I’ll keep this short and simple. As part of PHP’s mcrypt library there are 40 or so possible ciphers, see here.
Not knowing much about encryption myself, I’m working under the assumption regardless of the cipher used, the data when decrypted is identical as the data encrypted (otherwise what’s the point right?)
I need to encrypt and then decryption either an array or serialised standard object. I’ve browsed a couple examples online of the basic implementation of the mcrypt library and noticed that each example used a different cipher. It got me wondering if there was any significance to this, or simply personal preference?
My question is, is there any significant differences between these ciphers I should be concerned with knowing that
- I’ll be encrypting/decrypting is an either an array or serialised standard object, and contain relatively little data.
- This operation will be fairly uncommon so speed isn’t a massive issue, anywhere in the range on < 2s is acceptable.
- The encrypted string will need to be stored in a cookie and transmitted via url query string (so there are limitations on length and character set)
Note
I’m not after a debate about whether I should be using a hash or hmac. Encryption is necessary and the correct option for this problem.
Any reasonable cipher encrypts/decrypts between plaintext/ciphertext given the correct key.
There are huge differences to which cipher you choose. Be it block length, key length and/or general security. For instance, you should never use DES because it only uses a 56-bit key. Similar for other ciphers on the list you refer to. Before using any cipher always read up on it and determine whether it is a good cipher for your context.
But I can’t go into detail about every cipher on your list here. 🙂
I personally like AES (Rijndael) which takes three sizes of keys 128, 192 and 256 bits. The best known attack is faster than a brute-force attack but is still infeasible. It is fast, too (actually Intel included machine instructions for AES in Westmere and Sandy Bridge).
Serpent and Twofish are also good ciphers. Serpent came second to Rijndael and Twofish came third (I think it was) in the AES contest some years back.