12-21-2013
11,728,
1,345
Join Date: Feb 2004
Last Activity: 8 May 2020, 9:07 AM EDT
Location: NM
Posts: 11,728
Thanks Given: 903
Thanked 1,345 Times in 1,201 Posts
They are algorithmic, and are completely free and open. All ciphers depend on mathematical difficulty (long long long computation to decode, as in years), not secrecy.
Any cipher that depends on a "secret" algorithm is practically guaranteed to be garbage. Any dependable cipher that is commonly used has had mathematicians and computer scientists pound on it for years. AES128, RSA, DES3, etc., all went thru this process.
After a while, someone publishes a method to speed up cracking the cipher. It gets dropped from favor, and new ones are tested and tested. RSA is in that boat.
The goal of ciphers is perfect forward secrecy. Meaning every one knows the rules and how the computation works, but doing the computations could take literally forever.
Hashes are different. Passwords are hashed. These depend on being able to enter some characters on a keyboard and getting the particular hash (string of numbers) that is saved as the hash. One of the reasons /etc/shadow has 400 permissions is: if you know the hash you can use trial and error to get a collision (an accidental hash) that matches the saved hash. And then break in. This is a case where some secrecy adds to security. MD5 is a hash that someone has shown how to match a known hashed result. Takes a big computer time to do it, bu it is at least slightly feasible. So MD5 is going out of favor.
ssh encrypts all connections with block ciphers. As a sysadmin you get to choose one of usually a dozen block ciphers. By default the system automatically changes the cipher's key every hour.
There may not be a best cipher every time. If you always send AES128, and the bad guys figure that out it becomes very, very slightly possible to crack it. Meaning some published result shows how to launch an attack with a smal but measurable possibility of breaking it. Part of encryption is to block data with junk and to change ciphers periodically. Places the odds in our favor.