a casual cryptography enthusiast, a student or an expert in this field, I am sure that you will enjoy these masterpieces.

As an honorable mention, I’d like to state that Bruce Schneier has written and/or co-authored some of the absolute best books and manuals about cryptography. Some of his books are used as textbooks and considered to be bibles of cryptography. Anyway, I’d express my respect toward all of these authors that appear in this list below. All of them have amazing expertise and vast amounts of knowledge.

"RSA Laboratories’ Frequently Asked Questions About Today’s Cryptography," Version 4.1.

CryptographyWorld website.

"Practical Cryptography" – Neil Ferguson, Bruce Schneier.

"Applied Cryptography" – Bruce Schneier (First Edition, Chapter 1.2.3.).

"Why Cryptography Is Harder Than It Looks" (essay) – Bruce Schneier.

"Computer Encryption, an overview and programming" – Kias Henry.

"Cryptography Decrypted" – H. X. Mel, Doris M. Backer, Steve Burnett.

"Obfuscation of The Standard XOR Encryption Algorithm" – Zachary A. Kissel

"One Way Hash Functions" – Bruce Schneier (Dr. Dobbs Journal: Volume 16, Issue 9 (September 1991); Pages: 148 – 151.

"Hacks, Spooks and Data Encryption" – A. Stevens (Dr. Dobbs Journal, Vol 15, No. 9, Sept 1990, pp 147-149.)

"The Index of Coincidence and Its Applications in Cryptography" – William F. Friedman (Riverbank Publication)

"Announcing the AES" – Federal Information Processing Standards; Nov, 2001.

I might have left out some of the most obvious literature, and as much as I regret it, more than likely it is because I couldn’t get my hands on it yet. But this should be enough for now. If you still want to research more, then I challenge you to do so.

I would also appreciate your recommendations if you come across some outstanding work.

{mospagebreak title=Conclusions}

We’ve arrived to the end of this series. I genuinely hope that you have enjoyed the ride as much as I have. It was amazing. In the first part I introduced you to the world of cryptography. I explained the basics and we wrote two simple algorithms. We implemented and coded them in C. Ultimately we saw the power of those algorithms. They were banal but turned our plaintext files into complete gibberish — ciphertext. I am also sure that it was a sort of pleasant feeling to find out that the decryption process works, too. We were able to recover the plaintext from the ciphertext.

In the second part we found out what XOR is all about. We learned about the XOR logical operator; we implemented and coded it into an encryption algorithm. It worked great, too! Then I explained three techniques for breaking it.

In this article, on the other hand, we’ve taken a look at up-to-date encryption algorithms. We’ve discussed AES since it is considered the best and is the standard right now. Then I gave my list of favorite literature on cryptography.

In conclusion, I am pretty confident that you have learned and grasped the main concepts throughout this three-part article. I also think that now you have a general understanding of cryptography and realize that it isn’t that mysterious at all. It can become very hard and complex, especially when it comes down to pure math and so forth. For these reasons, people tend to keep out of cryptography. I might have sparked some desires due to debunking myths and such…

Happy coding and have no fear — cryptography can be learned. But as much as you get into it, you will realize the vastness of the field. And you will end up perceiving that it is impossible to completely "learn" cryptography. That’s because it is infinite.

Keep on coding and be safe!

[gp-comments width="770" linklove="off" ]

chat