Security Notes

Encryption algorithms can be broken in several ways. If you have some ciphertext and know (or can guess) the corresponding plaintext, you can simply try every possible key in a known-plaintext attack. Or, it might be possible to encrypt text of your choice using an unknown key; for example, you might mail someone a message intending it to be encrypted and forwarded to someone else. This is a chosen-plaintext attack, which is particularly effective if it's possible to choose plaintexts that reveal something about the key when encrypted.

DES (5100 K/sec) has a 56-bit key; this is starting to become too small for safety. It has been estimated that it would only cost $1,000,000 to build a custom DES-cracking machine that could find a key in 3 hours. A chosen-ciphertext attack using the technique of linear cryptanalysis can break DES in pow(2, 43) steps. However, unless you're encrypting data that you want to be safe from major governments, DES will be fine. DES3 (1830 K/sec) uses three DES encryptions for greater security and a 112-bit or 168-bit key, but is correspondingly slower.

There are no publicly known attacks against IDEA (3050 K/sec), and it's been around long enough to have been examined. There are no known attacks against ARC2 (2160 K/sec), ARC4 (8830 K/sec), Blowfish (9250 K/sec), CAST (2960 K/sec), or RC5 (2060 K/sec), but they're all relatively new algorithms and there hasn't been time for much analysis to be performed; use them for serious applications only after careful research.

AES, the Advanced Encryption Standard, was chosen by the US National Institute of Standards and Technology from among 6 competitors, and is probably your best choice. It runs at 7060 K/sec, so it's among the faster algorithms around.