Symmetric algorithms use a private or secret key that must remain secret between the two parties. Each party pair requires a separate private key.

Therefore, a single user would need a unique secret key for every user with whom she communicates.

Refer to below figure to take a deeper look into multiple Symmetric algorithms, their Advantage and Disadvantages.

Symmetric algorithms include DES, AES, IDEA, Skipjack, Blowfish, Twofish, RC4/RC5/RC6/RC7, and CAST. All these algorithms will be discussed in below figure.

Below figure strengths and weaknesses of symmetric algorithms:-

As mentioned above, Key distribution is the major problem with Symmetric Key encryption. Hence, there are multiple technique used for key distribution with security.

*QUIZ TIME * –** Practicing questions along with Concepts is Best way to Maintain Interest in Study. Hence, Please take some time for a small Quiz on Symmetric Cryptography? – Please click on below image for quiz to start. *

** The questions in these practice tests are listed to help you study information and concepts that are likely to be tested on CISSP certification and do not represent questions from any actual test. Your score on these practice tests is not meant to and will not correlate to any particular score on any test. *

### Symmetric Key Cryptography Transcript

- Depend on distributed “shared secret/Private key/Secret Key”
- Number of keys for n nodes to communicates = n*(n-1)/2
- DES
- Please note: DES is not an Algorithm “It is a standard that Published “DEA” Algorithm”
- No longer Secure
- 64 bit Plaintext, 64 bit private Key (56 bit is actually key + 8 bit parity bit), 64 bit Ciphertext
- 16 times XOR operations also called as 16 times encryption
- Electronic code book(ECB) mode
- Simple and Least Secure
- Same ciphertest for same plaintext everytime
- Vulnerable to “Codebook” in case of long text
- Must be used only for “small text” e.g. encryption of Database

- Cipher Block Chaining(CBC) mode
- Select Initialization Vector
- Very less chances of getting Ciphertext same
- Error propagate

- Cipher Feedback Mode (CFB)
- Streaming cipher version of CBC
- Uses memory buffer- As buffer full, it is encrypted
- Must not be used for Video and Voice signals

- Output Feedback Mode(OFB)
- Operates in same as CFB
- A combination of Block + Stream cipher
- Instead of chaining; it uses Seed value.
- Future Seed value are determined by running DES algorithm on seed value
- Advantage: No error propagate

- Counter mode(CTR)
- Uses Simple counter instead of Seed
- Advantage: No error propagate
- Most suitable for parallel computing
- Performance is much better than other modes

- 3DES
- Upto 3 times slower than DES
- A temporary replacement to DES
- DES-EEE3 mode
- Encrypt three times with K1, K2, K3 key
- effective key length = 56*3 = 168
- E(K1,E(K2,E(K3,P)))

- DES-EDE3 mode
- E(K1,D(K2,E(K3,P)))
- also uses three keys but replaces the second encryption operation with a decryption operation

- DES-EEE2 mode
- E(K1,E(K2,E(K1,P)))

- DES-EDE2 mode
- E(K1,D(K2,E(K1,P)))

- DES-EDE1
- only one key
- Backword compatibility purpose
- =DES

- International Data Encryption Algorithm (IDEA)
- Developed with mindset of insufficient key length
- 128 bit key is broken into 52 x 16 bit subkeys
- Used by Pretty Good Privacy (PGP) email package
- Faster & harder to break than DES

- Blowfish
- Block Cipher alternative to DES & IDEA
- Variable key length (32 bit to strongest 448 bit)
- Block – 64 bit of plaintext
- much faster than DES and IDEA
- Used in Commercial software & OS, SSH
- Never patented

- Skipjack
- 64 bit block of text
- 80 bit key and support 4 mode of operation
- Used in Clipper chip

- RC4
- Used in SSL and WEP
- Stream Cipher
- Variable key size of 40 to 2,048 bits and up to 256 rounds of transformation

- In terms of speed – RC7 > RC6 >RC5
- RC5
- Block cipher of 32,64,128 bit size
- Key size 0 to 2040 bits
- e.g. RC5-64/16/16 denotes a 64-bit word (or 128-bit data blocks), 16 rounds of transformation, and a 16-byte (128-bit) key

- AES
- NIST mandated the use of AES/RSA for all sensitive but unclassified data by the U.S. government.
- Replacement of DES
- Allows 128-bit of blocks, but for RSA block size could be equal to Block Size.
- 128-bit keys require 10 rounds of encryption. 192-bit keys require 12 rounds of encryption. 256-bit keys require 14 rounds of encryption.

- Twofish
- 128-bit blocks of data & keys up to 256 bits
- Pre-whitening – XORing the plaintext with a separate subkey before the first round of encryption.
- Post-whitening uses a similar operation after the 16th round of encryption.
- Never Patented

- Strength of Symmetric encryption
- 1000 to 10,000 times faster than Asymmetric key algorithm
- Hard to break
- Cheaper to Implement

- Weakness of Symmetric encryption
- Key distribution is a major problem – Out of band exchange
- Does not implement non-repudiation & Authentication.
- The algorithm is not scalable
- Number of unique keys needed can cause key management issues
- Keys must be regenerated often
- Only provide confidentiality
- Key compromise occurs if one party is compromised, thereby allowing impersonation

- Key Distribution i.e. Creation, Distribution, Transmission
- Offline Distribution
- Public key encryption
- Diffie-Hellman
- Susceptible to Man-in-middle Attack unless an organization implements digital signatures or digital certificates for authentication at the beginning of the Diffie-Hellman process

Pingback: Domain 3: Security Architecture and Engineering – mrcissp