Java supports a number of encryption algorithms out of the box. Which encryption algorithm to use can depend on a number of criteria:
We compare measured speed of encryption with various algorithms available as standard in Sun's JDK, and then give a summary of various other characteristics of those algorithms. The encryption algorithms we consider here are AES (with 128 and 256-bit keys), DES, Triple DES, RC4 (with a 256-bit key) and Blowfish (with a 256-bit key).
First, the easy bit. Figure 1 shows the time taken to encrypt various numbers of 16-byte blocks of data using the algorithms mentioned.
Figure 1: Comparison of encryption times for various common
symmetric encryption algorithms provided as standard in Java 6.
It's important to note right from the beginning that beyond some ridiculous point, it's not worth sacrificing speed for security. However, the measurements will still help us make certain decisions.
Table 1 gives a summary of the main features of each encryption algorithm, with what I believe is a fair overview of the algorithm's current security status.
Algorithm | Key size(s) | Speed | Speed depends on key size? | Security / comments |
RC4 | 40-1024 | Very fast | No | Of questionable security; may be secure for moderate numbers of encrypted sessions of moderate length. RC4 has the redeeming feature of being fast. However, it has various weaknesses in the random number sequence that it uses: see Klein (2008)^{1}. |
Blowfish | 128-448 | Fast | No | Believed secure, but with less attempted cryptanalysis than other algorithms. Attempts to cryptanalyse Blowfish soon after publication are promising (Schneier, 1995^{2} & 1996^{3}). But, unlike AES, it doesn't appear to have received much attention recently in the cryptographic literature. Blowfish has been superseded by Twofish, but the latter is not supported as standard in Java (at least, not in Sun's JDK). |
AES | 128, 192, 256 | Fast | Yes | Secure, though with some reservations from the crypto community. It has the advantage of allowing a 256-bit key size, which should protect against certain future attacks (collision attacks and potential quantum computing algorithms) that would have 2^{64} complexity with a 128-bit key and could become viable in the lifetime of your data. |
DES | 56 | Slow | – | Insecure: A $10,000 Copacobana machine can find a DES key in an average of a week, as (probably) could a botnet with thousands of machines. The simple answer is: "Don't use it– it's not safe". (RFC 4772). |
Triple DES | 112/168, but equivalent security of 80/112 | Very slow | No | Moderately secure, especially for small data sizes. The 168-bit variant estimated by NIST (2006) to keep data secure until 2030^{4}. Triple DES performs three DES operations (encrypt-decrypt-encrypt), using either two or three different keys. The 168-bit (three-key) variant of Triple DES is generally considered to offer "112 bits of security", due to a so-called meet-in-the-middle attack. AES offers a higher level of security for lower CPU cost. |
AES stands for Advanced Encryption Standard and is actually an algorithm that was originally called Rijndael, after its inventors Rijmen & Daemen. It is the algorithm that most people will end up using unless they have a strong reason to use anything else:
On the next page, we look at the issue of choosing and setting key sizes for encryption in Java.
1. Klein, A. (2008), Attacks on the RC4 stream cipher, Designs, Codes & Cryptography 48(3).
2. Schneier, B. (1995), The Blowfish Encryption Algorithm— One Year Later, Dr Dobb's Journal.
3. Schneier, B. (1996), Applied Cryptography, Wiley & Sons, p. 399.
4. NIST (2006), Recommendation for Key Management: Part 1, p. 66.
5. See Ferguson, N. et al (2000),
Improved cryptalysis of Rijndael
and Biryukov & Khovratovich (2009), Related-key Cryptanalysis of the Full AES-192 and AES-256.