Comparison of DES, Triple DES, AES, blowfish encryption for data

by

Use AES.

In more details:

  • DES is the old “data encryption standard” from the seventies. Its key size is too short for proper security (56 effective bits; this can be brute-forced, as has been demonstrated more than ten years ago). Also, DES uses 64-bit blocks, which raises some potential issues when encrypting several gigabytes of data with the same key (a gigabyte is not that big nowadays).
  • 3DES is a trick to reuse DES implementations, by cascading three instances of DES (with distinct keys). 3DES is believed to be secure up to at least “2112” security (which is quite a lot, and quite far in the realm of “not breakable with today’s technology”). But it is slow, especially in software (DES was designed for efficient hardware implementation, but it sucks in software; and 3DES sucks three times as much).
  • Blowfish is a block cipher proposed by Bruce Schneier, and deployed in some softwares. Blowfish can use huge keys and is believed secure, except with regards to its block size, which is 64 bits, just like DES and 3DES. Blowfish is efficient in software, at least on some software platforms (it uses key-dependent lookup tables, hence performance depends on how the platform handles memory and caches).
  • AES is the successor of DES as standard symmetric encryption algorithm for US federal organizations (and as standard for pretty much everybody else, too). AES accepts keys of 128, 192 or 256 bits (128 bits is already very unbreakable), uses 128-bit blocks (so no issue there), and is efficient in both software and hardware. It was selected through an open competition involving hundreds of cryptographers during several years. Basically, you cannot have better than that.

So, when in doubt, use AES.

Note that a block cipher is a box which encrypts “blocks” (128-bit chunks of data with AES). When encrypting a “message” which may be longer than 128 bits, the message must be split into blocks, and the actual way you do the split is called the mode of operation or “chaining”. The naive mode (simple split) is called ECB and has issues. Using a block cipher properly is not easy, and it is more important than selecting between, e.g., AES or 3DES.

More Related Contents:

  1. Java 256-bit AES Password-Based Encryption
  2. Using AES encryption in C#
  3. InvalidKeyException Illegal key size
  4. How to add/remove PKCS7 padding from an AES encrypted string?
  5. Javascript AES encryption [closed]
  6. Java default Crypto/AES behavior
  7. How to decrypt OpenSSL AES-encrypted files in Python?
  8. Java AES and using my own Key
  9. How to encrypt file from SD card using AES in Android?
  10. IllegalBlockSizeException when trying to encrypt and decrypt a string with AES
  11. Encrypt and decrypt with AES and Base64 encoding
  12. AES encryption in swift
  13. How to encrypt or decrypt with Rijndael and a block-size of 256 bits?
  14. AES interoperability between .Net and iPhone?
  15. How to decode a string encoded with openssl aes-128-cbc using java?
  16. AES Encrypt String in VB.NET
  17. How to create a secure random AES key in Java?
  18. How to decrypt password from JavaScript CryptoJS.AES.encrypt(password, passphrase) in Python
  19. How to do AES256 decryption in PHP?
  20. What’s wrong with nodejs crypto decipher?
  21. AES Encrypt in CryptoJS and decrypt in Coldfusion
  22. java.security.NoSuchAlgorithmException:Cannot find any provider supporting AES/ECB/PKCS7PADDING
  23. What (pure) Python library to use for AES 256 encryption? [closed]
  24. AES (aes-cbc-128, aes-cbc-192, aes-cbc-256) encryption/decryption with openssl C
  25. How to do encryption using AES in Openssl
  26. PyCrypto problem using AES+CTR
  27. Is it possible to encrypt data with AES (256 bit) GCM mode in .net framework 4.7?
  28. AES string encryption in Objective-C
  29. Java AES 128 encrypting differently to openssl
  30. AES/CBC/PKCS5Padding vs AES/CBC/PKCS7Padding with 256 key size performance java

Leave a Comment