Crypto FAQ
A: It depends on your threat model, but generally anything with a cryptographic strength of 100 bits or above against the best known attack should be considered secure. It is important to remember that while key length grows linearly, the cryptographic strength of the algorithm grows exponentially. For example, a 101 bit key is twice as strong as a 100 bit key (against brute force).
Examples of insecure algorithms:
DES − a symmetric algorithm that was first published in 1975. It had 56 bits of entropy and was secure at the time, but has since become vulnerable to brute force and obsolete.
MD5 − a hash function with serious security flaws that allowed for collision attacks to appear.
SHA-1 − a hash function that is still widely used, but is planned to be obsoleted later this year. Information about a theoretical collision attack with a complexity of 57 bits was first published on the 8 October 2015 and on 23 February 2017 Google demonstrated an attack with the approximate complexity of 63.1 bits that has successfully found collisions.
RSA-1024 − this asymmetric algorithm has not been publicly broken yet, but developments in cryptanalysis against the algorithm have decreased its cryptographic strength to less than 80 bits, making it vulnerable to attacks in the near future.
Examples of algorithms that can still be considered secure:
AES − even in its weakest form, AES-128 is cryptographically secure and is going to remain secure in the foreseeable future.
3DES − not to be confused with simple DES, this implementation of the algorithm uses 3 iterations of regular DES for encryption. It has a cryptographic strength of 112 bits against the meet-in-the-middle attack, it is used in low power devices, such as smart cards and can be considered relatively secure.
All public key algorithms with a cryptographic strength of 100 bits or above − these algorithms are secure and are going to remain secure against attacks by traditional computers, however all of these common methods of asymmetric encryption are likely to soon become obsolete with the rise of quantum computers, due to them being able to perform certain mathematical tasks, many of which are related to these algorithms, in polynomial time.
A: Key length is, as the name states, simply the length of the key. Cryptographic strength is the amount of bits of entropy that an algorithm has against the best known attack. For example, 3DES has the key length of 56*3=168, due to it being three iterations of a 56 bit DES key, but the cryptographic strength of 3DES is only about 112, because of the meet-in-the-middle attack, which allows the adversary to attack one of the iterations separately from the other two.
As another example, this image demonstrates the cryptographic strength of public key algorithms:
A: All cryptographic cyphers require two keys: a key that is used for encryption and a key that is used for decryption. In case of symmetric algorithms those two keys are identical, meaning that to decrypt a message the recipient has to have the same key that was used for encryption. On the other hand, if an algorithm is asymmetric, the key used for decryption is different from the key used for encryption. All public key cryptosystems are asymmetric, because they use a pair of a public key and a private key, which allows anyone to encrypt a message using the public key, but only the intended recipient is able to decrypt it using the corresponding private key.