In symmetric encryption, the same algorithm and key are used when encrypting and decrypting data. That's why it's called "symmetric". Another name of the method is "secret key cryptography".
Let's assume you'd like to protect some sensitive data from unauthorized access. You could use special software and encrypt your data with a popular encryption algorithm and get an encrypted file and a byte chain (key). As a rule, a key is rather small and can be represented as plain text. You should simply keep the key in a safe place. Now, even if an unwanted person gets access to your data, that person won't be able to decrypt it without the key. To decrypt the data, you need the encryption utility itself and the encrypted file and key.
The advantage of symmetric encryption is that you need to keep secure only a key, but not the whole data. The key size does not depend on the size of the data encrypted. Despite its advantages, the method becomes useless if the data is sent over insecure (open) channels. The recipient needs the key to decrypt the data. However if you send the key over the same insecure
channels as you send the data, everyone who can intercept the data can intercept the key as well, thus, encrypting of the data becomes useless. If you have a secure channel to send the key, you might as well use it to send the unencrypted data, thus, again, there is no need for data encryption. That is why special key exchange algorithms were invented. We will get back to this later.
Key generation
Since almost any byte chain can be used as a key (the length of the chain must meet the requirements of the algorithm used), random-number generators are used to generate keys. The main goal of a random-number generator is to create a unique key, since security depends greatly on key uniqueness. The best key generator is a generator for which it is difficult (almost impossible) to guess what number (key) will be generated next. Special statistic random sequence tests are used to check the security level of random-number generators.
Pseudo-random-number generator
There are two stages in a pseudo-random numbers generation process. In the first stage, a generator obtains some variable which changes with time, say, system time, a mouse cursor position, etc. In the second stage, a generator performs a digital function and a hash function. As a result, a byte chain is created (on the basis of original variables).. If the same variables are used twice, we will get the same two hash function results. However, if at least one bit in the input variables is different, we get two completely different results.
However, such variables as system time or a mouse cursor position can be easily calculated or guessed. Such data cannot be considered random without further processing.. That is why the second stage is necessary.
Not every hash algorithm is suitable for cryptography. Nowadays, there are several popular hash algorithms. Some of them are described below.
MD5
After several unsuccessful tries (MD3 and MD4) to improve the MD2 algorithm, Ronald Rivest developed the MD5 algorithm which became very popular. It is faster and more secure than MD2 and generates a 128-bit random sequence.
SHA-1
The SHA-1 algorithm is similar to MD5, but has improved internal structure and generates a longer (160-bit) random sequence. It has been approved by cryptology experts and is recommended for use. FastTrackFTP supports SHA1_96, MD5 and MD5_96.
Block encryption and stream encryption in symmetric algorithms. Now you already know how keys are generated and how your data is prepared for encryption. When data is encrypted using symmetric algorithms, the following encryption methods are used: block encryption and stream encryption.
Block encryption
In the case of block encryption, data is divided into blocks of equal length and every block is separately encrypted using the same key. If the data cannot be divided into equal blocks, the last block will be enlarged to the required size. In thte case of block encryption, if the same data is encrypted with the same key several times, the encryption results are identical.
Stream encryption
Unlike block encryption, in the case of stream encryption, every byte
is encrypted separately. Pseudo-random numbers which are generated on the
basis of the key are used for encryption. The encryption result for each
byte depends on the encryption result of a previous byte. This method features
high performance and is used to encrypt data sent over communication channels.
Popular symmetric algorithms
RC5
RC5 uses stream encryption. RC5 is used in the SSL protocol.
DES (Digital Encryption Standard)
DES uses block encryption and a 56-bit key. It was developed by IBM and the NSA (National Security Agency) of the USA in the late seventies. Electronic Frontier Foundation cracked the key and decrypted the text encrypted with DES in less than 24 hours in 1999.
Triple DES
Triple DES has replaced DES. It uses block encryption. The basic algorithmic principles have not changed, however in Triple DES data blocks are encrypted with three different keys. Thus, Triple DES uses a 168-bit key. Later, a vulnerability lessened the time required to crack a 168-bit key to the time required to crack a 108-bit key. Basically, a 108-bit key is sufficient for quite reliable encryption today. However, in the future, it will be insufficient. One more disadvantage of this algorithm is its low processing speed.
AES (Advanced Encryption Standard)
When NIST (National Institute of Standards and Technology) announced the developers contest for a new encryption algorithm, one of the main terms was that developers must relinquish any intellectual property. This has allowed the new standard to be free. All "candidates" (algorithms) were extensively examined by the world community and on October 2nd, 2000, NIST announced the winners. They were two Belgian cryptographers: Joan Daemen and Vincent Rijmen. Since that time AES has become a world cryptographic standard and is now supported by almost all security applications.
Blowfish
Blowfish uses block encryption with a 64-bit key of variable length. The algorithm has two stages: key expansion and data encryption itself. Key expansion transforms a key into a 448-bit key. Data encryption is based on a sixteen iteration Feistel network. One of the main benefits of this algorithm is speed: most of the time is spent on key expansion which is performed only once.
FastTrackFTP supports DES, TripleDES, Blowfish, Twofish256, Twofish192, Twofish128, AES256, AES192, AES128, Serpent256, Serpent192, Serpent128, ARCFOUR, IDEA, and CAST128.