Hello Engines!
Ranking Toolbox
WISE-FTP
Home
WinSurvey
Company
Password Depot is used at SAP by approx. 40,000 employees worldwide.
How do the encryption algorithms Rijndael and BlowFish work?
It can be dangerous to try and transport strictly confidential information to a secure place without unauthorized persons having acces to it. For centuries people have always tried to create cryptographic languages that could not be decoded easily. From the ancient Rome to the Second World War until today, heads of state and other powerful persons have spread orders and important information encoded to mislead enemies or to keep information away from unauthorized persons.
Unfortunately, these encryption methods could always be decoded easily. For example, cryptographic languages created by moving letters (e.g. today is a nice day = tod ayi sani ced ay) could be detected easily. The problem with all, even the most elaborate cryptographic languages is that once the cipher has been found out, every text can be ’translated’. With the use of computers it has become impossible to keep secret a cipher created by moving letters.
Today the use of different encryption methods has become necessary to hide confidential information. These methods also use a key which is only known to the sender and the recipient. Encoding and decoding of information is effected by means of so-called encryption algorithms. An encryption algorithm is a mathematical procedure which indicates how the data is converted.
For encoding your confidential information, Password Depot uses encryption algorithms like Rijndael and BlowFish. These security algorithms and their functioning is explained in the following:
Rijndael
The U.S. National Bureau of Standards created a complicated encryption standard called DES (Data Encryption Standard) which offered unlimited ways to encrypt data. This encryption standard was replaced by Rijndael encryption. The name Rijndael is composed of the names John Daemon and Vincent Rijmen, two Belgian cryptology experts and authors of this method. Rijndael uses a key for encryption that has a size of 128, 192 or 256 bits, which provides high protection against brute force attacks. In additon, this encryption method also works three times faster in software than DES. This method can be used for securely exchanging keys as well as transferring data with a size of 128 or 256 bits.
This is how the encryption algorithm Rijndael works
The Rijndael encryption method is based on replacing, changing and performing xor operations on bytes.
The method looks like this:
- From the 128-bit key, Rijndael generates 10 keys of 128 bits each.
- These keys are placed into 4x4 arrays.
- The plain text is also divided into 4x4 arrays (128 bits each).
- Each of the 128-bit plain-text items is processed in 10 rounds (10 rounds for 128-bit-keys, 11 for 192, 13 for 256).
- After the 10th round the code is generated.
- Each single byte is substituted in an S box and replaced by the reciprocal on GF (2 8).
- Then a bit-wise modulo-2 matrix is applied, followed by an XOR operation with 63.
- The lines of the matrices are sorted cyclically.
- The columns of the matrix multiplication are interchanged on GF (2 8).
- The subkeys of each round are subjected to an XOR operation.
The security level of this encryption method increases if Rijndael is performed several times with different subkeys.
BlowFish
BlowFish/TwoFish is a widespread security algorithm which was published by Bruce Schneier in the beginning of the year 1994. This algorithm works similar to DES and it uses block coding with blocks of a size of 64 bit. BlowFish was spread very fast after its publication, due to the fact that Bruce Schneier is one of the most famous cryptology experts and that this algorithm can be used without paying a licence fee. In addition, using this algorithm data can be en- and decoded with high speed. If the routine for BlowFish is implemented in software, a disk space of less than five kilobytes is sufficient. You can vary the size of the key as as you like up to 448 bits. That is why this algorithm with its 2,448 different possibilities is protected against any brute force attacks.
This is how the encryption algorithm BlowFish works:
BlowFish defines two different S boxes, a P box and four S boxes. The P box P is a one-dimensional field with 18 32-bit values. The boxes contain accidental values, which are implemented in the code or generated during each initialization. The S boxes S1, S2, S3, S4 each contain 256 32-bit values.
The BlowFish initialization looks like this:
- The key string is converted into 32-bit-values.
- The entire content of the P box is substituted by the XOR-processed values
- The P box is now encrypted like the S box.
BlowFish encryption (block size: 64 bits, rounds (r): 16):
- The data element is divided into two parts L and R, each of 32 bit.
- L is XOR-processed with P r.
- R is XOR-processed with f(L).
- L and R are interchanged.
- This is done 16 times, until r =16.
- R is XOR-processed with P 17.
- L is XOR-processed with P 18.
Explanation of function f:
- The incoming 32-bit-value (L in this case) is divided into four 8-bit-vectors: X1, X2, X3, X4.
- With the help of these vectors a 32-bit value is selected from every S box.
- The result is linked by addition and subjected to an XOR operation: S1 X1+S2 X2+S3 X3+S4 X4.
For decoding data, the entire process is performed vice versa.
Brute Force Attack
Brute Force Attacks are very dangerous, as all keys possible are used to attack an encryption method. The attacker can easily spread a virus on the Internet trying out keys in the background and delivering results by a server. With this kind of attacks it is possible to crack DES in only short time. Modern methods like BlowFish and Rijndael are protected against Brute Force Attacks, as their key sizes can be higher than 128 bit.
And one thing is for sure: As you can vary the key size for Rijndael and BlowFish as you like, these two security algorithm are considered to be uncrackable for the next hundred years!