
Java tutorials home
Java cryptography
Encryption intro
Keys
Symmetric encryption
AES/block ciphers
Block modes (ECB, CTR, OFB)
Asymmetric encryption
RSA in Java
Comparison of algorithms
Key sizes
Hash functions
Comparison of ciphers
Java supports a number of encryption algorithms out of the box.
Which encryption algorithm to use can depend on a number of criteria:
 how secure the algorithm is currently judged to be in the
cryptographic literature;
 the performance characteristics of the algorithm (e.g. the
"raw speed" of the algorithm, and whether it supports parallel encryption);
 how politically safe a decision it is to use a particular algorithm
(paradoxically, this doesn't necessarily depend directly on the algorithm's security);
 whether you have to interact with a legacy system.
Summary of algorithms
We compare measured speed of encryption with various algorithms available as
standard in Sun's JDK, and then give a summary of various other characteristics
of those algorithms. The encryption algorithms we consider here are AES (with 128
and 256bit keys), DES, Triple DES, RC4 (with a 256bit key) and
Blowfish (with a 256bit key).
Performance
First, the easy bit. Figure 1 shows the time
taken to encrypt various numbers of 16byte blocks of data using the algorithms
mentioned.
Figure 1: Comparison of encryption times for various common
symmetric encryption algorithms provided as standard in Java 6.
It's important to note right from the beginning that beyond some ridiculous
point, it's not worth sacrificing speed for security. However, the
measurements will still help us make certain decisions.
Characteristics
Table 1 gives a summary of the main features of each encryption algorithm, with what
I believe is a fair overview of the algorithm's current security status.
Algorithm  Key size(s)  Speed  Speed depends on key size?  Security / comments 
RC4  401024  Very fast  No 
Of questionable security; may be secure for moderate numbers of
encrypted sessions of moderate length.
RC4 has the redeeming feature of being fast. However,
it has various weaknesses in the random number sequence that it uses:
see Klein (2008)^{1}.

Blowfish  128448  Fast  No  Believed secure, but
with less attempted cryptanalysis than other algorithms. Attempts
to cryptanalyse Blowfish soon after publication are promising (Schneier, 1995^{2} & 1996^{3}).
But, unlike AES, it doesn't appear to have received much attention recently
in the cryptographic literature. Blowfish has been superseded by Twofish,
but the latter is not supported as standard in Java (at least, not in Sun's JDK).

AES  128, 192, 256  Fast  Yes  Secure, though with some reservations from the crypto community.
It has the advantage of allowing a 256bit key size, which should protect
against certain future attacks
(collision attacks and potential quantum
computing algorithms)
that would have 2^{64} complexity with a 128bit key
and could become viable in the lifetime of your data.

DES  56  Slow  –  Insecure: A $10,000 Copacobana machine can find a DES key in an average of a week, as (probably) could a botnet with thousands of machines. The simple answer is: "Don't use it– it's not safe". (RFC 4772). 
Triple DES  112/168, but equivalent security of 80/112  Very slow  No 
Moderately secure, especially for small data sizes. The 168bit variant estimated by NIST (2006) to keep data secure until 2030^{4}.
Triple DES performs three DES operations (encryptdecryptencrypt), using either two
or three different keys.
The 168bit (threekey) variant of Triple DES is generally considered to offer "112 bits of security",
due to a socalled meetinthemiddle attack.
AES offers a higher level of security for
lower CPU cost.

Table 1: Characteristics of commonly used encryption algorithms included in Java 6.
Remarks on AES
AES stands for Advanced Encryption Standard and is actually an algorithm
that was originally called Rijndael, after its inventors Rijmen & Daemen.
It is the algorithm that most people will end up using unless they have a strong reason
to use anything else:
 it is a politically safe decision:
the encryption standard of the US National Institute of Standards
and Technology (NIST), and the US government reportedly approves AES
with 192 or 256bit keys for encrypting top secret documents
(or put another way, your boss won't sack you for choosing AES...);
 it is largely considered secure, though with some reservations:
 nobody yet has (publicly) a full attack on AES, or a partial attack that
is practical (though some impractical partial attacks exist^{5});
 however, AES is algebraically simpler than other block ciphers: effectively,
it can be written as a series of mathematical equations, and there is a worry that somebody
could demonstrate a way to solve those equations (see Ferguson & Schneier,
Practical Cryptography, pp. 5758);
 the NSA may have chosen Rijndael as they secretly know how to break it,
or secretly estimated that they could develop a way to break it.
 it is fast (Ferguson & Schneier (op cit), p. 59, argue that this is the
reason it was picked over Serpent as the AES standard).
Key sizes
On the next page, we look at the issue of choosing and
setting key sizes for encryption in Java.
1. Klein, A. (2008), Attacks on the RC4 stream cipher, Designs, Codes & Cryptography 48(3).
2. Schneier, B. (1995), The Blowfish Encryption Algorithm— One Year Later, Dr Dobb's Journal.
3. Schneier, B. (1996), Applied Cryptography, Wiley & Sons, p. 399.
4. NIST (2006), Recommendation for Key Management: Part 1, p. 66.
5. See Ferguson, N. et al (2000),
Improved cryptalysis of Rijndael
and Biryukov & Khovratovich (2009), Relatedkey Cryptanalysis of the Full AES192 and AES256.
Written by Neil Coffey. Copyright © Javamex UK 2012. All rights reserved.
