ELI5: About the different encryption standards in use.

AES and DES are symmetric ciphers. They were both designed to be very fast and secure, subject to the key length. However, both sender and recipient need to have a copy of the same key.

At the time DES was developed 56 bits was considered a reasonable key length (72 quadrillion different keys to choose from). However, in modern times, this is now considered barely adequate. One way of strengthening DES was to encrypt the message 3 times, with 3 different keys.

AES has 2 versions. One takes a 128 bit key, and one a 256 bit key. The 256 bit version is a bit slower. In general, 128 bit is plenty secure, there's no real need for a longer key at the moment - it's just a waste.

There are a variety of symmetric ciphers around. Modern examples include Twofish, Serpent, Salsa and Chacha. They all have slightly different properties, and potentially some advantages over AES. However, AES is the most popular because it is an official standard. As a result, AES has had the most analysis and been subjected to the most tests. It is much more likely that if there was a flaw in AES it would have been found, than if the same flaw existed in twofish. For this reason, AES is recommended unless there is a reason why AES is impossible (too complex for your chosen CPU).

RSA is an asymmetric cipher. Instead of choosing a random key, instead, you chose a random number and from that you generate a "key pair". The key pair has 2 halves - one you keep private (a private key) and the other you publish (a public key). The mathematics of RSA is based upon the "factorisation problem". The key pair is built from prime numbers, and security comes from the fact that if you have a number "a x b" where "a" and "b" are both prime numbers it is very difficult to work out what "a" and "b" are from "a x b".

If Alice wants to communicate with Bob securely, alice first asks Bob for his public key. Bob sends a copy of his public key. Alice takes her message, and encrypts it using Bob's public key, then sends it to Bob. While one half of the key pair can encrypt, only the other half can decrypt. This means that the message can only be decrypted by Bob's private key, and an evesdropper cannot decrypt the message, even if they know the public key.

In practice, RSA is ridiculously CPU intensive and very slow. It also needs very large key lengths for security. So, what is normally done, is Alice chooses a random AES key, encrypts the AES key with RSA to send to Bob, and then sends an AES encrypted message.

There are other asymmetric ciphers available, e.g. Elliptic curve cryptography. This works in much the same way as RSA, but the keys could be much smaller. 256 bit ECC, is as secure as 2048 bit RSA. There are lots of variants of ECC using different curve equations, with different properties - some curves are faster on regular CPUs, some are faster on low-end CPUs, some are faster and lower power, if you make a specific ECC circuit for an encryption chip. Obviously, different curves are not interchangeable - sender and recipient need to agree on the curve to be used. The US goverment has some "standard" curves - but some experts are worried that the NSA may have somehow compromised those curves, so there are a number of "open source" alternative curves available.

There is a special variant of asymmetric ciphers called Diffie-Hellman Key exchange. Because asymmetric ciphers are very difficult computationally, they are usually used to send keys. It is possible to simplify things if all you want to do is agree on a key.

In DH, Alice thinks of a random number, mixes it with a pre-shared number and sends it to Bob. Bob also thinks of a random number, mixes it with the same shared number and sends it to Alice. Each person then mixes their random number with what they got from the other side. At the end, each person has a number based on mixing the original shared number, their secret and the other person's secret - the result is that both people now have the same number, which can be used as a key for AES. The advantage of this system, is that there is no complicated private/public key business. The disadvantage, is that you can't chose a specific AES key, one will be created during the key exchange process.

/r/explainlikeimfive Thread