DES
DES stands for Data Encryption Standard, and it is a block cipher originally designed at IBM in the 1970s. DES utilizes a cipher block size of 64 bits, and also the key size is 64 bits. The algorithm will take a 64-bit block of plaintext, operate an initial permutation on the block, split the block into two 32-bit halves, and then process them in an alternating fashion by XORing them against a portion of the key. This process repeats for 16 rounds until a final permutation occurs. The result is the DES ciphertext.
DES is vulnerable to a brute-force attack, like other ciphers, where an attacker will be able to perform a check against all possible keys. Because the key length in DES is 56 bits (64 minus the last 8 bits for parity check), the key is relatively short and thus makes a brute-force attack feasible. Still, even though DES is vulnerable it was not until it had been present in the market for more than 20 years before an attack was successfully demonstrated.
Because of its vulnerabilities, DES is not favored for many applications; however, there is a superseding implementation that is still widely utilized: Triple DES.
Triple DES is a way to increase the key size of the DES algorithm by essentially running the process three times. The overall design is the same but chooses three keys. The first key is used to encrypt the plaintext. The second key is then used to decrypt the first encryption. Finally, a third key runs DES again in order to generate the ciphertext. These keys can be either all the same, one different, or all three different, and they vary in strength according to the differences in keys, because essentially you are determining the key length of the cipher. While there are still known attacks against Triple DES, it is a more secure option than DES by itself.
RC2
RC2 (or Rivest Cipher 2), also a block cipher, was created by Ron Rivest of RSA fame in the late 1980s. The RC2 cipher is composed of 64-bit blocks, like DES, and it incorporates 18 rounds in the algorithm. There are 16 rounds of
Chapter 6 ■ ImplementIng SeCurIty and Cryptography
RC4
RC4 is a stream cipher also designed by Ron Rivest in the late 1980s. It is well known for its speed and simplicity. This cipher works by generating a stream of near random bits, which are used for the encryption. This happens in two steps: first, there is an array generation step, then a pseudo-random generation step. The output is generated by looping through the semirandom bytes of the array two at a time, swapping values of each in the array, then processing those modulo 256. The result is used to look up the sum of this operation in the bytes array.
RC4 has been widely used in many applications, such as TLS, Wired Equivalent Privacy (WEP), and Wi-Fi Protected Access (WPA). However, it is not impenetrable to attack vectors partially due to the pseudo-random values. Because of this, in 2001, WEP encryption of wireless networks was attacked, and this prompted a subsequent implementation for wireless encryption.
CAST
CAST is a block cipher. It is widely used in versions of PGP and GNU Privacy Guard (GPG) encryption. The algorithm itself utilizes key sizes from 40 to 128 bits and will run either 12 rounds or 16, though 12 only occurs if the key size is fewer than 80 bits. The underlying function consists of eight 32-bit substitution boxes that are based on other various algorithms, such as XOR, modular addition, bent functions, and rotations. There are three different round functions that are used in the CAST cipher. The first version of the round function is used in rounds 1, 4, 7, 10, 13, 16; the second on rounds 2, 5, 8, 11, 14; and the third with rounds 3, 6, 9, 12 and 15.
CAMELLIA
The Camellia cipher is another 128-bit block cipher, and its block size is 16 bytes. The key size is variable between 128, 192, and 256 bits. Camellia is another Feistel cipher that will use 18 rounds if using 128-bit keys or 24 rounds when using the larger key sizes. Like CAST, Camellia uses substitution boxes. For Camellia these boxes are 8-bit by 8-bit boxes and four of them are utilized. There is a special transform applied to this cipher every six rounds.
BLOWFISH
The Blowfish cipher is a block cipher designed by Bruce Scheiner. It is highly regarded, even though it is vulnerable to vectors, including a differential attack. The block size is 64 bits and the key can be anywhere from 32 to 448 bits. It utilizes 16 rounds and large S-boxes. The speed of this algorithm is 8.3 MB/s on a Pentium at 150 Hz.
There are several well-known password management products that utilize Blowfish. These include 1Password, Password Safe, and Password Wallet, among others. It is also utilized in GPG and many file and disk encryption softwares.
AES
AES (aka Rijndael), or Advanced Encryption Standard, is an encryption algorithm designed to supersede DES. AES has a block size of 128 bits, and key sizes can be 128, 192, or 256 bits. AES will operate in 10 rounds for the 128-bit keys, 12 rounds for 192-bit keys, or 14 rounds for 256-bit keys. The process of the AES cipher operations on a 4-byte by 4-byte matrix is called the “state.” The process first expands the key by using a Rijndael key schedule and then the rounds can begin.
The first round is known as “AddRoundKey,” which extracts a subkey, and a byte from the state is combined by using XOR.
This begins the remaining rounds with exclusion of a final round. The rounds start by executing a “SubBytes” step that replaces each byte in the “state” by way of an 8-bit substitution box. This is followed by a “ShiftRows” step, which will shift all the values of the rows by a set amount. This amount varies per row. The next step is the “MixColumns”
Chapter 6 ■ ImplementIng SeCurIty and Cryptography
step. In this step a column in the “state” is combined by using an invertible linear transform. Through this step, each column is essentially transposed by multiplication with a known polynomial or matrix to get the resultant mixed columns. Then there is another “AddRoundKey” step.
After the rounds complete, there is a final round that operates in the same way as the previous rounds except the “MixColumns” step is omitted. The result is the AES ciphertext.
AES is vulnerable to a related-key attack, distinguishing attack, and key-recovery attack. However, the complexity of these attacks is nontrivial and AES is still fundamentally secure. In fact it is arguably the most widely used
encryption cipher in practice today.
It is used to encrypt file archives in instances of 7Zip, RAR, and WinZip. Other places where AES is used is a disk encryption technology like BitLocker. Also using forms of AES are GPG, IPsec, IronKey, OpenSSL (the wrapper from which Node.js’s crypto derives), Pidgin, and the Linux Kernel Crypto API. There are, of course, many more places where AES is being used today but these are just a handful.
There are various ciphers at your disposal when you build your Node.js application. You should choose the implementation that suits the particular needs of your solution and keep up to date on changing standards and new implementations.