Table of Contents

Elliptic Curve Digital Signature Algorithm, or ECDSA, is one of the more complex public key cryptography encryption algorithms. Keys are generated via elliptic curve cryptography that are smaller than the average keys generated by digital signing algorithms. Elliptic curve cryptography is a form of public key cryptography which is based on the algebraic structure of elliptic curves over finite fields. Elliptic curve cryptography is mainly used for the creation of pseudo-random numbers, digital signatures, and more. A digital signature is an authentication method used where a public key pair and a digital certificate are used as a signature to verify the identity of a recipient or sender of information.

What is ECDSA?

ECDSA does the same thing as any other digital signing signature, but more efficiently. This is due to ECDSA’s use of smaller keys to create the same level of security as any other digital signature algorithm. ECDSA is used to create ECDSA certificates, which is a type of electronic document used for authentication of the owner of the certificate. Certificates contain information about the key used to create the certificate, information about the owner of the certificate, and the signature of the issuer of the certificate, who is a verified trusted entity. This trusted issuer is normally a certificate authority which also has a signed certificate, which can be traced back through the chain of trust to the original issuing certificate authority.

The way ECDSA works is an elliptic curve is that an elliptic curve is analyzed, and a point on the curve is selected. That point is multiplied by another number, thus creating a new point on the curve. The new point on the curve is very difficult to find, even with the original point at your disposal. The complexity of ECDSA means that ECDSA is more secure against current methods of encryption cracking encryptions. Along with being more secure against current attack methods, ECDSA also offers a variety of other benefits as well.

The Benefits and Drawbacks to using ECDSA

A benefit to using ECDSA over other public key cryptography is how new ECDSA is. ECDSA was standardized in 2005, compared to most common public key cryptography algorithm used, RSA, which was standardized in 1995. Since ECDSA has been around for such a shorter period of time, hackers have had less time to learn how to crack ECDSA. This, along with ECDSA’s complexity make switching to ECDSA look like a more desirable option each year. These benefits are why newer protocols choose to use ECDSA over RSA for public key cryptography functions.

Yet, RSA is still the most widely used public key cryptography method. This is due to the length of time RSA has been around, among other reasons. Though attackers have had more time to crack RSA, it is still the tried and true method used all across the Internet for digital signing, SSL/TLS transport, and more. A drawback of ECDSA is that it is complex to implement, whereas RSA is more easily set-up in comparison. The simplicity of RSA is often a draw to organizations, as it offer less roadblocks in its set-up. The downfall of many different organizations using ECDSA that have been hacked is the improper implementation of ECDSA itself, as it is complex to implement in the first place.

Where can ECDSA be implemented?

ECDSA does not just need to be used in the signing of certificates, it can be used anywhere RSA has been with the same effect in the end. Public key cryptography methods are found in everything from TLS/SSL to code signing. The government uses ECDSA to protect internal communications, while Tor uses it to maintain anonymity for their users. These are just a few of the uses ECDSA can be used for, but all cryptosystems face an issue with the emergence of quantum computing. Quantum computing threatens to make all classic cryptosystems, from AES to RSA to ECDSA, obsolete. The methods used in quantum computing mean previously strong methods like ECDSA will need to update to use quantum cryptography, or become obsolete.

About the Author

Search any posts

A collection of Encryption related products and resources that every organization should have!

Cyber security experts conference 2022

Free Downloads

Datasheet of Encryption Consulting Services

Encryption Consulting is a customer focused cybersecurity firm that provides a multitude of services in all aspects of encryption for our clients.

Download

Table of Contents

Twofish is the successor to Blowfish, and, like its predecessor, uses symmetric encryption, so only one 256-bit key is necessary. This technique is one of the fastest encryption algorithms and is ideal for both hardware and software environments. When it was released, it was a finalist for the National Institute of Technology and Science’s (NIST’s) competition to find a replacement for the Data Encryption Standard (DES) encryption algorithm. In the end, the Rjindael algorithm was selected over the Twofish encryption algorithm. Similar to Blowfish, a block cipher is used in this symmetric encryption algorithm.

