Previous Page | Next Page

  1. Introduction
  2. Security Functions
  3. Algorithm and Protocol Types
  4. Security Protocols
  5. Security Attacks
  6. Terms
  7. Credits

Security Protocols

Many of the protocols listed are from the book, "Applied Cryptography" by Bruce Schneier and are listed for reference only. They are grouped by their function. Some may have overlapping functions. For more details about their strengths, weaknesses, and characteristics, please read "Applied Cryptography".

Key exchange Algorithms

  • Conference Key Distribution
  • Diffie-Hellman
  • Encrypted Key Exchange (EKE)
  • Shamir's Three Pass Protocol
  • Tatebayashi-Matsuzaki-Newman

Public Key Cipher Algorithms

  • ElGamel
  • LUC
  • McEliece
  • Knapsack
  • Pohlig-Hellman
  • Rabin
  • RSA - Public key algorithm for digital signatures

Public Key Digital Signature Algorithms

  • Cellular Automata
  • DSA (NSA)
  • GOST
  • Ong-Schnorr-Shamir

Block Cryptographic Algorithms

These algorithms encrypt data in blocks. Each block is a specific number of bits.

  • 3-Way - Uses a 96 bit key and block length. No known cryptoanalysis has been done. It appears to be a good algorithm. *
  • Blowfish - Created by Bruce Schneier for the public domain. Key length varies up to 448 bits with a 64 bit block. Not secure if the number of rounds are reduced but otherwise it is a good algorithm in the public domain.
  • CA-1.1 - 1088 bit key with 384 bit blocks. Strength is untested.
  • CAST - Uses a 64 bit key and block size. Resists linear and differential cryptoanalysis.
  • CRAB - Similar to MD5. Uses a 1024 bit block and can accept variable length keys. No key generation is included. Not intended as a working algorithm.
  • DES - Data Encryption standard also known as data encryption algorithm (DEA). Symmetric with 56 bit key.
  • FEAL - Uses 64 bit keys and blocks. Weak against plaintext cryptoanalysis attacks.
  • GOST - Developed in the USSR, it uses 64 bit block with a 256 bit key. Secure against brute force. May be a good algorithm. *
  • IDEA - International Data Encryption algorithm uses a 128 bit key and 64 bit block. This algorithm appears strong and is recommended as the most currently secure algorithm by some experts. It is twice as fast as DES.*
  • Khafre - 64 or 128 bit keys. Can be broken using plaintext attacks.
  • Khufu - Uses a 512 bit key and 64 bit block. Secure against brute force attacks.
  • LOKI - Uses a 64 bit block and 64 bit key. LOKI is not secure but LOKI91 is more secure if keys are managed correctly.
  • Lucifer - Not very secure.
  • MMB - Modular Multiplication based Block cipher uses a 64 Bit block and a 128 bit key.
  • RC2 - Variable key size with 54 bit block. This algorithm is not public.
  • RC5 - Block and key size are variable.
  • REDOC II - Uses a 160 bit key with an 80 bit block. Strong against brute force attacks
  • REDOC III - Uses a variable key length and 80 bit block. Fast but not secure.
  • SAFER - Secure And Fast Encryption Routine uses 8 byte blocks. It is secure against linear cryptoanalysis and is resistand to differential cryptoanalysis. It has the following variants:
    • SAFER K-64 - 64 bit keys. There is a weakness in the key schedule.
    • SAFER K-128 - 128 bit keys. compensates for the key schedule weakness.
  • SEAL
  • Skipjack - Developed by NSA. The algorithm is secret. Uses an 80 bit key and 64 bit block. Security is unknown.
  • WAKE

Works on bytes:

  • Madryga - Key lengths are adjustable. Not recommended by some experts.
  • NewDES - Uses a 120 bit key but is not as strong as DES.

Stream Cryptographic Algorithms

These algorithms encrypt data in streams and use hardware to perform the functions.

  • A5 - It is effiecient but may not be very secure due to short registers.
  • Algorithm M
  • Gifford
  • Nanoteq
  • PKZip - Used in the PKZIP file compression program. Security is not very good.
  • Rambuyan
  • RC4
  • SEAL
  • WAKE


  • Salt - A random number string is combined with the user password before a one way function is applied to it. The salt value and the one way function result are stored on the host that authenticated the user. The password is not stroed on the host.
  • SKEY - A one way function authentication mechanism. A limited set of numbers are generated by using the function on a random number, then use the function on each result for a given number of times. The generated numbers are used only once for login.
  • SKID, SKID2, and SKID3

Combined Authentification and Key Exchange

These protocols depend on the use of a trusted server.

  • DASS - Uses symmetric and public key exchange.
  • Denning-Sacco - Uses public key exchange.
  • Kerberos - Depends on clocks synchronized with the trusted server. Uses symmetric key exchange.
  • Needham-Schroeder - Uses symmetric key exchange.
  • Neuman-Stubblebine - Is an improvement on Yaholom and does not depend on synchronized clocks to prevent a replay attack. Uses symmetric key exchange.
  • Otway-Rees - Uses symmetric key exchange.
  • Wide-mouth frog - Uses symmetric key exchange.
  • Woo-Lam - Uses public key exchange.
  • Yaholom - Uses symmetric key exchange.

Identification Schemes

  • Feige-Fiat-Shamir
  • Guillon-Quisquater
  • Schnorr

One way Hash Functions

  • GOST
  • HAVAL - Produces a variable length hash value.
  • karn
  • Luby_Rackoff
  • MD4,5,2 - Message Digest
  • N-Hash - Not very secure unless a high number of rounds are used.
  • RIPE-MD - Produces a 128 bit hash value.
  • Secure Hash Algorithm (SHA) - Creates a 160 bit hash value.
  • Snefru - If made secure, is slower than other algorithms.


Message Authentication Codes (MAC) are dependent on hash functions to authenticate messages. They are used to be sure files and messages have not been modified.

  • MAA - Message Authenticator Algorithm
  • IBC-Hash