I am creating a multiplayer game and want to encrypt the host player's ip so that it is not visible to others. It does not have to be complicated encryption because the game will not be massively shared, but it wants some encryption. Nice as if it were in blueprints.
MD5 encrypt plugin is encrypting string, but you cant decrypt with this.
I am planning to create an application that has to be able to securely (that is, encrypted) send messages between clients. These messages may include images and videos (up to 50MB in size). Due to how public-key cryptography works, the encryption process has to be run once for each public key.
For these reasons, I am looking for an algorithm that can encrypt the media fairly quickly on modern devices (eg. mid-level smartphones).
I am asking the question because all algorithms I came across (Blowfish and RSA for example) have a relatively small payload limit, which means that even an image will not fit into it.
Don't roll your own protocol. You're thinking about this at a far too low level. People who know exactly what they're doing have a hard time writing secure code. You don't even know where to start, so you don't stand a chance of getting it right.
If you can establish a direct connection between the two endpoints, use TLS. If you can't establish a direct connection, consider using TLS and relaying the encrypted packets; if that's impractical, use Signal. TLS is ubiquitous; your operating system(s) probably come with an implementation in their default installation. Signal is less ubiquitous, so you'll probably have to embed a library. Make sure to keep up with updates to this library. And once again, don't implement your own library.
Under the hood, all systems that use public-key cryptography to store or transmit more than a few bytes of data use hybrid cryptography. Public-key cryptography is used to establish a symmetric key and authenticate the data, and symmetric cryptography does the heavy lifting.
For example, RSA can be used to encrypt a symmetric key. It's pretty difficult to get it right in practice, however. It's also slower than more modern methods that use elliptic-curve cryptography. TLS can use RSA encryption, but this is deprecated. TLS preferably uses an (elliptic curve) Diffie-Hellman key exchange and an RSA or (EC)DSA signature to set up the secure connection. If you'd like more explanations about how TLS works, read an overview of the protocol, a history of problems and how they were resolved, and an explanation of why RSA encryption is problematic.
Note that Blowfish has been obsolete for a while. If you ever need to choose a specific symmetric cryptosystem — which usually means you're doing it wrong — pick AES-GCM, AES-CCM or ChaCha20-Poly1305.
You are correct about the input size for RSA. In general, for any public key cryptography, the input size of limited and as opposed to your needs, it's quite a bit slower than what you need. Public key cryptography is usually used to share small pieces of data.
For example, in the TLS implementation using RSA (TLS_RSA_WITH_AES_128_GCM_SHA256), the RSA step is used to share a symmetric key, generally, AES, between 2 parties and then all the heavy lifting is done by AES.
What you need is a symmetric encryption algorithm. You can use AES (key sizes of 128, 192 or even 256) to encrypt your images which can be of any size. AES is a block cipher and, using a suitable block cipher mode, theoretically does not have an input limit to it. AES-128 is a fairly standard NIST approved (FIPS 197) symmetric encryption scheme, so it should be safe, but you can always go for a higher key size, say 256.
Since, you have the security of the algorithm defined, we can now talk about the speed.
RSA:
$ openssl speed rsa2048
Doing 2048 bit private rsa's for 10s: 296 2048 bit private RSA's in 10.00s
Doing 2048 bit public rsa's for 10s: 6171 2048 bit public RSA's in 9.99s
LibreSSL 2.6.5
built on: date not available
options:bn(64,64) rc4(ptr,int) des(idx,cisc,16,int) aes(partial) blowfish(idx)
compiler: information not available
sign verify sign/s verify/s
rsa 2048 bits 0.033784s 0.001619s 29.6 617.7
AES-128 in GCM mode
$ openssl speed aes-128-gcm
Doing aes-128 gcm for 3s on 16 size blocks: 3778792 aes-128 gcm's in 2.99s
Doing aes-128 gcm for 3s on 64 size blocks: 1611239 aes-128 gcm's in 3.00s
Doing aes-128 gcm for 3s on 256 size blocks: 485243 aes-128 gcm's in 2.99s
Doing aes-128 gcm for 3s on 1024 size blocks: 125054 aes-128 gcm's in 2.99s
Doing aes-128 gcm for 3s on 8192 size blocks: 15366 aes-128 gcm's in 2.96s
LibreSSL 2.6.5
built on: date not available
options:bn(64,64) rc4(ptr,int) des(idx,cisc,16,int) aes(partial) blowfish(idx)
compiler: information not available
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-128 gcm 20220.96k 34373.10k 41545.89k 42827.86k 42526.44k
You can see the difference, how AES can blow away RSA in the dust with respect to speed. Symmetric Encryption algorithms are inherently faster due to its design. Asymmetric algorithms use math operations on huge numbers and primes which are slower.