Symmetric encryption is a process that uses a single key to both
encrypt and decrypt information. The key is taken in, along with the plaintext information, by the encryption algorithm. This key encrypts the data into ciphertext, which cannot be understood unless it is decrypted. When the encrypted data is sent to the recipient of the data, the symmetric encryption key must also be sent, either with or after the ciphertext has been sent. This key can then be used to decrypt the data.

Is Twofish secure?

A question many organizations ask is: Is Twofish safe, if the NIST did not want to use it to replace DES? The answer is yes, Twofish is extremely safe to use. The reason the NIST did not wish to utilize Twofish is due to it being slower, compared to the Rjindael encryption algorithm. One of the reasons that Twofish is so secure is that it uses a 128-bit key, which is almost impervious to brute force attacks. The amount of processing power and time needed to brute force a 128-bit key encrypted message makes whatever information that is being decrypted unactionable, as it could take decades to decrypt one message.

This does not mean that Twofish is impervious to all attacks, however. Part of Twofish’s encryption algorithm uses pre-computed, key dependent substitution to produce the ciphertext. Precomputing this value makes Twofish vulnerable to side channel attacks, but the dependence of a key with the substitution helps protect it from side channel attacks. Several attacks have been made on Twofish, but the creator of the algorithm, Bruce Schneier, argues these were not true cryptanalysis attacks. This means a practical break of the Twofish algorithm has not occurred yet.

What uses Twofish for encryption?

Though, like the Advanced Encryption Standard (AES), Twofish is not the most commonly used encryption algorithm, it still has many uses seen today. The most well-known products that use Twofish in their encryption methods are:

  • PGP (Pretty Good Privacy): PGP is an encryption algorithm that utilizes Twofish to encrypt emails. The data of the email is encrypted, but the sender and subject are not encrypted.
  • GnuPG: GnuPG is an implementation of OpenPGP that lets users encrypt and send data in communications. GnuPGP uses key management systems and modules to access public key directories. These public key directories provide public keys published by other users on the Internet, so that if they send a message with encrypted with their private key, anyone with access to the public key directory can decrypt that message.
  • TrueCrypt: TrueCrypt encrypts data on devices, with encryption methods that are transparent to the user. TrueCrypt works locally on the user’s computer, and automatically encrypts data when it leaves the local computer. An example would be a user sending a file from their local computer to an outside database. The file sent to the database would be encrypted as it leaves the local computer.
  • KeePass: KeePass is a password management software that encrypts passwords that are stored, and creates passwords using Twofish.

About the Author

Search any posts

A collection of Encryption related products and resources that every organization should have!

Cyber security experts conference 2022

Free Downloads

Datasheet of Encryption Consulting Services

Encryption Consulting is a customer focused cybersecurity firm that provides a multitude of services in all aspects of encryption for our clients.

Download

Table of Contents

Blowfish is the first symmetric encryption algorithm created by Bruce Schneier in 1993. Symmetric encryption uses a single encryption key to both encrypt and decrypt data. The sensitive data and the symmetric encryption key are utilized within the encryption algorithm to turn the sensitive data into ciphertext. Blowfish, along with its successor Twofish, was in the running to replace the Data Encryption Standard (DES) but failed due to the small size of its block. Blowfish uses a block size of 64, which is considered wholly insecure. Twofish fixed this issue, by implementing a block with a size of 128. Blowfish is much faster than DES, but it trades in its speed for security.

