Any chain is as weak as its weakest link. So, what is the point of Pretty Good Privacy using 2,048+ bit key pairs...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
and 100+ character passphrases while using a 256-bit key to encrypt the message?
Encryption not only needs to be strong but cost-effective and efficient. Imagine if webpages viewed over HTTPS were significantly slower than those over HTTP; many users would opt for speed over security and put their internet security at risk. Pretty Good Privacy (PGP) can encrypt files and messages, as well as provide verification of who sent a message, both securely and quickly because it uses a variety of different encryption algorithms; this is sometimes referred to as hybrid encryption. PGP is now a trademark of Symantec, which acquired PGP Corp. in 2010, so this article refers to software that follows the OpenPGP standard RFC 4880 for encrypting and decrypting data.
OpenPGP uses asymmetric encryption, usually RSA, for validating identity (signing) and ensuring that only the intended recipient can access the information sent (encryption). Because encrypting large amounts of data using asymmetric encryption is relatively slow and resource intensive compared to symmetric encryption -- a particularly important consideration when encrypting data on mobile devices -- OpenPGP uses a symmetric encryption algorithm, usually AES, to encrypt the actual file or message content in order to accelerate the encryption process. Symmetric encryption cannot be used for signing, which is why a combination of algorithms is used. So, for example, the sender of a message would use the recipient's public key to encrypt a randomly generated session key -- used to encrypt the content of the actual message. The recipient can use their private key to decrypt the session key and then use that to decrypt the main message.
The reason different key sizes are used in symmetric and asymmetric encryption is because a symmetric algorithm is based on a shared secret, which is not mathematically solvable, whereas asymmetric cryptography relies on the complexity of a math problem for security. Breaking a 128-bit AES key by brute force would currently take many times the age of the universe, and breaking a 256-bit key is even less possible. Increasing the length of the symmetric key from 256 bits would dramatically increase the processing work, while only negligibly increasing the level of security, a pointless tradeoff as the risk is already insignificant. So, for symmetric ciphers, a 256-bit key makes sense.
Asymmetric encryption keys have to be much larger than symmetric keys because they can only use pairs of prime numbers, and there are fewer possible keys for any given number of bits than there are for the same symmetric key size. There are also patterns within the keys themselves, and the more information that is transmitted with the asymmetric encryption key, the more likely it is to be broken. Hence OpenPGP uses 2,048-bit keys with RSA to provide a similar level of security as the 256-bit AES cipher.
OpenPGP encrypted data has never been successfully cryptanalyzed, that is retrieving the plaintext from the ciphertext without knowing the key and using solely cryptanalysis methods. Other methods such as keyloggers have been used successfully, and the main weakness of OpenPGP and any form of encryption is the security of the password or passphrase used to protect the private key. This is why PGP allows users to create a 100+ character passphrase, as the longer this passphrase is, the harder it is for anyone to crack it using brute force and dictionary attacks.
Ask the Expert:
Want to ask Michael Cobb a question about application security? Submit your questions now via email. (All questions are anonymous.)
Learn about the benefits of OpenPGP encryption on messaging safety
Find out how the Pretty Easy Privacy project secures communications
Read about user privacy controls for Facebook, Google and Mozilla
Dig Deeper on Email and Messaging Threats-Information Security Threats
Related Q&A from Michael Cobb
Can two-factor authentication be applied to a mobile device that's used as a 2FA factor? Michael Cobb explores the different knowledge factors and ...continue reading
Running a private certificate authority can pose significant risks and challenges to meet baseline requirements. Michael Cobb explores what ...continue reading
A recently discovered Android app permissions flaw can expose users to attacks. Michael Cobb explains what the risks are and how Android O security ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.