5.2. Figuring Out Which Encryption Algorithm Is Best

Problem

You need to figure out which encryption algorithm you should use.

Solution

Use something well regarded that fits your needs. We recommend AES for general-purpose use. If you’re willing to go against the grain and are paranoid, you can use Serpent, which isn’t quite as fast as AES but is believed to have a much higher security margin.

If you really feel that you need the fastest possible secure solution, consider the SNOW 2.0 stream cipher, which currently looks very good. It appears to have a much better security margin than the popular favorite, RC4, and is even faster. However, it is fairly new. If you’re highly risk-adverse, we recommend AES or Serpent. Although popular, RC4 would never be the best available choice.

Discussion

Warning

Be sure to read this discussion carefully, as well as other related discussions. While a strong encryption algorithm is a great foundation, there are many ways to use strong encryption primitives in an insecure way.

There are two general types of ciphers:

Block ciphers

These work by encrypting a fixed-size chunk of data (a block). Data that isn’t aligned to the size of the block needs to be padded somehow. The same input always produces the same output.

Stream ciphers

These work by generating a stream of pseudo-random data, then using XOR[1] to combine the stream with the plaintext.

There are many different ways of using block ciphers; these are called block cipher modes . Selecting a mode ...

Get Secure Programming Cookbook for C and C++ now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.