Shulou(Shulou.com)06/01 Report--

Data Encryption Standard (DES) is an old symmetric key encryption algorithm that is no longer in use. It's not a very secure algorithm.

Triple DES is still safe, but it is only a good option if there is no other way. Obviously Advanced Encryption Standard (AES) is a better encryption algorithm, and NIST uses AES instead of Triple-DES as their standard (discussed in more detail below). Other better algorithms include two other variants of AES, Twofish and Serpent-also known as CAST-128, which is the perfect combination of efficiency and security. These algorithms are not only safer than DES, but also faster than DES. Why use slow and insecure algorithms?

SHA1 is a hash function, not an encryption function. SHA1 is still pretty good as a hash function, but it will take several years to develop as an encryption algorithm. If you are designing a new system, keep in mind that you may replace your current algorithm with SHA1 years from now. I repeat: only possible.

RSA is a public key encryption algorithm. RSA keys are typically 2048-4096 bits long. If your current system uses a 1024-bit public key, there is no need to worry, but you can increase the key length to achieve better encryption results.

Advanced Encryption Standard (AES) is an algorithm used to replace Data Encryption Standard (DES). Currently, 128, 196, and 256-bit keys are generally used, and all three keys are fairly secure. And the U.S. government thinks so too. They approved the AES algorithm for general data encryption with 128-bit keys, and the AES algorithm for secret and top-secret data encryption with 196-bit and 256-bit keys.

DESX is an improved version of DES. DESX works by using a random binary number to XOR the data before encryption and the data after decryption. Although this algorithm has been criticized, DESX is indeed safer than DES, although DESX is not suitable in many cases. I worked on a system that supported DES in hardware, and because there were links that couldn't tolerate the slowness of triple DES, we used DESX instead of DES in those places. However, this is a very special case. If you need to use DESX, the reason is obvious (probably similar to why I had to use DESX). But I suggest you use AES or some of the algorithms I mentioned above.

RC4 is a stream encryption algorithm commonly used for SSL connections. It has been around for many years and has many known and possible flaws, so don't use it in some new projects. If you are currently using it and can easily uninstall it, then the situation is not so bad. However, I suspect that if you are using it right now, you can't uninstall it easily. If you can't uninstall it easily, consider upgrading it in the future, but don't panic. I wouldn't refuse to buy something on a website that uses RC4 to encrypt SSL connections, but if I were to build a new system now, I would consider using another algorithm, such as AES.

For the following two algorithms MD5-RSA and SHA1-DSA, they are used for digital signatures. But don't use MD5 because it has a lot of flaws. MD5 has been known for years to have a vulnerability, but it wasn't cracked until this summer. We can use SHA1 with RSA or DSA. The number of key bits of DSA is up to 1024 at present, which is long enough, so there is no need to worry about security problems. However, it would certainly be better if NIST implemented a longer key number.

An X.509 certificate is a data structure often used to specify the order of bits and bytes, and is not a cryptographic system in itself. It usually contains an RSA key and may also contain a DSA key. But the X.509 certificate internals and certificates themselves are not encryption technologies.

wz.juzhuanmeng.com

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.