What are the differences between symmetric and asymmetric encryption, particularly regarding encryption, signature and hash?
When it comes to encryption, the latest isn't necessarily the best. You should always use the encryption algorithm that is right for the job and has been extensively publicly analyzed and tested, something the cryptographic community won't have had the chance to do with a brand new algorithm. Let's have a look at some of the most widely-used algorithms.
For most people, encryption means taking plaintext and converting it to ciphertext using the same key, or secret, to encrypt and decrypt the text. This is symmetric encryption and it is comparatively fast compared to other types of encryption such as asymmetric encryption. The most widely-used algorithm used in symmetric key cryptography is AES (Advanced Encryption Standard). It comprises three block ciphers, AES-128, AES-192 and AES-256, each of which is deemed sufficient to protect government classified information up to the SECRET level with TOP SECRET information requiring either 192 or 256 key lengths.
The main disadvantage of symmetric key cryptography is that all parties involved have to exchange the key used to encrypt the data before they can decrypt it. This requirement to securely distribute and manage large numbers of keys means most cryptographic services also make use of other types of encryption algorithms. Secure MIME (S/MIME) for example uses an asymmetric algorithm - public/private key algorithm - for non-repudiation and a symmetric algorithm for efficient privacy and data protection.
Asymmetric algorithms use two interdependent keys, one to encrypt the data, and the other to decrypt it. This interdependency provides a number of different features, the most important probably being digital signatures which are used amongst other things to guarantee that a message was created by a particular entity or authenticate remote systems or users. The RSA (Rivest, Shamir and Adleman) asymmetric algorithm is widely used in electronic commerce protocols such as SSL, and is believed to be secure given sufficiently long keys and the use of up-to-date implementations. As RSA is much slower than symmetric encryption, what typically happens is that data is encrypted with a symmetric algorithm and then the comparatively short symmetric key is encrypted using RSA. This allows the key necessary to decrypt the data to be securely sent to other parties along with the symmetrically-encrypted data.
A cryptographic hash function has a somewhat different role to other cryptographic algorithms. It is used to return a value based on a piece of data, a file or message, for example. Any accidental or intentional change to the data will change this hash value. A good hash algorithm should make it impossible to either create an initial input that produces a specific hash value or allow the original input to be calculated from the hash value. MD5 and SHA-1 were widely used hash algorithms, but are now considered weak and are being replaced by SHA-224, SHA-256, SHA-384, or SHA-512, sometimes collectively referred to as SHA-2. Microsoft even announced back in 2005 that it was banning developers from using DES, MD4, MD5 and, in some cases SHA-1 encryption algorithms in any functions. Although no attacks have yet been reported on the SHA-2 variants, they are algorithmically similar to SHA-1 and so a new hash standard, SHA-3, will be selected in a similar way to AES in the next few years. As you can see, the landscape of cryptography is constantly changing and to stay abreast of the latest developments, follow the news and recommendations from standards bodies such as National Institute of Standards and Technology.
For more information:
- Can the symmetric encryption algorithm for S/MIME messages be changed? Read more.
- Get info on new and commonly used public-key cryptography algorithms.
Dig Deeper on Disk Encryption and File Encryption
Related Q&A from Michael Cobb
Expert Michael Cobb explains how password change frequency and reuse for third-party apps should be addressed in enterprise password policies.continue reading
Learn how a Web-based free spam-filtering service can secure email and prevent spam from attacking your enterprise.continue reading
Do you know some of the best third-party patch deployment tools? See expert Michael Cobb's recommendations on which tools would work best for your ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.