Questions about this topic? Sign up to ask in the talk tab.

Difference between revisions of "List of cryptography functions"

From NetSec
Jump to: navigation, search
(Created page with "{| {{table}} |+ Encryption Quick Reference | align="center" style="background:#f0f0f0;"|'''Name''' | align="center" style="background:#f0f0f0;"|'''Value''' |- | Recommended mi...")
 
 
(17 intermediate revisions by the same user not shown)
Line 1: Line 1:
{| {{table}}
+
{| class="wikitable"
 
|+ Encryption Quick Reference
 
|+ Encryption Quick Reference
 
| align="center" style="background:#f0f0f0;"|'''Name'''
 
| align="center" style="background:#f0f0f0;"|'''Name'''
 
| align="center" style="background:#f0f0f0;"|'''Value'''
 
| align="center" style="background:#f0f0f0;"|'''Value'''
 
|-
 
|-
| Recommended minimum key size (symmetric)||128 bits
+
| Recommended public key algorithms||Curve25519, Ed25519, ECDSA, RSA
 
|-
 
|-
| Recommended minimum key size (asymmetric)||2048 bits
+
| Recommended symmetric ciphers||Salsa20, ChaCha20, AES
 +
|-
 +
| Recommended minimum key size (symmetric)||128 bits
 
|-
 
|-
 
| Preferred minimum key size (symmetric)||256 bits
 
| Preferred minimum key size (symmetric)||256 bits
 
|-
 
|-
| Preferred minimum key size (asymmetric)||4096 bits
+
| Recommended minimum key size (RSA)||2048 bits
 +
|-
 +
| Preferred minimum key size (RSA)||4096 bits
 
|-
 
|-
|
 
 
|}
 
|}
  
 +
{| class="wikitable"
 +
|+ Encryption Modes
 +
| align="center" style="background:#f0f0f0;"|'''Mode'''
 +
| align="center" style="background:#f0f0f0;"|'''AKA'''
 +
| align="center" style="background:#f0f0f0;"|'''Should use?'''
 +
| align="center" style="background:#f0f0f0;"|'''Authenticated? (unauthed modes require seperate auth)'''
 +
| align="center" style="background:#f0f0f0;"|'''Encryption parallelizable?'''
 +
| align="center" style="background:#f0f0f0;"|'''Decryption parallelizable?'''
 +
| align="center" style="background:#f0f0f0;"|'''Random read?'''
 +
| align="center" style="background:#f0f0f0;"|'''Notes'''
 +
|-
 +
| Electronic Code Book||ECB||No||No||Yes||Yes||Yes||Same plaintext yields same ciphertext.
 +
|-
 +
| Cipher Feedback||CFB||Yes||No||No||Yes||Yes||
 +
|-
 +
| Output Feedback||OFB||Yes||No||No||No||No||
 +
|-
 +
| Cipher Block Chaining||CBC||No||No||No||Yes||Yes||Vulnerable to CBC-R and padding oracle attacks, steps such as encrypt-then-MAC must be taken to mitigate.
 +
|-
 +
| Counter||CTR||Yes||No||Yes||Yes||Yes||
 +
|-
 +
| Galois Counter Mode||GCM||Recommended||Yes||Yes||Yes||No||Counter mode plus authentication, very efficient.
 +
|-
 +
| EAX Mode||EAX||Yes|| || || || ||
 +
|-
 +
|}
  
{| {{table}}
+
{| class="wikitable"
|+ Encryption algorithms
+
|+ Symmetric Ciphers
 
| align="center" style="background:#f0f0f0;"|'''Cipher'''
 
| align="center" style="background:#f0f0f0;"|'''Cipher'''
| align="center" style="background:#f0f0f0;"|'''Mode'''
+
| align="center" style="background:#f0f0f0;"|'''Block size (bits)'''
| align="center" style="background:#f0f0f0;"|'''Bits'''
+
| align="center" style="background:#f0f0f0;"|'''Key size (bits)'''
 
| align="center" style="background:#f0f0f0;"|'''Stream?'''
 
| align="center" style="background:#f0f0f0;"|'''Stream?'''
 +
| align="center" style="background:#f0f0f0;"|'''Should use?'''
 
