Ask the Expert

Choosing the right public key algorithm: RSA vs. Diffie-Hellman

Which is currently the best public key encryption algorithm used in IT scenarios? I have read much about the RSA algorithm and Diffie-Hellman, but are they strong enough? Is there a trade-off between the two, as far as performance goes?

    Requires Free Membership to View

Encryption should never be seen as the ultimate answer to any information security problem. It's only one part of the security equation. This concept should always be considered when choosing a public key algorithm. Before delving into any encryption project, however, perform a thorough risk analysis of your data and systems to determine what you need. Obviously high-risk data, such as sensitive customer data, needs better encryption than marketing plans, which would have a much lower impact on the business if divulged.

Second, in terms of performance, a thorough analysis of your network architecture and the traffic load it can bear will help decide which encryption route to choose. In general, public key encryption, or asymmetric encryption, is about 10,000 times slower than private key encryption. This is because of asymmetric encryption's creation and exchange of the two keys versus the single one in private or symmetric encryption.

Both RSA and Diffie-Hellman are public key encryption algorithms strong enough for commercial purposes. The minimum recommended key length for encryption systems is 128 bits, and both exceed that with their 1,024-bit keys. Both were invented in the late 1970s and have yet to be cracked.

The nature of the Diffie-Hellman key exchange, however, makes it susceptible to man-in-the-middle (MITM) attacks, since it doesn't authenticate either party involved in the exchange. The MITM maneuver can also create a key pair and spoof messages between the two parties, who think they're both communicating with each other. Mutually authenticating both parties can defeat attempts at MITM attacks.

For more information:

This was first published in April 2007

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: