Words By John Carl Villanueva
Last Updated:
Learn what a stream cipher is, what a block cipher is, and the popular encryption algorithms under each group. JSCAPE offers this comprehensive introduction.
- Blog
- JSCAPE MFT
- Secure File Transfer
Secure file transfer protocols like SFTP, FTPS, HTTPS, and WebDAVS encrypt data through symmetric key ciphers. These ciphers can be classified into two groups: stream ciphers and block ciphers. Today, we'll discuss what a stream cipher is and what a block cipher is. We'll also talk about the popular encryption algorithms that fall under each group. If you don't know what a cipher is, click that link to read a nice introduction. You might also want to learn more about symmetric and asymmetric encryption. Already familiar with them? Read on then. A block cipher is an encryption algorithm that encrypts a fixed size of n-bits of data - known as a block - at one time. The usual sizes of each block are 64 bits, 128 bits, and 256 bits. So for example, a 64-bit block cipher will take in 64 bits of plaintext and encrypt it into 64 bits of ciphertext. In cases where bits of plaintext is shorter than the block size, padding schemes are called into play. Majority of the symmetric ciphers used today are actually block ciphers. DES, Triple DES, AES, IDEA, and Blowfish are some of the commonly used encryption algorithms that fall under this group. DES - DES, which stands for Data Encryption Standard, used to be the most popular block cipher in the world and was used in several industries. It's still popular today, but only because it's usually included in historical discussions of encryption algorithms. The DES algorithm became a standard in the US in 1977. However, it's already been proven to be vulnerable to brute force attacks and other cryptanalytic methods. DES is a 64-bit cipher that works with a 64-bit key. Actually, 8 of the 64 bits in the key are parity bits, so the key size is technically 56 bits long. 3DES - As its name implies, 3DES is a cipher based on DES. It's practically DES that's run three times. Each DES operation can use a different key, with each key being 56 bits long. Like DES, 3DES has a block size of 64 bits. Although 3DES is many times stronger than DES, it is also much slower (about 3x slower). Because many organizations found 3DES to be too slow for many applications, it never became the ultimate successor of DES. That distinction is reserved for the next cipher in our list - AES.Overview: Stream Ciphers vs. Block Ciphers
What is a block cipher?
Popular block ciphers
AES - A US Federal Government standard since 2002, AES or Advanced Encryption Standard is arguably the most widely used block cipher in the world. It has a block size of 128 bits and supports three possible key sizes - 128, 192, and 256 bits. The longer the key size, the stronger the encryption. However, longer keys also result in longer processes of encryption. For a discussion on encryption key lengths, read Choosing Key Lengths for Encrypted File Transfers.
Blowfish - This is another popular block cipher (although not as widely used as AES). It has a block size of 64 bits and supports a variable-length key that can range from 32 to 448 bits. One thing that makes blowfish so appealing is that Blowfish is unpatented and royalty-free.
Twofish - Yes, this cipher is related to Blowfish but it's not as popular (yet). It's a 128-bit block cipher that supports key sizes up to 256 bits long.
What is a stream cipher?
A stream cipher is an encryption algorithm that encrypts 1 bit or byte of plaintext at a time. It uses an infinite stream of pseudorandom bits as the key. For a stream cipher implementation to remain secure, its pseudorandom generator should be unpredictable and the key should never be reused. Stream ciphers are designed to approximate an idealized cipher, known as the One-Time Pad.
The One-Time Pad, which is supposed to employ a purely random key, can potentially achieve "perfect secrecy". That is, it's supposed to be fully immune to brute force attacks. The problem with the one-time pad is that, in order to create such a cipher, its key should be as long or even longer than the plaintext. In other words, if you have 500 MegaByte video file that you would like to encrypt, you would need a key that's at least 4 Gigabits long.
Clearly, while Top Secret information or matters of national security may warrant the use of a one-time pad, such a cipher would just be too impractical for day-to-day public use. The key of a stream cipher is no longer as long as the original message. Hence, it can no longer guarantee "perfect secrecy". However, it can still achieve a strong level of security.
Popular stream ciphers
RC4 - RC4, which stands for Rivest Cipher 4, is the most widely used of all stream ciphers, particularly in software. It's also known as ARCFOUR or ARC4. RC4 steam chiphers have been used in various protocols like WEP and WPA (both security protocols for wireless networks) as well as in TLS. Unfortunately, recent studies have revealed vulnerabilities in RC4, prompting Mozilla and Microsoft to recommend that it be disabled where possible. In fact, RFC 7465 prohibits the use of RC4 in all versions of TLS.
These recent findings will surely allow other stream ciphers (e.g. SALSA, SOSEMANUK, PANAMA, and many others, which already exist but never gained the same popularity as RC4) to emerge and possibly take its place.