Since AES is so popular, CPU manufacturers started implementing special instructions to make AES computations more and more native (AES-NI). So AES will be faster on almost all popular CPUs.
A small note on security between RSA and AES, although it's like comparing apples to oranges.
RSA2048 offers only 112 bits of security whereas AES128 offers 128 bits of security (ref: aes-vs-rsa)
Another challenge in the above problem would be key management. How would you safely manage the keys? If the keys are to be ephemeral, i.e. session based or one key per use, then you can use RSA to exchange symmetric keys and then perform the encryption. This would guarantee perfect forward secrecy. If you want persistent keys, then obviously there are much more elaborate methods to do that which is out of scope of this question.
Does anyone knows about software with encryption of owner password stronger than 254 bit? More than 500 or 1000 bit? Algorithm may be AES or other one. It's necessary to protect my copyright laws.
I need this software to create text files in pdf, rtf or in other kind of text format, file. To publish them in the internet.
This software should be for Win system and in freeware, open source or in similar licenses.
Thanks for your help.
It is all about the quality of the key.
A 128-bit random AES key can not be brute forced so that is all that is necessary. AES supports only three key sizes: 128, 192 & 256 bits. You will also want to use a mode such as CBC or GCM with a random per encryption IV.
If a password is being used the encryption key needs to be derived from it, for that use PBKDF2, Argon2 or similar with a CPU work factor of ~100ms or greater. Verify that the password/passphrase is not on a list of frequently used passwords such as at SecLists.
I have a pair of transceivers connected to the micro-controller from Port A, and a MM232R connected to Port B on a separate PCB. Each transceiver will send encrypted data, while MM232R will receive a decrypted data. I need write encryption algorithm and decryption code. Can anyone give me idea on how to go about it? I am new to programming and encryption algorithm.
I'm not sure about the ROM/RAM limits of the PIC18F1320, that is the main constraint.
This page contains an implementation of AES on a PIC18F4620. It uses 2K words of ROM and 240 bytes of RAM.
This other page seems to have an implementation of RSA on a PIC18F4550, but it warns that it is very slow (which does't surprise me, since RSA encryption requires modular arithmetic on large integers).
I just installed a SSL certificate. This certificate is encrypted with 2048 bit encryption.
However, the cypher is 128 bit encryption(or 40, or some other variation depending on the browser.)
It seems that there are two different types of encryption here. The "handshake" encryption of 2048 and the "over the wire" encryption of some magnitude smaller.
Do I have this right in theory? Can anyone explain it better?
I have been all over the Google and cannot find a clear explanation of the difference between the two.
There is a good entry in Wikipedia.
You are right, there are two kinds of encryption going on. The first one is asymmetric encryption or public key encryption - this is the one with the larger key. The second type is symmetric encryption with the smaller key.
The first type of encryption (asymmetric - larger key) is used to negotiate what type of symmetric encryption the client and the server will use. They'll also exchange the session key that they'll use. This is the handshake process and this is encrpyted using the asymmetric encryption
The session key is basically the key that they'll use when sending the real data, encrypted by whatever type they've decided on the handshake process. This is the symmetric encryption part.
It is true that symmetric encryption typically uses much fewer bits for its key length. The reason is because symmetric encryption is much stronger at a given number of bits.
Asymmetric encryption (where each side has a different key) is much harder to pull off. It is more computationally intensive and therefore only used for the handshake portion or for encrypting a symmetric key that the rest of the message uses.