Data Encryption algorithm

Question

I want to know if our data is encrypted with one encryption algorithm(AES, DES, etc.) and then we transfer our data in open network, can anyone get real data or do some thing if the encryption algorithm is known even though the hacker doesn't know about the private keys, public key or PV?

Answer 1

can anyone get real data or do some thing if the encryption algorithm is known

If the attacker knows the encryption algorithm, it's a start, because now all they need to do is to find out what was the key used to encrypt it. But established encryption algorithms like AES have no known weaknesses. Thus an attacker would be forced to bruteforce it to gain access to the data.

If you are using keys of an appropriate size (eg: AES 256 bits or more), this would be a very difficult task. DES also has no known weaknesses, but its small key size (56 bits) allows for a bruteforce attack to succeed in a reasonable timeframe, (eg: days). That's why DES is not widely used any more.

even though the hacker doesn't know about the private keys, public key or PV?

Note that public keys are only relevant in the context of asymmetrical encryption. In this case, the public key is usually publicly available (hence, the name "public key"). But asymmetric encryption is designed so that even if you know the public key, you can't decrypt it unless you have the private key.

In summary, encryption algorithms like AES have stood the test a time and proven to be secure enough. As David Schwartz points out in his answer, if you have a problem, (usually) your implementation is the thing to blame, not the encryption algorithm.

Answer 2

Yes, keeping the algorithm secret helps security marginally. If an attacker knows that you used DES (which isn't terrifically hard to break) they may be more likely to try to break it.

I think the core of your question is about statistical attacks, which tries to see through the encryption to decipher the nature of the data. Any reasonably modern algorithm is mathematically designed to thwart any attempts to guess what the data is.

However David makes a very good point. Even perfect encryption (if it existed) would be vulnerable to the human factor. These algorithms are worthless if you don't dot your i's and cross your t's, and have absolute (and justified) faith in those who can decrypt the data.

Answer 3

Almost by definition, if the encryption is implemented properly and part of a sensibly-designed system, no. That's the whole point of encryption.

Note that encryption is not magic. It must be used precisely correctly to provide useful security. There are a lot of ways to do it wrong.

If you're not using a widely respect product (like TrueCrypt, Firefox, or GPG) and using it precisely how it's intended to be used, there's a very good chance you aren't getting real security. For example, Dropbox used AES, but a security flaw in another part of their system allowed one user to decrypt another user's data. So it didn't help that it was encrypted.