62 Chapter 3 ■ Cryptography
MARS This AES finalist was developed by IBM and supports key lengths of 128–256 bits.The goal of the Advanced Encryption Standard (AES) competition, announced
in 1997, was to specify “an unclassified, publicly disclosed encryption
algorithm capable of protecting sensitive government information well into
the next century” (http://competitions.cr.yp.to/aes.html). The
National Institute of Standards and Technology (NIST) organized the AES
competition.RC2 Originally an algorithm that was a trade secret of RSA Labs, the RC2 algorithm
crept into the public space in 1996. The algorithm allows keys between 1 and 2,048 bits.
The RC2 key length was traditionally limited to 40 bits in software that was exported to
allow for decryption by the U.S. National Security Agency.RC4 Another algorithm that was originally a trade secret of RSA Labs, RC4, was
revealed to the public via a newsgroup posting in 1994. The algorithm allows keys between
1 and 2,048 bits.RC5 Similar to RC2 and RC4, RC5 allows users to define a key length.RC6 RC6 is another AES finalist developed by RSA Labs and supports key lengths of
128–256 bits.Rijndael or Advanced Encryption Standard (AES) The successor to DES and chosen by
the National Institute of Standards and Technology (NIST) to be the new U.S. encryption
standard. The algorithm is very compact and fast and can use keys that are 128, 192, or
256 bits long.Serpent This AES finalist, developed by Ross Anderson, Eli Biham, and Lars Knudsen,
supports key lengths of 128–256 bits.Tw o f i s h This AES candidate, also developed by Bruce Schneier, supports key lengths of
128–256 bits.Asymmetric, or Public Key, Cryptography
Asymmetric, or public key, cryptography is a relatively new form of cryptography that was
only fully realized in the mid-1970s by Whitfield Diffie and Martin Hellman. The new sys-
tem offered advantages, such as nonrepudiation and key distribution benefits, that previous
systems did not.
Public key systems feature a key pair made up of a public and a private key. Each per-
son who participates in the system has two keys uniquely assigned to them. In practice the
public key will be published in some location whereas the private key will remain solely
in the assigned user’s possession and will never be used by anyone else (lest security be
compromised).