| align="center" style="background:#f0f0f0;"|'''Estimated Time to Crack'''
 
| align="center" style="background:#f0f0f0;"|'''Estimated Time to Crack'''
 +
| align="center" style="background:#f0f0f0;"|'''Notes'''
 +
|-
 +
| AES||128||128,192,256|| ||Yes|| ||
 +
|-
 +
| DES||64||56|| ||No||[https://en.wikipedia.org/wiki/Data_Encryption_Standard#Brute_force_attack In 2008 their COPACOBANA RIVYERA reduced the time to break DES to less than one day, using 128 Spartan-3 5000's.]||
 +
|-
 +
| 3DES||64||168,112,56|| ||No|| ||
 +
|-
 +
| Blowfish||64||32-448|| ||Not ideal|| ||This is the primary mode of encryption used in IRC encryption plugins.
 +
|-
 +
| ChaCha20|| ||256||Yes||Yes|| ||
 +
|-
 +
| Salsa20|| ||256||Yes||Yes|| ||
 +
|-
 +
| RC4|| ||40-2048||Yes||No|| ||
 +
|-
 +
|}
 +
 +
{| class="wikitable"
 +
|+ Asymmetric Encryption
 +
| align="center" style="background:#f0f0f0;"|'''Cipher'''
 +
| align="center" style="background:#f0f0f0;"|'''ECC?'''
 +
| align="center" style="background:#f0f0f0;"|'''Signing'''
 +
| align="center" style="background:#f0f0f0;"|'''Encryption'''
 +
| align="center" style="background:#f0f0f0;"|'''DH Key exchange'''
 
| align="center" style="background:#f0f0f0;"|'''Should use?'''
 
| align="center" style="background:#f0f0f0;"|'''Should use?'''
 +
| align="center" style="background:#f0f0f0;"|'''Minimum key size'''
 +
| align="center" style="background:#f0f0f0;"|'''Recommended key size'''
 
| align="center" style="background:#f0f0f0;"|'''Notes'''
 
| align="center" style="background:#f0f0f0;"|'''Notes'''
 
|-
 
|-
| RSA||||1024-4096||||||||
+
| RSA||No||Yes||Yes||Yes||Yes||2048||4096||
 
|-
 
|-
| DES||||||||||No||
+
| DSA||No||Yes||Yes||No||No||2048||4096||
 
|-
 
|-
| 3DES||||||||||No||
+
| ElGamal||No||Yes||Yes||No||Yes||2048||4096||
 
|-
 
|-
| Blowfish||ECB||||No||||No||This is the primary mode of encryption used in IRC encryption plugins.
+
| ECDSA||Yes||Yes||Yes||No||Yes||256||384||
 
|-
 
|-
| Blowfish||CBC||||No||||No*||For most uses, this is a weak cryptosystem. For IRC, still preferred to Blowfish-ECB.
+
| ECDH||Yes||No||No||Yes||Yes||256||384||
 +
|-
 +
| Ed25519||Yes||Yes||No||No||Recommended||512||512||
 +
|-
 +
| Curve25519||Yes||No||No||Yes||Recommended||256||256||
 
|-
 
|-
|
 
 
|}
 
|}
  
 
+
{| class="wikitable"
{| {{table}}
+
 
|+ Hash functions
 
|+ Hash functions
 
| align="center" style="background:#f0f0f0;"|'''Hash'''
 
| align="center" style="background:#f0f0f0;"|'''Hash'''
Line 56: Line 115:
 
| SHA-3 (Keccak)||224-512||No||Yes||Not widely implemented yet.
 
| SHA-3 (Keccak)||224-512||No||Yes||Not widely implemented yet.
 
|-
 
|-
|  
+
|}
 +
 
 +
{| class="wikitable"
 +
|+ Key Derivation Functions (KDF)
 +
| align="center" style="background:#f0f0f0;"|'''Algorithm'''
 +
| align="center" style="background:#f0f0f0;"|'''Password?'''
 +
| align="center" style="background:#f0f0f0;"|'''Requires uniform random input?'''
 +
| align="center" style="background:#f0f0f0;"|'''Slow?'''
 +
| align="center" style="background:#f0f0f0;"|'''Notes'''
 +
|-
 +
| Bcrypt||Yes||No||Yes||
 +
|-
 +
| Scrypt||Yes||No||Yes||
 +
|-
 +
| PBKDF2||Yes||No||Yes||
 +
|-
 +
| HKDF||No||Yes||No||
 +
|-
 +
|}
 +
 
