Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Which cipher to use for cross-platform

Tags:

security

cross-platform

encryption

I have multiple applications which work with one centralized Oracle database.

The applications are targeted on following platforms:

  • iPhone
  • Android
  • Windows (XP, Vista and 7)
  • Linux
  • Mac Os
  • Web applications (ASP.NET, PHP and JSP)

I want to know which kind of cipher I should use to make sure all my encrypted data will be readable (decrypted) for all my application

E.g. 3DES or RIJNDAEL_256 or TWOFISH256?

like image 336
Giraldo Avatar asked Dec 21 '11 14:12

Giraldo

People also ask

Which cipher is best?

AES - A US Federal Government standard since 2002, AES or Advanced Encryption Standard is arguably the most widely used block cipher in the world. It has a block size of 128 bits and supports three possible key sizes - 128, 192, and 256 bits. The longer the key size, the stronger the encryption.

What are the two types of secure ciphers?

Transposition ciphers keep all the original bits of data in a byte but mix their order. Substitution ciphers replace specific data sequences with other data sequences. For example, one type of substitution would be to transform all bits with a value of 1 to a value of 0, and vice versa.

What is the safest cipher?

AES. The Advanced Encryption Standard (AES) is the algorithm trusted as the standard by the U.S. Government and numerous organizations. Although it is highly efficient in 128-bit form, AES also uses keys of 192 and 256 bits for heavy-duty encryption purposes.

2 Answers

You should be able to implement those ciphers on all of the target platforms you mentioned.

As for which to use, I'd suggest Rijndael (AES) since it has received a lot of attention and has a proven security track-record.

like image 129
Polynomial Avatar answered Oct 27 '22 18:10

Polynomial

http://gpg4browsers.recurity.com/ has JS implementations for all ciphers you mentioned.

All OSes you mentioned support all of these ciphers either directly or via mcrypt.

This reduces the question to opinionizing: So here is my opinion - do NOT standardize (in the sense of hardcode) to any of those ciphers, but invest the on-time penalty to develop your apps and protocols in a way, that allows them to handshake the cipher used. This way you can trade speed for security now and are open for developments in cryptography (or cryptanalysis)

like image 32
Eugen Rieck Avatar answered Oct 27 '22 18:10

Eugen Rieck
Sign in to Comment

Related questions

How do you block specific IP adress in Ruby on Rails
Is it safe use an iframe for a payment?
How to secure php scripts?
How to clear sensitive memory in JavaScript?
Getting cryptographically secure random numbers in C++ on iOS
Why isn't my .net-calculated MD5 hash equivalent to the hash calculated on a web site?
Subversion Repository on Linux Dev
Where in the call stack should role checks be done?
php frameworks and security
Any Way to Read JAAS Configuration File from Memory
Is it possible to get RSA private key knowing public key and set of "original data=>encrypted data" entries?
C++: How to escape user input for safe system calls?
Impersonation the current user using WindowsImpersonationContext to access network drive
Securing parts of an HTTP request?
is it safe using dynamic SQL with parameters? If not, what security issues might it be exposed to?
Guaranteeing request came from local server
List of characters to be restricted for protection against XSS and SQL Injections?
Protecting from "registration bots"? [closed]
Alternatives to NOP for shellcode nop sleds
Is this batch file injection?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!