Products that use Blowfish

Though it is not as secure as other symmetric encryption algorithms, many products in many different areas of the Internet utilize Blowfish. Different types of products that Blowfish is a part of are:

  • Password Management: Password management software and systems protect and create passwords. Blowfish has been used in a variety of password management tools to both create passwords and encrypt saved passwords. Examples of password management tools using Blowfish include:
    • Access Manager
    • Java PasswordSafe
    • Web Confidential
  • File/Disk Encryption: Software that encrypts files or disks is extremely common today as so many organizations have sensitive data they need to keep secure. This software must be straightforward for use by companies and quick to finish the encryption process. Thus, Blowfish is utilized in these encryption systems often in products such as:
    • GnuPG
    • Bcrypt
    • CryptoForge
  • Backup Tools: Software that backs up vital infrastructure in an organization must have the ability to encrypt information in those backups. This is in case the backup contains sensitive information. Backup systems that use Blowfish are:
    • Symantec NetBackup
    • Backup for Workgroups
  • Email Encryption: Encryption for emails is extremely important on any device. Different IOS, Linux, and Windows software all use Blowfish for email encryption. Examples:
    • A-Lock
    • SecuMail
  • Operating System Examples:
    • Linux
    • OpenBSD
  • Secure Shell (SSH)Secure Shell is used to remotely access computer networks while authenticating the user through the use of encryption methods like Blowfish. Examples:
    • OpenSSH
    • PuTTY

Comparison Table

AdvantagesDisadvantages
  • Faster than other encryption algorithms, such as the Data Encryption Standard (DES)
  • Blowfish is unpatented and free to use. This means anyone can take and use Blowfish for whatever they want to
  • The Blowfish algorithm also has a lesser amount of operations to complete compared to other encryption algorithms
  • The key schedule of Blowfish takes a long time, but this can be advantageous, as brute force attacks are more difficult
  • The key schedule of Blowfish takes a long time, equivalent to encrypting 4KBs of data, which can be a disadvantage or an advantage. On the Disadvantage side, it takes a very long time to do
  • The small block size of Blowfish means that Birthday Attacks can occur and compromise the encryption algorithm
  • It is followed by Twofish, which was created to replace Blowfish, as it is better in most ways

About the Author

Search any posts

A collection of Encryption related products and resources that every organization should have!

Cyber security experts conference 2022

Free Downloads

Datasheet of Encryption Consulting Services

Encryption Consulting is a customer focused cybersecurity firm that provides a multitude of services in all aspects of encryption for our clients.

Download

Table of Contents

The Rivest-Shamir-Adleman (RSA) encryption algorithm is an asymmetric encryption algorithm that is widely used in many products and services. Asymmetric encryption uses a key pair that is mathematically linked to encrypt and decrypt data. A private and public key are created, with the public key being accessible to anyone and the private key being a secret known only by the key pair creator. With RSA, either the private or public key can encrypt the data, while the other key decrypts it. This is one of the reasons RSA is the most used asymmetric encryption algorithm.

How does RSA work?

The option to encrypt with either the private or public key provides a multitude of services to RSA users. If the public key is used for encryption, the private key must be used to decrypt the data. This is perfect for sending sensitive information across a network or Internet connection, where the recipient of the data sends the data sender their public key. The sender of the data then encrypts the sensitive information with the public key and sends it to the recipient. Since the public key encrypted the data, only the owner of the private key can decrypt the sensitive data. Thus, only the intended recipient of the data can decrypt it, even if the data were taken in transit.

The other method of asymmetric encryption with RSA is encrypting a message with a private key. In this example, the sender of the data encrypts the data with their private key and sends encrypted data and their public key along to the recipient of the data. The recipient of the data can then decrypt the data with the sender’s public key, thus verifying the sender is who they say they are. With this method, the data could be stolen and read in transit, but the true purpose of this type of encryption is to prove the identity of the sender. If the data were stolen and modified in transit, the public key would not be able to decrypt the new message, and so the recipient would know the data had been modified in transit.

The technical details of RSA work on the idea that it is easy to generate a number by multiplying two sufficiently large numbers together, but factorizing that number back into the original prime numbers is extremely difficult. The public and private key are created with two numbers, one of which is a product of two large prime numbers. Both use the same two prime numbers to compute their value. RSA keys tend to be 1024 or 2048 bits in length, making them extremely difficult to factorize, though 1024 bit keys are believed to breakable soon.

Who uses RSA encryption?

