Re: Insecure cryptographic algorithms to avoid using?

"ykgoh" <gohyongkwang@xxxxxxxxxxx> writes:

Hi,

First of all, I'm not a cryptography researcher, just a developer who
needs encryption for my software, so I figured the best way would be to
rely on a well-tested algorithm that has been scrutinized and tested by
experts. btw, I'm not protecting national security secrets, just to
encrypt some user passwords.

user passwords? The usual way is NOT to encrypt them. The usual is to hash
them and compare the hashed trial password against the stored hash.
Otherwise there is a danger that an attack on your system would uncover all
the passwords. With the hash route that is impossible.

The best candidate would be AES. But I've been looking around Wikipedia
and there're lots of other algorithms available that are considered
secure. E.g. IDEA, Blowfish, RC4 and TEA.

So I'm wondering is it still safe to consider and use these alternative
algorithms as well?

Why?
You have an algorithm that is known to work. Why do you want to go running
around and looking at others?


What are the cryptographic algorithms that have already been proven to
be insecure fundamentally or inadequately secure due to key length as
of 2007, and thus should be avoided?

You have one that is believed secure. Are you playing around? Or do you
have a job to do?



When would be it be appropriate to use block cipher and stream cipher?

Steam cyphers are only useful if the key can be changed for each and every
stream ever used. for your situation both block and stream are
inappropriate but the latter very very inappropriate.

For block cipher, padding has to be used to round off the length of
the block to the required block size. However, encryption and security
is still possible for both even if the plaintext length is uneven and
doesn't align nicely to block size since padding can be used.

Thanks in advance.

.

Relevant Pages

  • Re: Unbreakable Encryption ? Scenarios - What encryption method would be best?
    ... DES is a well-known algorithm so there are good reasons to have a good ... > risk it by storing one of the best possible passwords (or encryption ... > Ok lets say there will be a secure channel but it will happen only ... > because the decrypting method yielded a plain text message and vice ...
    (sci.crypt)
  • Re: NESSIE primitives in StreamSec Tools
    ... Till that problem won't be entirely solved, no encryption ... >> algorithm can be considered 100% secure, not even One Time Pad. ...
    (borland.public.delphi.thirdpartytools.general)
  • Re: Encipher [WAS: Luxasm progress?]
    ... How secure is TEA? ... There have been no known successful cryptanalyses of TEA. ... It's believed to be as secure as the IDEA algorithm, ... As a simple plug-in encryption routine, ...
    (alt.lang.asm)
  • Re: Please test this encryption
    ... A message encrypted with an unknown algorithm is difficult to decode. ... security at that. ... encryption algorithm against. ... message is a function of how secure you need the message to be. ...
    (sci.crypt)
  • Re: New Encryption Idea
    ... performing the 5 reads necessary in the example algorithm results in a delay ... Panama at 400MB/sec, or RC4 at about 90MB/sec, or AES in CTR mode at ... and the speed failings of your design become very clear. ... > Manansala Encryption and Authentication System ...
    (sci.crypt)
Quantcast