There are three types I guess. Symmetric,
Asymmetric and Hash functions. They
all have their own purposes.
Symmetric Algorithms
This is where the same key is used to encrypt and de-crypt.
- Advanced Encryption Standard (AES)
- Key sizes: 128, 192 or 256 bits
- Block size: 128 bits
- Used in: WPA2, SSL/TLS, file encryption
- Strengths: Fast, strong and widely supported
- Data Encryption Standard (DES)
- Key size: 56 bits
- Block size: 64
- considered to be insecure
- Replaces by AES
- Triple DES(3DES)
- Key size: 112 or 168 bits
- Just works as DES 3 times over
- More secure than DES but slower and depreciated
- Blowfish
- Key size: up to 256 bits
- Block size: 64 bits
- Fast and good for software encryption
- Twofish
- Key size: up to 256 bits
- Block size: 128 bits
- Successor to blowfish, secure and flexible
- Rivest Cipher 4 (RC4)
- Stream cipher (not a block cipher)
- considered to be insecure
- Used in WEP and early versions of TLS
- RC5/RC6
- Variable key and block size
- RC6 was almost used as AES
- ChaCha20
- Stream cipher
- Modern and secure alternative to RC4
- Used in TLS and mobile encryption
Asymmetric Algorithms
This is where a public key is used to encrypt and a private key is
used to decrypt. The private key is derived from the public key.
- Rivest-Shamir-Adleman (RSA)
- Keysize: 1024-4096 bits
- Based on factoring large intergers
- Used for SSL/TLS, digital signatures
- Elliptic Curve Cryptography (ECC)
- Smaller key sizes than RSA for same security level
- Used in mobile devices, bitcoin and modern SSL
- Popular curves: secp265k1, P-256
- ElGamal
- Based on Diffie-Hellman key exchange
- Used for digital signatures and encryption
- Slower than RSA
- Digitial Signature Algorithm (DSA)
- Used for digital signatures only
- Often combined with SHA-1 and SHA-2
Hashing Algorithms
These are one way and non-reversible. These are used for data
integrity and password storage
- Message Digest 5 (MD5)
- Output size: 128 bits
- Fast but broken with collisions
- Do not use for security
- Secure Hash Algorithm 1 (SHA-1)
- Output size: 160 bits
- Broken- proven to have collisions
- Depreciated by most standards
- SHA-2 Family
- SHA-224, SHA-256, SHA-384 and SHA-512
- Secure and widely used everywhere
- Used in digital signatures, TLS and bitcoin
- SHA-3
- Newer, built on Keccak
- Resistant to attacks different from SHA-2
- Slower in software but highly secure
- BLAKE2 / BLAKE 3
- Fast and secure
- Modern alternative to MD5 and SHA-2
- Good for embedded devices and cryptographic use
Key Derivation
and Password Hashing Functions
- Password Based Key Derivation Function 2 (PBKDF2)
- Used for hashing passwords
- Includes salts and iterations
- supported in many libraries
- bcrypt
- Good for password hashing
- Includes salt and cost factor
- Slower by design to resist brute force attacks
- scrypt
- Designed to be memory intensive
- Even better protection against hardware attacks
- Argon2
- Winner of Password Hashing Competition
- Highly recommended for newer systems
- Has variants: Argon2i, Argon2d, Argon2id
Protocols and Algorithm
Standards
| TLS 1.3 |
AES-GCM, ChaCha20-Poly1305, X25519, SHA-256 |
| OpenSSH |
ed25519, X25519, ChaCha20 |
| Signal Protocol |
X3DH (X25519), AES-GCM, HMAC-SHA256 |
| WireGuard VPN |
ChaCha20-Poly1305, Curve25519, Blake2s |
| JWT Tokens |
RSA/ECDSA, with SHA-256 |
| PGP/GPG |
RSA, ECC, SHA-256 |
| BitLocker / FileVault |
AES-128/256 |