encryption ciphers

Kee Nethery kee at kagi.com
Thu Jun 17 12:40:28 EDT 2010


> 
> My understanding is that AES is the worst (oldest), DES is better, DES3 is
> better, BLOWFISH is quick and simple and a good compromise between
> performance and security. I know nothing about RC or CAST, but I'm pretty
> sure RC is just a derivative of AES.

Security is not a question of "is it secure" but rather a question of "how long would it take to break through its security" or "how big of a threat do I need to provide so that you give me your keys". 

I'm listing these algorithims in relative strength, weakest to most secure (in my opinion so don't quote me). None of these (far as I know) have been "broken" they all just take varying amounts of time to brute force them.

DES (Data Encryption Standard) is the granddaddy and we have learned a bunch about encryption since then.
DES3 (or triple DES) is essentially doing the DES encryption 3 times and it extended the usefulness of DES
Blowfish (not an acronym) was designed to be a public domain, free for any to use, replacement for DES.
I think "BF" is a shorthand slang term for Blowfish. I've never seen that encryption system mentioned prior to this email.
CAST was submitted as a candidate for AES and it did not make the final 5
RC6 was submitted as a candidate for AES. It did make the final 5, but it was not selected.
Twofish was submitted as a candidate for AES. It did make the final 5, but it was not selected. From wikipedia: "The Twofish cipher has not been patented and the reference implementation has been placed in the public domain. As a result, the Twofish algorithm is free for anyone to use without any restrictions whatsoever. It is one of a few ciphers included in the OpenPGP standard (RFC 4880). However, Twofish has seen less widespread usage than Blowfish, which has been available for a longer period of time."
AES (Advanced Encryption Standard) is the replacement for DES (and DES3) and it is "fairly recent". It won the competition for the standard encryption system to be used going forward and should be considered the "best" as far as the USA is concerned.

kee nethery





More information about the use-livecode mailing list