Difference between revisions of "List of cryptography functions"

Latest revision as of 22:37, 26 October 2015

Encryption Quick Reference
Name	Value
Recommended public key algorithms	Curve25519, Ed25519, ECDSA, RSA
Recommended symmetric ciphers	Salsa20, ChaCha20, AES
Recommended minimum key size (symmetric)	128 bits
Preferred minimum key size (symmetric)	256 bits
Recommended minimum key size (RSA)	2048 bits
Preferred minimum key size (RSA)	4096 bits

Encryption Modes
Mode	AKA	Should use?	Authenticated? (unauthed modes require seperate auth)	Encryption parallelizable?	Decryption parallelizable?	Random read?	Notes
Electronic Code Book	ECB	No	No	Yes	Yes	Yes	Same plaintext yields same ciphertext.
Cipher Feedback	CFB	Yes	No	No	Yes	Yes
Output Feedback	OFB	Yes	No	No	No	No
Cipher Block Chaining	CBC	No	No	No	Yes	Yes	Vulnerable to CBC-R and padding oracle attacks, steps such as encrypt-then-MAC must be taken to mitigate.
Counter	CTR	Yes	No	Yes	Yes	Yes
Galois Counter Mode	GCM	Recommended	Yes	Yes	Yes	No	Counter mode plus authentication, very efficient.
EAX Mode	EAX	Yes

Symmetric Ciphers
Cipher	Block size (bits)	Key size (bits)	Stream?	Should use?	Estimated Time to Crack	Notes
AES	128	128,192,256		Yes
DES	64	56		No	In 2008 their COPACOBANA RIVYERA reduced the time to break DES to less than one day, using 128 Spartan-3 5000's.
3DES	64	168,112,56		No
Blowfish	64	32-448		Not ideal		This is the primary mode of encryption used in IRC encryption plugins.
ChaCha20		256	Yes	Yes
Salsa20		256	Yes	Yes
RC4		40-2048	Yes	No

Hash functions
Hash	Bits	Broken?	Should use?	Notes
MD5	128	Yes	No	Collisions can be generated at will with desktop computational power.
SHA-1	160	Yes	No	Collision are expensive to generate, but a sufficiently motivated adversary can do it.
SHA-2	224-512	No	Yes	Pseudo-collisions generated with partial SHA-256, no full attacks.
SHA-3 (Keccak)	224-512	No	Yes	Not widely implemented yet.

Key Derivation Functions (KDF)
Algorithm	Password?	Requires uniform random input?	Slow?	Notes
Bcrypt	Yes	No	Yes
Scrypt	Yes	No	Yes
PBKDF2	Yes	No	Yes
HKDF	No	Yes	No

@@ Line 40: / Line 40: @@
 |-
 | Galois Counter Mode||GCM||Recommended||Yes||Yes||Yes||No||Counter mode plus authentication, very efficient.
+|-
+| EAX Mode||EAX||Yes|| || || || ||
 |-
 |}
@@ Line 53: / Line 55: @@
 | align="center" style="background:#f0f0f0;"|'''Notes'''
 |-
-| AES||128||128,192,256||||Yes||
+| AES||128||128,192,256|| ||Yes|| ||
 |-
-| DES||64||56|||||No||[https://en.wikipedia.org/wiki/Data_Encryption_Standard#Brute_force_attack In 2008 their COPACOBANA RIVYERA reduced the time to break DES to less than one day, using 128 Spartan-3 5000's.]||||
+| DES||64||56|| ||No||[https://en.wikipedia.org/wiki/Data_Encryption_Standard#Brute_force_attack In 2008 their COPACOBANA RIVYERA reduced the time to break DES to less than one day, using 128 Spartan-3 5000's.]||
 |-
-| 3DES||64||168,112,56|||||No||
+| 3DES||64||168,112,56|| ||No|| ||
 |-
-| Blowfish||64||32-448|||||Not ideal||||This is the primary mode of encryption used in IRC encryption plugins.
+| Blowfish||64||32-448|| ||Not ideal|| ||This is the primary mode of encryption used in IRC encryption plugins.
 |-
-| ChaCha20||||256||Yes||Yes||||
+| ChaCha20|| ||256||Yes||Yes|| ||
 |-
-| Salsa20||||256||Yes||Yes||||
+| Salsa20|| ||256||Yes||Yes|| ||
 |-
-| RC4||||40-2048|||Yes||No||||
+| RC4|| ||40-2048||Yes||No|| ||
 |-
 |}