A quick note about the 2 types of encryption algorithms:
1. Symmetric encryption
– Oldest, fastest and more common
– Key management is critical
– Best encoding algorithms: the ones that are public
– Public algorithm, private key. “Good security systems rely on the private key for security, not on the algorithm itself”
Suppose you installed the biggest, strongest, most secure lock in the world on your front door, but you put the key under the front door mat. It wouldn’t really matter how strong the lock is, would it?
– 10 Immutable Laws of Security
2. Asymmetric encryption (Public key cryptography)
– uses both public and private keys
– the key management is part of the algorithm
– it’s slower than the symmetric encryption
– it can be used for both encryption and digital signature (digital signatures: hashing + asymmetric encryption)
– relies on digital certificates
How they both come together:
Asymmetric encryption can be used for the private key exchange in the beginning of a symmetric-encrypted conversation (ex: PGP)
– symmetric keys are used for encryption, because of speed and efficiency
– the symmetric keys are passed using asymmetric methods
This is known as electronic key exchange.
Description of Symmetric and Asymmetric Encryption
Diffie-Hellman solution for key exchange
D–H is one of the earliest practical examples of public key exchange implemented within the field of cryptography. The Diffie–Hellman key exchange method allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communication channel:
– Alice and Bob agree on 2 numbers, P, G
– P and G are exchanged in clear
– Alice picks a secret number, a
– Bob picks a secret number, b
– Alice computes her public number: X = Ga mod P
– Bob computes his public number: Y = Gb mod P
– X and Y are exchanged in clear
– Alice computes Ka = Y^a mod P
– Bob computes Kb = X^b mod P
– Ka=Kb=K – now both Alice and Bob know the shared secret K
This secret key can then be used to encrypt subsequent communications using a symmetric key cipher.
However, it is impractical since it is synchronous and a new key exchange has to be done for every new pair of recipients.
D-H was followed shortly afterwards by RSA, a more practical and asynchronous implementation of public key cryptography using asymmetric algorithms.
A postal analogy
– Symmetric encryption: Alice sends to Bob the secret message in a box locked with a secret key. Both Alice and Bob have a copy of the secret key
– Asymmetric encryption (2 passes): Alice and Bob have separate, secret padlocks. Alice asks Bob to send his open lock by regular post. Then Alice puts her secret message in the box and locks it using Bob’s padlock. When Bob receives the box he can open the lock. The secret padlocks are not shared.
– Asymmetric encryption (3 passes): Alice and Bob have separate, secret padlocks. Alice sends to Bob a box locked with her padlock. Bob receives the box and adds his own lock on the box. Then Alice receives the box with 2 locks, removes her lock and sends the box to Bob. Bob opens the box with his own secret padlock.
Written by Dorin Moise (Published articles: 220)