terms.html NetAction's Guide to Encryption: Appendices A and B

NetAction's Guide to Using Encryption Software

Appendix B:
What are the different kinds of algorithms that encryption software programs utilize?

The complexity of these algorithms prevents us from describing their workings in-depth in a guide intended for readers with limited technical knowledge of encryption, but here are some links and names that may be useful if you want to know more about the technical aspects of encryption software. You can always find more information on each algorithm (including ones that are not listed here) simply by searching for the algorithm's name on your favorite Internet search engine.

One interesting read is the PGP Diffie-Hellman vs. RSA FAQ, which discusses the effectiveness of various algorithms.

Advanced Encryption Standard (AES)

AES is the block cipher being developed as a successor to DES. (AES was not completed at the time this guide was published.) It operates under the symmetric key model. Some of the other encryption algorithms listed in this section were submitted as candidates to become AES. The selected algorithm is one called Rijndael (one suggested pronunciation: "rain doll"), a variant of an algorithm called Square.


Blowfish is a block cipher that employs the asymmetric key model. "Blowfish was designed in 1993 by Bruce Schneier as a fast, free alternative to existing encryption algorithms. Since then it has been analyzed considerably, and it is slowly gaining acceptance as a strong encryption algorithm. Blowfish is un-patented and license-free, and is available free for all uses." (Counterpane Internet Security: The Blowfish Encryption Algorithm)

Carlisle Adams/Stafford Tavares (CAST)

CAST is a group of ciphers. "CAST-128 belongs to the class of encryption algorithms known as Feistel ciphers; overall operation is thus similar to the Data Encryption Standard (DES)." (C. Adams, Entrust Technologies: The CAST-128 Encryption Algorithm) It operates under the symmetric key model.

"It is resistant to both linear and differential cryptanalysis. Currently, there is no known way of breaking CAST short of brute force. There are no known attacks on CAST with reduced rounds – it looks incredibly secure. CAST is now the default cipher in PGP." (PGP Diffie-Hellman vs. RSA FAQ: What is CAST?)

"CAST is a family of ciphers. Some of the other 'CAST' ciphers have succumbed to advanced attack. (Rijmen and Preneel have attacked some CAST designs and so have Kelsey, Schneier & Wagner.) The same attacks have been tried against the implementation of CAST used in PGP and have, thus far, failed." (PGP Diffie-Hellman vs. RSA FAQ: What is CAST?)

Data Encryption Standard (DES) and Triple-DES (3DES)

DES is the current standard encryption algorithm. "DES was developed in the 1970s by the National Bureau of Standards with the help of the National Security Agency" with an algorithm submitted by IBM. (The Next Wave: What is DES?) It operates under the symmetric key model.

"Unfortunately, over time various shortcut attacks were found that could significantly reduce the amount of time needed to find a DES key by brute force. And as computers became progressively faster and more powerful, it was recognized that a 56-bit key was simply not large enough for high security applications." (Tropical Software: DES Encryption (DES)

" On July 17, 1998 the Electronic Frontier Foundation (EFF) announced the construction of a DES brute-force hardware cracker (http://www.eff.org/descracker/). This $220,000 device can break a DES key in an average of 4.5 days." (Dr. Dobb's Journal: The Current State of DES)

Triple-DES is only a third as fast as DES, but uses three keys to effectively triple the key length to 168 bits, making the algorithm "billions of times more secure [than DES] if used properly." (Tropical Software: Triple DES Encryption [Triple DES])

Diffie-Hellman (and ElGamal, a derivative)

Diffie-Hellman is an encryption algorithm that employs the asymmetric key model.

"In 1976, Diffie and Hellman started an explosion of open research in cryptology when they first introduced the notion of public-key cryptography, which allows for new electronic means to handle key distribution in conventional cryptographic systems and for digital signatures in electronic messages." (Cylink Resource Library: Alternatives to RSA: Using Diffie-Hellman with DSS)

"The Stanford patent on the Diffie-Hellman technique... expired in 1997 and [the technique] is now in the public domain." (Cylink Resource Library: Alternatives to RSA: Using Diffie-Hellman with DSS)


GOST is the U.S.S.R. 28147-89 standard protection algorithm, analogous to the U.S.'s DES. "The algorithms are similar in that both operate on 64-bit blocks by successively modifying half of the bits with a function of the other half." (GOST encryption algorithm: Russian analogue to US Standard?)

International Data Encryption Algorithm (IDEA)

IDEA is a block cipher used in PGP. "IDEA, unlike the other block cipher algorithms discussed in this section, is patented by the Swiss firm of Ascom. They have, however, been generous in allowing, with permission, free noncommercial use of their algorithm, with the result that IDEA is best known as the block cipher algorithm used within the popular encryption program PGP." (IDEA (International Data Encryption Algorithm)


See "Data Encryption Standard (DES) and Triple-DES (3DES)"


"Twofish is a block cipher by Counterpane Labs. It was one of the five Advanced Encryption Standard (AES) finalists. Twofish is unpatented, and the source code is uncopyrighted and license-free; it is free for all uses." (Counterpane Internet Security: Twofish: A New Block Cipher) It operates under the symmetric key model.

Rivest-Shamir-Adelman (RSA)

RSA is a family of algorithms that employ the asymmetric key model. There are actually multiple incarnations of this algorithm; RC5 is one of the most common in use, and RC6 was a finalist algorithm for AES. Searching for how RSA works often yields a host of pages about how it works mathematically, because the U.S. patent on the RSA algorithm expired on September 21, 2000. (RSA Security, Inc. actually began offering the algorithm to the public before the 17-year-old patent expired.)

Back to Guide