Choosing a Cryptographic Algorithm

Throughout this chapter we’ve shown how objects from the Java Security API, such as KeyPairGenerators and Ciphers, can be created by specifying a particular cryptographic algorithm for the implementation of the object. We haven’t yet discussed the issues involved in picking one algorithm over another.

Features of Cryptographic Algorithms

Cryptography includes a broad range of techniques under its umbrella. Some of the characteristics that distinguish one technique from another follow.

Level of protection

Some encryption techniques provide a virtually unbreakable barrier to information theft; others just require a determined attacker with moderate resources to be broken. One way to compare techniques on this level is to estimate how much CPU time would be required on a machine of a given processing speed to iterate through all the possible keys to the encoded data. For example, “A 128-bit XYZ cryptographic key requires 14.5 months of CPU time on an Acme 24-processor server to be broken.” But other issues can affect the level of effort required to break the encrypted data, and make it difficult to objectively compare the security of encryption techniques. For example, if the attacker is not familiar with the format of the data being transmitted, and the data isn’t easily interpreted on its own, then it may be tough to tell if an attempt to decode the data has worked or not.

Sophistication and complexity

Encryption techniques are usually based upon ...

Get Java Distributed Computing now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.