disadvantages Archives

Services	Advantages	Disadvantages
Bring Your Own Encryption (BYOE)	The Bring Your Own Encryption (BYOE) concept is the desired trust model for organizations that require full control over access to their data regardless of where it is stored or processed. Regulated industries, such as financial services and healthcare, require keys to be segregated from the cloud Data Warehouse compute and storage infrastructure. BYOE enables organizations to comply with this requirement with encryption applied to the most sensitive columns, and dynamic masking or filtering access to other sensitive columns – achieving the optimal balance between data protection, compliance, analytics and usability of the data. Without exposing encryption keys or sensitive data to the cloud, BYOE enhances the security of data within all cloud services such as Database as a Service (DBaaS) environments, as data is always encrypted before being sent to the cloud.	There is an increased latency problem as any data element has to go through repeated cycles of encryption and decryption for utilization in cloud environments, thereby inducing latency related issues. As there are limited interfaces available, there is a requirement to build Custom API’s for integration with multiple cloud service providers, which might not be feasible for a small/medium sized organizations. As the organizations adopt a move to cloud approach, this approach puts increasing pressure on the on-premises infrastructure with respect to scaling, performance, etc.
Bring Your Own Key-Cloud HSM	No Key exposure outside the HSM. FIPS advanced level (FIPS 140-2 Level 3 and above) complaint hardware-based devices meeting all regulatory requirements. Can perform all core functions of an on-premises HSM: key generation, key storage, key rotation, and APIs to orchestrate encryption in the cloud. Designed for security. Dedicated hardware and software for security functions.	Need specialized, in-house resources to manage key and crypto lifecycle activities. HSM-based approaches are more cost intensive due to the use of a dedicated hardware appliance. Performance overheads.
Bring Your Own Key-Cloud KMS	No specialized skilled resources are required. Enables existing products that need keys to use cryptography. Provides a centralized point to manage keys across heterogeneous products. Native integration with other services such as system administration, databases, storage and application development tools offered by the cloud provider.	Key exposure outside HSM. FIPS 140-2 Level 3 and above devices not available.
Software Key Manage-ment	With this approach, service accounts, generic administrative accounts which may be assumed by one or more users, can access these secrets, but no one else.	Not compliant with regulatory requirements which specify FIPS-certified hardware.
Secret Management	Run the organizations own key management application in the cloud. Lower cost than HSMs and full control of key services, rather than delegating them to your cloud provider. Can perform all core functions of an HSM: key generation, key storage, key rotation, and APIs to orchestrate encryption in the cloud.	N/A

Services

Advantages

Disadvantages

Bring Your Own Encryption (BYOE)

The Bring Your Own Encryption (BYOE) concept is the desired trust model for organizations that require full control over access to their data regardless of where it is stored or processed.
Regulated industries, such as financial services and healthcare, require keys to be segregated from the cloud Data Warehouse compute and storage infrastructure. BYOE enables organizations to comply with this requirement with encryption applied to the most sensitive columns, and dynamic masking or filtering access to other sensitive columns – achieving the optimal balance between data protection, compliance, analytics and usability of the data.
Without exposing encryption keys or sensitive data to the cloud, BYOE enhances the security of data within all cloud services such as Database as a Service (DBaaS) environments, as data is always encrypted before being sent to the cloud.

There is an increased latency problem as any data element has to go through repeated cycles of encryption and decryption for utilization in cloud environments, thereby inducing latency related issues.
As there are limited interfaces available, there is a requirement to build Custom API’s for integration with multiple cloud service providers, which might not be feasible for a small/medium sized organizations.
As the organizations adopt a move to cloud approach, this approach puts increasing pressure on the on-premises infrastructure with respect to scaling, performance, etc.

Bring Your Own Key-Cloud HSM

No Key exposure outside the HSM.
FIPS advanced level (FIPS 140-2 Level 3 and above) complaint hardware-based devices meeting all regulatory requirements.
Can perform all core functions of an on-premises HSM: key generation, key storage, key rotation, and APIs to orchestrate encryption in the cloud.
Designed for security.
Dedicated hardware and software for security functions.

Need specialized, in-house resources to manage key and crypto lifecycle activities.
HSM-based approaches are more cost intensive due to the use of a dedicated hardware appliance.
Performance overheads.

Bring Your Own Key-Cloud KMS

No specialized skilled resources are required.
Enables existing products that need keys to use cryptography.
Provides a centralized point to manage keys across heterogeneous products.
Native integration with other services such as system administration, databases, storage and application development tools offered by the cloud provider.

Key exposure outside HSM.
FIPS 140-2 Level 3 and above devices not available.

Software
Key
Manage-ment

With this approach, service accounts, generic administrative accounts which may be assumed by one or more users, can access these secrets, but no one else.

Not compliant with regulatory requirements which specify FIPS-certified hardware.