Disabling weak ciphers
On JSCAPE MFT Server, you may disable cipher suites using RC4 (or any encryption algorithm you deem too weak, for that matter) ...
From HTTPS:
Navigate into Server > Settings > Web > SSL /TLS Ciphers.
From FTPS:
Go to Services > FTP/S > SSL/TLS Ciphers
From SFTP/SCP
Go to Services > SFTP/SCP > Algorithms
There are a couple of things you need to consider when disabling ciphers and other algorithms on your MFT server. I suggest you read the article Setting SFTP Algorithms On Your SFTP Server to be enlightened on the matter.
That's it for this topic. You might also want to read the following articles:
What Is A Digital Certificate?
How To Get Your MFT Server To Email You About Last Night’s Download
How To Send Large Files Through Email
Get Started
Download a free, fully functional evaluation edition.
- Request a free trial
- Connect with a JSCAPE product expert
- Experience the power of JSCAPE MFT Server, a multi-protocol, platform-independent managed file transfer solution users are most likely to recommend, according to G2.
Popular Articles
View more by JSCAPE
How to setup SFTP public key authentication on the command line
14min read —
SFTP Public Key Authentication enhances security by allowing users to access SFTP services without passwords, favoring automated transfers. The setup process involves creating a .ssh directory, generating a key pair with ssh-keygen, securing permissions, and copying the public key to the server, ensuring a secure connection without the need for passwords
Read ArticleActive vs. passive FTP Simplified
24min read —
The difference between active FTP and passive FTP modes lies in how connections are made. In active mode, the client initiates the connection with a PORT command, making the server connect back for data. In passive mode, the client uses a PASV command, gets a server port, and starts the data transfer connection.
Read ArticleActive-active vs. active-passive high-availability clustering
7min read —
Active-active high availability clusters distribute workloads evenly across all nodes, ensuring optimal load balancing. In contrast, an active-passive setup keeps nodes on standby, activating them only when the primary fails, leading to potential delays. Active-active configurations offer reduced downtime and improved performance, making them the preferred choice for continuous system availability.
Read Article
Posts By Category
Explore All Topics
- JSCAPE MFT
- Managed File Transfer
- Secure File Transfer
- Tutorials
- Business Process Automation
- Videos
- News
- SFTP
- Triggers
- FTP
- AS2
- FTPS
- File Transfer Clients
- Ad-Hoc File Transfers
- Reverse Proxy
- Accelerated File Transfer
- file transfer
- Case Studies
- mft solutions
- sftp server
- ssh
- webdav
- webdav server
- Client Certificate Authentication
- Configuration
- EDI
- JSCAPE SaaS
- RSA 4096
- authentication
- encryption
- file transfer protocol
- load balancing
- security
- transfer protocols
- ASCII
- AWS
- Amazon S3
- Clustering
- DSA
- DSA vs RSA
- FTP Server
- FTP command line
- FTP/S
- HMAC
- High Availability
- Integration
- Load
- Load Balancer
- MDN
- OpenPGP keys
- Product Release
- RSA vs DSA
- S3
- SCP
- SMTP ports
- Transfer mode
- Windows SFTP Client
- binary mode
- binary transfer
- client certificate
- data streaming
- decrypt
- diffie-hellman-group1-sha1
- digital certificates
- forward proxy
- ftp active mode
- ftp active vs passive
- ftp client
- ftp commands
- ftp passive mode
- ftp put command
- gnu privacy guard
- gpg
- key exchange
- key fingerprint
- licenses
- mft gateway
- passive ftp
- pgp
- port 25
- port 587
- proxy server
- reverse proxy server
- sftp port
- sftp port number
- windows ftp
Related Content
Read more about JSCAPE MFT
The benefits of secure file transfer software
11min read —
Secure file transfer software protects your data during transit with encryption, authentication, and advanced controls. Learn how IT professionals can mitigate data security risks, achieve regulatory compliance, and enhance automation with solutions like Managed File Transfer (MFT). Discover the key benefits and recommended tools for robust and efficient file transfers today.
Read ArticleFixing SSH/SFTP client connection issues involving Diffie-Hellman-Group1-SHA1
7min read —
If you're troubleshooting SSH/SFTP connection issues related to Diffie-Hellman-Group1-SHA1, you’re likely dealing with outdated and insecure key exchange algorithms. This article explains the root cause of the problem and provides four practical solutions to fix it. Learn how to enhance your connection security and maintain compatibility. Read on to find the best solution for your needs.
Read ArticleWhat is Managed file transfer (MFT)?
11min read —
Managed File Transfer (MFT) solutions offer secure, automated, and reliable data transfers that meet regulatory compliance and simplify complex workflows.
Read Article