Which is currently the best public key encryption algorithm used in IT scenarios? I have read much about the RSA...
algorithm and Diffie-Hellman, but are they strong enough? Is there a trade-off between the two, as far as performance goes?
Encryption should never be seen as the ultimate answer to any information security problem. It's only one part of the security equation. This concept should always be considered when choosing a public key algorithm. Before delving into any encryption project, however, perform a thorough risk analysis of your data and systems to determine what you need. Obviously high-risk data, such as sensitive customer data, needs better encryption than marketing plans, which would have a much lower impact on the business if divulged.
Second, in terms of performance, a thorough analysis of your network architecture and the traffic load it can bear will help decide which encryption route to choose. In general, public key encryption, or asymmetric encryption, is about 10,000 times slower than private key encryption. This is because of asymmetric encryption's creation and exchange of the two keys versus the single one in private or symmetric encryption.
Both RSA and Diffie-Hellman are public key encryption algorithms strong enough for commercial purposes. The minimum recommended key length for encryption systems is 128 bits, and both exceed that with their 1,024-bit keys. Both were invented in the late 1970s and have yet to be cracked.
The nature of the Diffie-Hellman key exchange, however, makes it susceptible to man-in-the-middle (MITM) attacks, since it doesn't authenticate either party involved in the exchange. The MITM maneuver can also create a key pair and spoof messages between the two parties, who think they're both communicating with each other. Mutually authenticating both parties can defeat attempts at MITM attacks.
Dig Deeper on PKI and digital certificates
Related Q&A from Joel Dubin
After a server room door has been compromised, finding a more secure solution is of utmost importance. Learn how to choose a server room door that ...continue reading
In the IAM world, what's the difference between access control and identity management. This IAM expert response explains how the two relate as well ...continue reading
When working with PeopleSoft and Unix, which single sign-on (SSO) vendors offer the most effective products? Learn how to choose an SSO product in ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.