Symmetric key encryption uses a bi-directional or reversible encryption algorithm to provide confidentially of data. In other words, the sender and receiver of the sensitive data share a secret key. The sender feeds the secret key and data into any of a number of symmetric key algorithms to encrypt the plaintext data into cipher text. The receiver uses the exact same secret key to decrypt the cipher text back
into plain-text using the same symmetric key algorithm. If Alice and Bob, to use the classic crypto characters, are sitting on different floors of the same building, then securely exchanging the secret key may not pose a risk. There is still a question of storage of the key, so compromise may still be an issue. However,
if Alice is in Virginia, and Bob is on vacation in Singapore, then exchanging the secret key securely presents an issue and opens the door to potential comprise of the secret key.
There are currently three NIST approved symmetric ciphers. The newest addition to this list, the Advanced Encryption Standard (AES,) was added in November 2001. The Whitehouse Office of Management and Budget (OMB), responsible for the OMB circulars, delivered a notice shortly after NIST released AES stating that the new encryption method is expected to be valid for the next 20–30 years. NIST has stated that it will review AES every five years for continued use.
Symmetric ciphers are divided into stream and block ciphers. Block ciphers exercise their mathematical prowess on fixed-size chunks of data. Stream ciphers, on the other hand, operate on the data in a serial fashion or continuous stream — one bit at a time.
The two protocols we discuss in this pages are block ciphers. Therefore, we focus our discussion on these block ciphers only. For more information on streaming ciphers, Google “Streaming cipher.” One of the most popular streaming ciphers in use today is RC4, which is implemented in the original IEEE 802.11b, aka WEP. The current evolution of WEP is called WPA, which alleviates a key scheduler issue by using the Temporal Key Integrity Protocol (TKIP). The latest standard on the street is IEEE 802.11i, which introduces AES as the required encryption protocol. Your Internet browser also uses RC4 when connecting to most Internet sites using SSL.