Which encryption algorithms are the most secure?

Mon Apr 22 2019 - 8 min read

Encryption has turned into a buzzword. We hear all the time how encryption can protect various communications from snooping. Many internet users have discovered encrypted email or messaging apps and VPNs to secure their connection. .

Meanwhile, governments have their own worries about encrypted services — they want the ability to access various accounts in the matter of emergency. That's why they are demanding backdoor access to encrypted services through legislation. Naturally, these new laws get loads of media attention, putting encryption into the spotlight.

And this is when we start to see a lot of random letters and numbers specifying encryption — like AES-256, RC6, 2DES, QUAD, or DSA. But if you're just a regular guy concerned about your privacy and security online, all these abbreviations can be difficult to digest. We hope that this article will help you understand them better.

What are the different types of encryption algorithms?

There are many different encryption algorithms. Below we’ve covered the most common ones.

  • RC6 (previous versions are RC4 and RC5) is a symmetric (private key) encryption algorithm. Ron Rivest, Matt Robshaw, Ray Sidney, and Yiqun Lisa Yin designed it for the AES competition. The recipient of the encrypted data can only access it with a private key shared by the sender. RC6 was not designed for general use and has limits on the amount of data that can be encrypted. There are no known attacks which weaken RC6 to the point that breaking was doable in reality.
  • The Advanced Encryption Standard (AES) is another symmetric algorithm, which encrypts data in one fixed-size block at a time. AES may have keys of different length, such as AES-128, AES-192, or AES-256. Although 128-bit is both efficient and safe, encrypted services use AES-192 or AES-256 more often to ensure maximum security.
  • Triple Data Encryption Standard (Triple DES) is a newer version of the Data Encryption Standard (DES) and is widely used by financial services. This algorithm uses a 56-bit key but encrypts data three times, turning it into a 168-bit key. However, some experts argue that it's more like a 112-bit key. The triple encryption process makes it much slower compared to other algorithms. Also, because it uses shorter data blocks, it may be easier to decrypt and leak data. As more modern and faster technologies emerge, this one is being slowly phased out.
  • Blowfish is a private key encryption method designed by Bruce Schneier. It was introduced in 1993 as a fast, license-free alternative to other popular encryption algorithms at the time. Many cryptographers are still examining this algorithm and trying to confirm that it is hack-proof.
  • RSA is named after Ron Rivest, Adi Shamir, and Len Adelman. As an asymmetric encryption (public key) algorithm, it uses two keys: public and private. The public key is used to encrypt the data and the private one to decrypt it. RSA is common but not for encoding the actual data that passes through the internet. Instead, it is used to encrypt the keys of another algorithm, especially when you need to share your private key. A 768-bit RSA key has reportedly been broken, but nowadays most RSA keys are 2048-bit and 4096-bit. That makes it a secure solution for private key encryption, although it's also the reason why it’s very slow.
  • A Diffie-Hellman algorithm is named after its creators Whitfield Diffie and Martin Hellman. It's one of the first protocols for exchanging keys securely over a public channel. Like RSA, Diffie-Hellman relies on the extreme difficulty of factoring the product of large prime numbers. It is normally used for SSL, SSH, PGP, and other PKI (Public Key Infrastructure) systems. So every time you go on a website with a padlock icon next to its URL, your device has used Diffie-Hellman.
  • The Digital Signature Algorithm (DSA) is another public key algorithm. The National Institute of Standards and Technology (NIST) proposed it for secure electronic signatures back in 1991. Like all asymmetric encryption methods, this algorithm has private and public parts in its encoding process. The person who signs is the private part, and the person who verifies the signature is the public one. DSA is the US national standard, now used in both unclassified and classified communications.
  • El Gamal is a public key encryption algorithm created in 1984 by Taher ElGamal. It's a simplified Diffie-Hellman algorithm's option that allows encryption in one direction without the necessity of active participation of the second part. It's a common alternative for RSA. The key disadvantage of this algorithm is that the ciphertext is twice as long as the plaintext. And the biggest advantage is that the same text produces a different ciphertext each time it's encrypted. It has repeatedly been proven to be a safe encryption method.

So which types of encryption algorithms are the most secure?

There is no single correct answer to this question. When trying to answer it, most cybersecurity experts would add that it really depends on where each algorithm is used. As we learned from this and other articles about encryption, all encryption methods have different advantages and disadvantages. So in many cases, asymmetric encryption needs to be used in conjunction with symmetric encryption.

For large message encryption is safer to use service that uses the AES encryption. Many cybersecurity experts agree that this algorithm is so far one of the fastest and most secure to date. It's also recognized as a U.S. Government standard by the National Institute of Standards and Technology (NIST). That means it's used to protect classified information, as well as their most important hardware products. Hence the military-grade encryption name, concept that is used by many brands.

Symmetric encryption has its own downsides, such as the need to share private keys. Here, the asymmetric RSA algorithm comes into play, making this combo (AES and RSA combined) a very safe option. But to stay ahead of the game, you always need to follow the news and make sure that the algorithms you trust haven't been compromised.

Benjamin Scott
Verified author
Ben is our tech geek. He analyses difficult topics and brings them to the reader in a nice and simple language. In his free time, he loves to compete, so he likes to participate in various marathons and triathlons.
Get rid of password stress. Forever.

NordPass is a password manager that helps you store and autofill your passwords easily. Join a community of more than 20,000 people who already entered our waitlists. Sign up now and get the news as soon as NordPass is ready!

No spam, just information about NordPass and other relevant news.