What are the differences between these encryption algorithms?

Question

What are the difference between MCRYPT_RIJNDAEL_128, MCRYPT_RIJNDAEL_256, MCRYPT_BLOWFISH, etc. Which one is best suitable for data transfer on web?

Answer 1

Both Rijndael and Blowfish are considered to be secure.

MCRYPT_RIJNDAEL_128 vs MCRYPT_RIJNDAEL_256:
The only difference is the block size. You can use either with 128 bit, 192 bit, or 256 bit keys.
Bigger keys take longer to brute-force.
The 256-bit version is therefor more secure.
Note: The 128-bit version still takes lots of time time to brute-force.

Currently Rijndael is the Advanced Encryption Standard:
http://en.wikipedia.org/wiki/Advanced_Encryption_Standard

AES is generally faster then Blowfish because:
- The algorithm itself is more efficient for processors (bit vs byte blocks).
- Manny processors support hardware acceleration for AES.

Conclusions:
- All three options are secure enough for data transfer.
- The choice depends on how 'secret' the data is.
- Rijndael is wider used and therefore easier to implement is some situations.

Answer 2

Rijandel is another name for AES, the current "one good standard" algorithm. The number 128 or 256 is the key length.

Blowfish is a somewhat older 64 bit block cipher (AES is a 128 bit block cipher).

You can't really say that either of them is any "better" or "worse", because none of them has really been broken, but in general AES should be superior, and most implementations are faster too. Also, the most modern CPUs support AES in hardware, which will make it even faster... so there is little reason not to use AES.

As for key length, 128 bits is actually quite sufficient for a symmetric cipher. Unless of course you are the keeper of your country's nuclear weapon codes, in that case you will want to use 256 bit keys instead.

Note that if you want to use a 256 bit key in a sensible manner, then you will need a password of around 40 characters. Which shows once again that the crypto algorithm is not the weak link in the security chain, but the human is.

Edit: On a second thought, 50-60 characters is probably a more reasonable guess for the required password length on a 256 bit key. English language has considerably less than 2 bits of entropy per character. Let's assume you use a somewhat more random character sequence of letters and digits (one must still be able to remember it, though...), so maybe we'll have 4-5 bits of entropy per character (quite optimistic!). That would require you to type in between 51 and 64 characters, so the password's entropy roughly matches the key's.

Now the question is: How many of us have a 50 character password? :-)

Update:
As of late 2011, there exists a key-recovery attack on Rijndael/AES (Bogdanov, Khovratovich, Rechberger) which is not one of the "mostly theoretical" or "hilarious reduced round" kind of attacks. The attack works on full-round AES and is about 4 times faster than brute force. Formally, one may therefore consider Rijndael being "broken".
Practically, the attack is to date irrelevant. Even with the shortest supported key length, an attack four times faster than brute force requires 2¹²⁶ operations, which is not practical even with a massive hardware implementation. However, this might change in the future if the attack can be improved.