New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Encryption & Decryption by Cryptography [3DES/AES/ECDSA/DH]
Mahfuz_SS_EHL
Host Rep, Veteran
in Help
Hello,
Need some help to choose best encryption method available. Sensitive piece of information needs to be encrypted & also decrypted when it's necessary.
Mostly, we are looking for Asymmetric key algorithms but open to Symmetric key algorithms too.
For Asymmetric key algorithms, we have 3DES / AES-GCM / Blowfish / Twofish etc.
For Symmetric key algorithms, we have DSA+DH / ECDSA etc.
Google has most of the details but no real-time experiences. Does anyone here have real-time experiences playing with all these ?? Which is more secure but processing takes less time ??
Any guidance is appreciated 
Regards,
Mahfuz.
Comments
AES-GCM and ECDSA are the only secure algorithms among those in your list.
Apart from algorithm choice, the security protocol design and key management essential to ensure the system is secure.
For a start, asymmetric algos are basically only practical for KEX. To encrypt data (more than a few bytes) I suggest either AES or ChaCha, the latter being faster without hardware support, the former possibly preferable on X86-64 with AES hardware support.
If you insist on asymmetric I'd suggest 25519 ECC.
Oh, and don't confuse KEX with en/decryption.
As already pointed out by @yoursunny the security design of the whole concept is the key.
A deprecated crypto algorithm might screw up your security but a secure crypto algo alone won't make it safe whatever you are doing.
Thus I'd strongly recommend using well-known implementations and systems like TLS to secure a TCP protocol, SSH for interaction with remote systems, GnuPG to encrypt files etc.
If you can share more details about what you want to do, more price advice can be given.
As the saying goes "Don't roll your own crypto".
Just use a standard crypto library like libsodium and be done with it. There may be other choices depending on the programming language you are writing the code for. For example in python there is the cryptography library which provides for "safe cryptographic recipes with little configuration needed".
These are symmetric algorithms by the way. Same key is used both for encryption and decryption.
RSA, ECC are asymmetric encryption. You have a key pair - Public key and private key.
Asymmetric ciphers are slow and generally not used to encrypt data en masse. Usually you would encrypt the data with a fast symmetric algorithm and encrypt the encryption key with an asymmetric cipher.
Bump...
Thanks boss for your kind reply. Can you guide me a little to the key management process also ? Like, how we can implement the Key Management so that no disaster takes place.
@Mahfuz_SS_EHL
deliciousbrains.com/php-encryption-methods/#cloud-kms
Hello,
Thanks for your nice suggestion. Actually, this is for CDE (Card Data Environment). Can you guide me for Key Management ? How can it be stored ?
Thanks a lot for the reference. It sounds great. Checking it out.
hmm that sounds worrying. Someone already said it somewhere on LET, but this thing can easily go wrong and open you to a bunch of lawsuites
No, we are pretty confident, nothing will go wrong because we are implementing 2 layers of Firewall. Even if there is any vulnerabilities, it won't be accessible by outside web. Also the connection between the Web Server & CDE is privately connected.
I think your approach here is wrong -- start by what your application actually is and then find a protocol that is well tested for that use case.
Post your key here, we will keep it for you.
Yes, we are testing out from our application part too. Everything is in testing actually.
Noo