Q

Choosing the right public key algorithm: RSA vs. Diffie-Hellman

In this SearchSecurity.com expert response, Joel Dubin explores two different public key encryption algorithms and discusses how to make the right choice for your information security needs.

This Content Component encountered an error

Which is currently the best public key encryption algorithm used in IT scenarios? I have read much about the RSA algorithm and Diffie-Hellman, but are they strong enough? Is there a trade-off between the two, as far as performance goes?

Encryption should never be seen as the ultimate answer to any information security problem. It's only one part of the security equation. This concept should always be considered when choosing a public key algorithm. Before delving into any encryption project, however, perform a thorough risk analysis of your data and systems to determine what you need. Obviously high-risk data, such as sensitive customer data, needs better encryption than marketing plans, which would have a much lower impact on the business if divulged.

Second, in terms of performance, a thorough analysis of your network architecture and the traffic load it can bear will help decide which encryption route to choose. In general, public key encryption, or asymmetric encryption, is about 10,000 times slower than private key encryption. This is because of asymmetric encryption's creation and exchange of the two keys versus the single one in private or symmetric encryption.

Both RSA and Diffie-Hellman are public key encryption algorithms strong enough for commercial purposes. The minimum recommended key length for encryption systems is 128 bits, and both exceed that with their 1,024-bit keys. Both were invented in the late 1970s and have yet to be cracked.

The nature of the Diffie-Hellman key exchange, however, makes it susceptible to man-in-the-middle (MITM) attacks, since it doesn't authenticate either party involved in the exchange. The MITM maneuver can also create a key pair and spoof messages between the two parties, who think they're both communicating with each other. Mutually authenticating both parties can defeat attempts at MITM attacks.

More on this topic

 

This was first published in April 2007

Dig deeper on PKI and Digital Certificates

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close