Hashes
Primary hash algorithms
- MD5 – Insecure
- SHA (aka SHA-0) – Insecure
- SHA-1 – Insecure
- SHA-2 – Becoming insecure (avoid SHA-224 & SHA-256, use SHA-512/224 or SHA-512/256 where possible)
- SHA-3 – Secure
Password Storage
- Passwords must never be stored in-the-clear, must be at least salted & hashed
- “Key stretching” adds additional complexity to the hashing process (e.g. multiple iterations, encryptions etc)
- Three leading key stretching algorithms used with passwords: Bcrypt, PBKDF2, Argon2
Symmetric Encryption
- Symmetric encryption can only be used where both sender and receiver have a shared key
- Much more efficient than asymmetric encryptions
- Block cipher (splits data into blocks) vs Stream cipher (encrypts streams of data one bit at a time)
- Stream cipher more efficient than block cipher for continuous data but a key must never be reused
Common symmetric algorithms
- DES – original US government approved encryption algorithm (1977). Only 56 bit key strength. Deprecated in 1999.
- Triple DES – Multiple iterations of DES with two 56 bit keys. Overall 112 bit security. Deprecated in 2023.
- AES – US government approved encryption algorithm (2001). Multiple key length options: 128, 192, 256 bits.
- Blowfish – block cipher with key lengths from 32 to 448 bits. Blowfish uses 64 bit blocks, a similar algorithm, Twofish uses 128 bit blocks.
Asymmetric Encryption
- Asymmetric encryption is required where the sender and receiver do not have a shared key.
- Typically asymmetric encryption is only used to pass an ephemeral (one-time-use) key with the main transmission being done using the more efficient symmetric encryption.
- Requires access to cryptographically strong (unpredictable) random numbers for ephemeral keys
Common asymmetric algorithms
- Diffie-Hellman key exchange
- ElGamal – based on Diffie-Hellman
- RSA – normally used in SSL/TLS – 1024 bit keys deprecated 2010, 2048 bit keys expected to be deprecated 2030, 4096 bit keys from then on
- Elliptic curve cryptography – used by lower power devices