As previously described, RSA encryption has a number of different tasks that it is used for. One of these is digital signing for code and certificates. Certificates can be used to verify who a public key belongs to, by signing it with the private key of the key pair owner. This authenticates the key pair owner as a trusted source of information. Code signing is also done with the RSA algorithm. To ensure the owner is not sending dangerous or incorrect code to a buyer, the code is signed with the private key of the code creator. This verifies the code has not been edited maliciously in transit, and that the code creator verifies that the code does what they have said it does.

RSA was used with Transport Layer Security (TLS) to secure communications between two individuals. Other well-known products and algorithms, like the Pretty Good Privacy algorithm, use RSA either currently or in the past. Virtual Private Networks (VPNs), email services, web browsers, and other communication channels have used RSA as well. VPNs will use TLS to implement a handshake between the two parties in the information exchange. The TLS Handshake will use RSA as its encryption algorithm, to verify both parties are who they say who they are.

RSA Vulnerabilities

Though viable in many circumstances, there are still a number of vulnerabilities in RSA that can be exploited by attackers. One of these vulnerabilities is the implementation of a long key in the encryption algorithm. Algorithms like AES are unbreakable, while RSA relies on the size of its key to be difficult to break. The longer an RSA key, the more secure it is. Using prime factorization, researchers managed to crack a 768 bit key RSA algorithm, but it took them 2 years, thousands of man hours, and an absurd amount of computing power, so the currently used key lengths in RSA are still safe. The National Institute of Science and Technology (NIST) recommends a minimum key length of 2048 bits now, but many organizations have been using keys of length 4096 bits. Other ways RSA is vulnerable are:

  • Weak Random Number Generator: When organizations use weak random number generators, then the prime numbers created by them are much easier to factor, thus giving attackers an easier time of cracking the algorithm.
  • Weak Key Generation: RSA keys have certain requirements relating to their generation. If the prime numbers are too close, or if one of the numbers making up the private key is too small, then the key can be solved for much easier.
  • Side Channel Attacks: Side channel attacks are a method of attack that take advantage of the system running the encryption algorithm, as opposed to the algorithm itself. Attackers can analyze the power being used, use branch prediction analysis, or use timing attacks to find ways to ascertain the key used in the algorithm, thus compromising the data.

About the Author

Search any posts

A collection of Encryption related products and resources that every organization should have!

Cyber security experts conference 2022

Free Downloads

Datasheet of Encryption Consulting Services

Encryption Consulting is a customer focused cybersecurity firm that provides a multitude of services in all aspects of encryption for our clients.

Download

Encryption algorithms are a mathematical formula which, with the help of a key, changes plaintext into ciphertext. They also make it possible to reverse the process and revert ciphertext back into plaintext.

Examples of common encryption algorithms:

About the Author

Search any posts

A collection of Encryption related products and resources that every organization should have!

Cyber security experts conference 2022

Free Downloads

Datasheet of Encryption Consulting Services

Encryption Consulting is a customer focused cybersecurity firm that provides a multitude of services in all aspects of encryption for our clients.

Download

Plaintext can refer to anything which humans can understand and/or relate to. This may be as simple as English sentences, a script, or Java code. If you can make sense of what is written, then it is in plaintext.

Ciphertext, or encrypted text, is a series of randomized letters and numbers which humans cannot make any sense of. An encryption algorithm takes in a plaintext message, runs the algorithm on the plaintext, and produces a ciphertext. The ciphertext can be reversed through the process of decryption, to produce the original plaintext.

Example: We will encrypt a sentence using Caesar Cipher. The key is 7, which means the letter a becomes h.

Plaintext: This is a plaintext.

Ciphertext: Aopz pz h wshpualea.

About the Author

Search any posts

A collection of Encryption related products and resources that every organization should have!

Cyber security experts conference 2022

Free Downloads

Datasheet of Encryption Consulting Services

Encryption Consulting is a customer focused cybersecurity firm that provides a multitude of services in all aspects of encryption for our clients.

Download

Let's talk