Avoid Weak Encryption

Estimated read time 2 min read

The idea behind encryption is a good one – protecting the integrity and confidentiality of your data.


Encryption uses algorithms. The concept of an algorithm is similar to that of a recipe. It describes a series of steps taken in a predefined sequence to obtain a result.


Not all algorithms are created equal. Over time encryption algorithms may become known as ‘weak’. That means that exploits are discovered and there are known processes that have been developed to reverse encryption and view your content.


Just because a service or software advertises the use of encryption does not necessarily mean that they are using modern strong encryption.


And be aware that some algorithms were introduced by the NSA, including SHA-1 and SHA-2. (SHA-2 also includes related algorithms such as SHA-256). SHA is short for Secure Hash Algorithms. SHA-3 was created without direct NSA involvement and is considered a modern, preferred algorithm.

Encryption types that are dangerously weak include MD5, RC4, DES, Blowfish, SHA1. 1024-bit RSA or DSA, 160-bit ECDSA (elliptic curves), 80/112-bit 2TDEA (two key triple DES).

Strong encryption types include SHA-3, AES, RSA and Elliptic-curve cryptography (ECC).


Key takeaways for TIs would be to research the encryption algorithms utilized by the software you are considering using. Use of encryption on its own does not guarantee security. Some utilities may give you an option to select which algorithm to use, for example in using VeraCrypt to encrypt your files you get to select the algorithm used.

References:
Wikipedia Contributors. (2020, January 16). Secure Hash Algorithms. Wikipedia; Wikimedia Foundation. https://en.wikipedia.org/wiki/Secure_Hash_Algorithms

WSTG – Latest | OWASP. (n.d.). Owasp.org. https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/09-Testing_for_Weak_Cryptography/04-Testing_for_Weak_Encryption

image is creative commons public domain. source: https://picryl.com/media/hard-drive-hdd-technology-science-technology-3de53c

targetedtechtalk@protonmail.com

You May Also Like

More From Author