Template talk:Cryptography block

Latest comment: 5 months ago by Dimawik in topic Serpent

Break up "algorithms" list

edit

The "algorithms" list appears to be getting pretty long; I think it should be split up based on one criteria or another. The problem: which criteria to use? One quite obvious possibility would be SP-network/Feistel network/other. Opinions? -- intgr 22:30, 17 December 2006 (UTC)Reply

I'm not sure there is a really good way to organize these ciphers. Block size, maybe?
SPN is a pretty general term; it just means any block cipher that isn't a Feistel network, right?
Another idea would be to remove some of the less-notable ciphers from the template. I haven't added Nimbus, for example, because I don't think it's important enough. I would probably take off DES-X, Iraqi, Libelle, and S-1, maybe GDES and Mercy (even though I wrote that article). Ntsimp 00:02, 18 December 2006 (UTC)Reply
I don't really think that just picking some individual ciphers for removal is going to clean up much. Grouping by block size probably wouldn't be much better than SPN/Feistel either, as there would perhaps be just '64 bits', '128 bits' and 'other' groups.
I guess that ideally, the navbox would list ciphers by their popularity/importance, however those are difficult to quantify fairly. Now that I'm thinking about it, perhaps they could be grouped by recognition/certification – e.g., AES finalists, NESSIE-approved, CRYPTREC-approved, etc? This is something I've also thought about adding to the infobox (Template talk:Infobox block cipher#"Certification" field). The downside, though, is that ciphers can fall under several of these. Do you think this would be a more useful criteria? -- intgr 01:39, 18 December 2006 (UTC)Reply
I think we could have a short list of ciphers that are both widely used and included in major standards and a long list of everything else. Ciphers listed in the SSH standard appear to be AES, 3DES, DES, Blowfish, Twofish, Serpent, IDEA, and CAST-128 (and RC4, which of course isn't a block cipher).
Skipjack is indirectly included in SSL (as Fortezza), is used in the Defense Message System, and is unusual because of its role in the Clipper chip controversy, so there's an argument for putting it at the top level. I guess I lean against; it doesn't feel like it's in the same category as IDEA or 3DES.
I think I'd stick to just those two levels of hierarchy -- "widely implemented and included in major standards" and "everything else". But for completeness: ciphers of historical interest might include Skipjack (role in Clipper controversy), Lucifer (predecessor to DES), Square (predecessor to AES), and Khufu and Khafre (early, strong software-optimized algorithms). CRYPTREC and NESSIE have lots of recommendations, but I'm not sure how notable they are if they're not widely used -- AES finalists have a similar status. Camellia will apparently be implemented in Firefox 3, it's royalty-free, and there is some sort of effort to get it into standards. I may have missed other academically-respected or notable ciphers.
So -- I'm thinking AES, 3DES, DES, Blowfish, Twofish, Serpent, IDEA, and CAST-128 on the top row, everything else in a long list below. 64.175.42.39 19:14, 16 September 2007 (UTC)Reply
I didn't want to start cherry-picking ciphers because I figured that the last thing we needed was an arbitrary line. But the more I consider your comment the more I agree with your choice. Although I think IDEA and CAST should go under the "historical" section as well — they are notable for being the default on various versions of PGP, but these days they're just included for compatibility reasons. -- intgr [talk] 08:41, 17 September 2007 (UTC)Reply

3DES v. Triple DES

edit

3DES is listed twice in this block, once as "3DES" (a Common Algorithm) and once as "Triple DES" (an Other Algorithm). Is this intentional (i.e. someone looking for Triple DES might not know to look for 3DES instead)? George A. M. (talk) 23:30, 5 January 2008 (UTC)Reply

I think it is not intentional. About the those-who-doesn't-know-aliases problem, I think anyone would first look at the Common Algorithms, and almost certainly 3DES should ring a bell. --Zom-B (talk) 18:28, 23 February 2008 (UTC)Reply

Other ciphers

edit

I initially added them to the main box, but then I got the feeling it didn't belong there and might make wikipedia look bad. I moved them here.

Algorithms not yet added to Wikipedia: Ake98 | BKSQ | CA-1.1 | CALC (cipher) | CRAYON | CRYPTO-MECCANO | JUNIPER | KEA | Li-Wang | MAYFLY | MISTY2 | MEDLEY | PES | Rao-Nam (and variants) | RC3 | RDES | s²DES | s³DES | s⁴DES | s⁵DES | Vino
Unnamed encryption algorithms: "A Secret Key Cryptosystem by Iterating a Chaotic Map" (1990) | "A Correlation Cryptographic Scheme" (1999)
Historical algorithms: Caesar cipher | ROT-13 | Vigenère cipher

