DES is an early symmetric-key block cipher developed in the 1970s. It uses a 56-bit key and operates on 64-bit blocks of data. Due to its small key size and known vulnerabilities, DES is no longer considered secure and has been largely replaced by more robust algorithms.
Symmetric cryptography
Symmetric cryptography uses a single shared key for encryption and decryption. It is fast and efficient for large data volumes but presents key distribution challenges and does not provide non-repudiation.
Common symmetric algorithms include AES, the NIST-standardized cipher supporting 128, 192, and 256-bit keys that is the preferred choice for SSL/TLS, Wi-Fi, and file encryption; ChaCha20, a stream cipher commonly paired with Poly1305 for authenticated encryption; and 3DES, an older extension of DES that has been largely phased out in favor of AES.
Strengths: Fast encryption and decryption; less computationally intensive than asymmetric cryptography.
Weaknesses: Key distribution is difficult to scale; no non-repudiation.
Asymmetric cryptography (public-key cryptography)
Asymmetric cryptography uses a public key for encryption and a private key for decryption. It is the foundation for secure key exchange, digital signatures, and PKI, though it is slower than symmetric cryptography and impractical for bulk data encryption.
Common asymmetric algorithms include RSA, which is based on large prime factorization and used in SSL/TLS, PGP, and SSH; ECC, which delivers equivalent security to RSA with smaller key sizes and underpins ECDSA and ECDH; and Diffie-Hellman, a key exchange mechanism that allows two parties to derive a shared secret over an insecure channel.
Strengths: Scalable key distribution; supports non-repudiation via digital signatures.
Weaknesses: Slower and more computationally intensive than symmetric cryptography.
Cryptographic hash functions
Hash functions take arbitrary-length input and produce a fixed-size output. The same input always produces the same hash; any change to the input produces a different one. They are used for password hashing, data integrity verification, MACs, and digital signatures.
The SHA-2 and SHA-3 families are the current standards. MD5 and SHA-1 are deprecated due to collision vulnerabilities. BLAKE2 is a modern alternative that is faster than SHA-2 and SHA-3.
Strengths: Efficient integrity verification; supports MACs and digital signatures.
Weaknesses: One-way only; not suitable for encryption. Weak functions like MD5 are vulnerable to collision attacks.
Cryptographic protocols
Common protocols include TLS for securing web and email traffic; SSH for secure remote access and file transfer; IPsec for network-layer security; PGP/OpenPGP for encrypted email and file signing; and the Signal Protocol for end-to-end encrypted messaging.
Cryptographic standards
Key standards include FIPS 140-3 and FIPS 197 (AES) from NIST; NIST Special Publications for key management and algorithm guidance; IETF RFCs defining TLS, SSH, and IPsec; and ISO/IEC 27001 for information security management.