Secret Management

Run the organizations own key management application in the cloud.
Lower cost than HSMs and full control of key services, rather than delegating them to your cloud provider.
Can perform all core functions of an HSM: key generation, key storage, key rotation, and APIs to orchestrate encryption in the cloud.

Common Encryption Algorithms, Education Center

What is Blowfish in security? Who uses Blowfish?

by Puneet

Last updated on May 23, 2023

Table of Contents

Products that use Blowfish
Comparison Table

Blowfish is the first symmetric encryption algorithm created by Bruce Schneier in 1993. Symmetric encryption uses a single encryption key to both encrypt and decrypt data. The sensitive data and the symmetric encryption key are utilized within the encryption algorithm to turn the sensitive data into ciphertext. Blowfish, along with its successor Twofish, was in the running to replace the Data Encryption Standard (DES) but failed due to the small size of its block. Blowfish uses a block size of 64, which is considered wholly insecure. Twofish fixed this issue, by implementing a block with a size of 128. Blowfish is much faster than DES, but it trades in its speed for security.

Products that use Blowfish

Though it is not as secure as other symmetric encryption algorithms, many products in many different areas of the Internet utilize Blowfish. Different types of products that Blowfish is a part of are:

Password Management

Password management software and systems protect and create passwords. Blowfish has been used in a variety of password management tools to both create passwords and encrypt saved passwords. Examples of password management tools using Blowfish include:
- Access Manager
- Java PasswordSafe
- Web Confidential
File/Disk Encryption

Software that encrypts files or disks is extremely common today as so many organizations have sensitive data they need to keep secure. This software must be straightforward for use by companies and quick to finish the encryption process. Thus, Blowfish is utilized in these encryption systems often in products such as:
- GnuPG
- Bcrypt
- CryptoForge
Backup Tools

Software that backs up vital infrastructure in an organization must have the ability to encrypt information in those backups. This is in case the backup contains sensitive information. Backup systems that use Blowfish are:
- Symantec NetBackup
- Backup for Workgroups
Email Encryption

Encryption for emails is extremely important on any device. Different IOS, Linux, and Windows software all use Blowfish for email encryption. Examples:
- A-Lock
- SecuMail
Operating System Examples
- Linux
- OpenBSD
Secure Shell (SSH)

Secure Shell is used to remotely access computer networks while authenticating the user through the use of encryption methods like Blowfish. Examples:
- OpenSSH
- PuTTY

Comparison Table

Advantages	Disadvantages
Faster than other encryption algorithms, such as the Data Encryption Standard (DES) Blowfish is unpatented and free to use. This means anyone can take and use Blowfish for whatever they want to The Blowfish algorithm also has a lesser amount of operations to complete compared to other encryption algorithms The key schedule of Blowfish takes a long time, but this can be advantageous, as brute force attacks are more difficult	The key schedule of Blowfish takes a long time, equivalent to encrypting 4KBs of data, which can be a disadvantage or an advantage. On the Disadvantage side, it takes a very long time to do The small block size of Blowfish means that Birthday Attacks can occur and compromise the encryption algorithm It is followed by Twofish, which was created to replace Blowfish, as it is better in most ways

Advantages

Disadvantages

Faster than other encryption algorithms, such as the Data Encryption Standard (DES)
Blowfish is unpatented and free to use. This means anyone can take and use Blowfish for whatever they want to
The Blowfish algorithm also has a lesser amount of operations to complete compared to other encryption algorithms
The key schedule of Blowfish takes a long time, but this can be advantageous, as brute force attacks are more difficult

The key schedule of Blowfish takes a long time, equivalent to encrypting 4KBs of data, which can be a disadvantage or an advantage. On the Disadvantage side, it takes a very long time to do
The small block size of Blowfish means that Birthday Attacks can occur and compromise the encryption algorithm
It is followed by Twofish, which was created to replace Blowfish, as it is better in most ways

Tags:

advantages blowfish disadvantages encryption algorithm Symmetric Encryption twofish

About the Author

Puneet

President at Encryption Consulting LLC focusing on providing consulting to customers in the Applied Cryptography space.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Tag: disadvantages

Cloud Key Management Services: Advantages and Disadvantages

Tags:

Datasheet of Encryption Consulting Services

About the Author

Puneet

What is Blowfish in security? Who uses Blowfish?

Products that use Blowfish

Comparison Table

Tags:

Datasheet of Encryption Consulting Services

About the Author

Puneet

Ready to get started?

Global Headquarters

Contact Sales

Services

Products

Company

Cloud Key Management Services: Advantages and Disadvantages

Tags:

Datasheet of Encryption Consulting Services

About the Author

Puneet

You might also be interested in

Subscribe to our newsletter

Explore More Topics

What is Blowfish in security? Who uses Blowfish?

Products that use Blowfish

Comparison Table

Tags:

Datasheet of Encryption Consulting Services

About the Author

Puneet

You might also be interested in

Subscribe to our newsletter

Explore More Topics

Ready to get started?