From the course: CompTIA Security+ (SY0-701) Cert Prep

Choosing encryption algorithms

From the course: CompTIA Security+ (SY0-701) Cert Prep

Start my 1-month free trial

Choosing encryption algorithms

- [Narrator] There are many different encryption algorithms that you can choose from when trying to achieve one of the goals of cryptography. Let's talk about some of the things that you should watch for when selecting an encryption algorithm. It's important to remember that encryption is very complicated. It uses sophisticated mathematical techniques, and even the smallest flaw in an algorithm can render that algorithm insecure. For this reason, you should never try to build your own encryption algorithm unless you really, really know what you're doing. You wouldn't try to perform heart surgery on yourself. Don't try to build your own encryption algorithms either. Similarly, if a vendor claims that their software is secured with a proprietary encryption algorithm and they won't share the details, view that claim with the skepticism that it deserves. It's a big red flag. In fact, the idea of having secret encryption algorithms is so contrary to the principles held by cybersecurity professionals that we've coined a term to describe this approach. We call it security through obscurity, meaning that the security of the algorithm comes from the fact that nobody knows how it works. Security through obscurity is a slanderous term and not something that you'd want to hear used to describe your own approach to security. For the same reason, you should choose an encryption algorithm that is proven. The details of encryption algorithms are normally published and open for inspection by the security community. This public vetting process is important because it allows mathematicians and cryptographers to review the details of the algorithm and ensure that it's well-designed and free of back doors that might allow unintended access to information. When you choose an encryption algorithm, you may be able to select the length of your encryption key. Not all algorithms allow this so some have fixed-length keys, but if you are able to choose your key length, the longer your key, the more secure your information will be. There is a downside, however. As keys get longer, the performance of the algorithm goes down. You're trading off security for speed and making a classic decision that must balance security constraints with available resources. Choosing a long key is important because it makes it much more difficult for someone to guess the key that you've used. Here's an example of what a 40-bit encryption key looks like. A bit is simply a one or a zero in binary, and a 40-bit key consists of 40 ones and zeros. There are over 1 trillion possible combinations for this key. Now that might sound like a lot, but it's possible for a computer to break this encryption key. If we bump encryption up to 128-bit key, here's what that looks like. There are enough possibilities here that it wouldn't be feasible to guess the key with a modern computer, and when we go to a 1024-bit key, we get some really strong security. When you choose your encryption approach, you'll need to perform your own cost-benefit analysis and select a key length that balances your security goals with the speed of encryption and decryption. Finally, you'll need to decide how you will implement the algorithm that you've chosen. As with algorithm selection, it's best to adopt an implementation of your selected algorithm that's already proven. There are many software libraries and modules and cryptographic service providers available that have already implemented these algorithms successfully, so you'd be well advised to use tested and supported code rather than trying to write your own.

Contents