--Zom-B (talk) 10:01, 24 February 2008 (UTC)Reply

Serpent

edit

Is Serpent really a "common algorithm"? I don't know that I've ever encountered it in practice, and its article makes no assertion that it is in any sort of common or widespread use. I will probably move it out of the top section in a few days unless there are any objections. hbent (talk) 17:36, 15 October 2008 (UTC)Reply

As mentioned above, it's included in the SSH standard. It's also one of only 3 block ciphers used by the very popular TrueCrypt. It's certainly widely implemented, and I would assume widely used. Ntsimp (talk) 20:41, 15 October 2008 (UTC)Reply
As of OpenSSH 7.9p1 (2019), it is no longer built into openssh-portable. The only algorithms available are AES (CBC, CTR, and GCM modes), 3DES-CBC, and ChaPoly. Additionally, TrueCrypt's relevance has diminished since 2014. — Preceding unsigned comment added by 174.21.147.56 (talk) 21:44, 30 December 2019 (UTC)Reply
As far as I know, practically no one uses Serpent anymore and it does not have a large legacy like the DES, so it should be removed. See also #Common algorithms below. Dimawik (talk) 16:21, 3 June 2024 (UTC)Reply

Key Whitening.

edit

Just a thought. Maybe the article on key whitening should be added to the template. 66.191.19.217 (talk) 04:04, 24 November 2008 (UTC)Reply

Common vs Other: NPOV issues, easily thrown out of date

edit

Can we find another way to draw that line? Would it suffice to replace the "Common" group with a group supported under TLS/SSL? We really need to find something a little less arbitrary. Drawing the line at the editor-defined "Common" and "Other" seems to run afoul of a number of commonly accepted norms. MrZaiustalk 02:32, 17 July 2009 (UTC)Reply

After adopting KASUMI as the cipher for UMTS it has become very common, but only on that particular field. Probably a better classification were by the structure of the algorithm rather than by arbitrary judgement of commonness. Lauri.pirttiaho (talk) 20:17, 29 January 2011 (UTC)Reply

DES-X in Less common algorithms?

edit

Why does DES-X belong in the "less common algorithms" section? This is the first time I've heard of the cipher and I don't know any practical applications using it. The sources in the article are not convincing either. -- intgr [talk] 16:57, 1 October 2009 (UTC)Reply

That was done by the IP who created the section. The comment in the template (I think it's referring to this section rather than the one before) seems to imply there must be people using actual implementations of DES-X, but I'm with you. Ntsimp (talk) 17:25, 1 October 2009 (UTC)Reply

Headings

edit

I was adding Padding (cryptography), and I felt these algo headings were a bit cumbersome, and maybe also overspecialized. I tried to address the heading width by inserting some <br/>, but an additional step could be to replace the current 3-groups flat structure:

  • Common algorithms
  • Less common algorithms
  • Other algorithms

With this 2-group one (demo below):

  • Main algorithms
    • Common: (list)
    • Less common: (list)
  • Other algorithms

Or maybe even a 1-group/3-subgroups design:

  • Algorithms
    • Common: (list)
    • Less common: (list)
    • Others: (list)

Also, it seems to me that cryptanalysis is one mode of attack so it should be listed in the "Attacks" group, not added to its heading. With an extra shortening of "Standardization" to "Standards", it would give something like this:

Just a thought... 62.147.11.3 (talk) 13:37, 18 May 2011 (UTC)Reply

I disagree with the placement of cryptanalysis, since all the attacks next to it are forms of cryptanalysis. Ntsimp (talk) 14:40, 18 May 2011 (UTC)Reply
Why not just link "Attacks" to Cryptanalysis? I'm completely opposed to joining all algorithms into a single row, though; it looks like a gigantic mess compared to the current version. Foxyshadis(talk) 01:45, 28 September 2011 (UTC)Reply

Meet-in-the-middle attack

edit

Should this be added to the attacks row? Although it's only applicable when encrypting twice to double the key length, it is a crypto attack related to block ciphers. Foxyshadis(talk) 03:33, 28 September 2011 (UTC)Reply

Common algorithms

edit

An anonymous colleague had added Salsa20 to the common list. I might be OK with ChaCha-related algorithm here, but would like to discuss the list first:

  1. Does the list consist of original algorithms or actual ciphers? (relevant for Salsa/Chacha)
  2. Why is Serpent common? It does not appear to be used anywhere anymore. See also #Serpent above
  3. Are Blowfish (cipher) and Twofish both common?
  4. If an answer to the previous question is "yes" and the template lists (in the "common" part) algorithms, should it have both Blowfish and Twofish in the list? Algorithmic-wise, they are somewhat similar.
  5. DES is obsolete, but I would still consider it "common". Am I correct?
  6. The list has an American AES, Chinese SM4. It would seem to be fair to have something European, too. Is there a "common" European block cipher?

Dimawik (talk) 16:19, 3 June 2024 (UTC)Reply