 +
{| class="wikitable"
 +
|+ Message Authentication Codes (MAC)
 +
| align="center" style="background:#f0f0f0;"|'''Algorithm'''
 +
| align="center" style="background:#f0f0f0;"|'''Hash-based?'''
 +
| align="center" style="background:#f0f0f0;"|'''Block cipher based?'''
 +
| align="center" style="background:#f0f0f0;"|'''Notes'''
 +
|-
 +
| Poly1305 ||No||Yes||
 +
|-
 +
| HMAC ||Yes||No||
 +
|-
 +
| CBC-MAC ||No||Yes||
 +
|-
 +
| PMAC ||No||Yes||
 +
|-
 +
| CMAC ||No||Yes||
 +
|-
 
|}
 
|}

Latest revision as of 22:37, 26 October 2015

Encryption Quick Reference
Name Value
Recommended public key algorithms Curve25519, Ed25519, ECDSA, RSA
Recommended symmetric ciphers Salsa20, ChaCha20, AES
Recommended minimum key size (symmetric) 128 bits
Preferred minimum key size (symmetric) 256 bits
Recommended minimum key size (RSA) 2048 bits
Preferred minimum key size (RSA) 4096 bits
Encryption Modes
Mode AKA Should use? Authenticated? (unauthed modes require seperate auth) Encryption parallelizable? Decryption parallelizable? Random read? Notes
Electronic Code Book ECB No No Yes Yes Yes Same plaintext yields same ciphertext.
Cipher Feedback CFB Yes No No Yes Yes
Output Feedback OFB Yes No No No No
Cipher Block Chaining CBC No No No Yes Yes Vulnerable to CBC-R and padding oracle attacks, steps such as encrypt-then-MAC must be taken to mitigate.
Counter CTR Yes No Yes Yes Yes
Galois Counter Mode GCM Recommended Yes Yes Yes No Counter mode plus authentication, very efficient.
EAX Mode EAX Yes
Symmetric Ciphers
Cipher Block size (bits) Key size (bits) Stream? Should use? Estimated Time to Crack Notes
AES 128 128,192,256 Yes
DES 64 56 No In 2008 their COPACOBANA RIVYERA reduced the time to break DES to less than one day, using 128 Spartan-3 5000's.
3DES 64 168,112,56 No
Blowfish 64 32-448 Not ideal This is the primary mode of encryption used in IRC encryption plugins.
ChaCha20 256 Yes Yes
Salsa20 256 Yes Yes
RC4 40-2048 Yes No
Asymmetric Encryption
Cipher ECC? Signing Encryption DH Key exchange Should use? Minimum key size Recommended key size Notes
RSA No Yes Yes Yes Yes 2048 4096
DSA No Yes Yes No No 2048 4096
ElGamal No Yes Yes No Yes 2048 4096
ECDSA Yes Yes Yes No Yes 256 384
ECDH Yes No No Yes Yes 256 384
Ed25519 Yes Yes No No Recommended 512 512
Curve25519 Yes No No Yes Recommended 256 256
Hash functions
Hash Bits Broken? Should use? Notes
MD5 128 Yes No Collisions can be generated at will with desktop computational power.
SHA-1 160 Yes No Collision are expensive to generate, but a sufficiently motivated adversary can do it.
SHA-2 224-512 No Yes Pseudo-collisions generated with partial SHA-256, no full attacks.
SHA-3 (Keccak) 224-512 No Yes Not widely implemented yet.
Key Derivation Functions (KDF)
Algorithm Password? Requires uniform random input? Slow? Notes
Bcrypt Yes No Yes
Scrypt Yes No Yes
PBKDF2 Yes No Yes
HKDF No Yes No
Message Authentication Codes (MAC)
Algorithm Hash-based? Block cipher based? Notes
Poly1305 No Yes
HMAC Yes No
CBC-MAC No Yes
PMAC No Yes
CMAC No Yes
Retrieved from "http://nets.ec/index.php?title=List_of_cryptography_functions&oldid=11401"