Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

How symmetric and asymmetric encryption algorithms differ

Expert Michael Cobb explains the differences between symmetric and asymmetric encryption algorithms, common uses and examples of both encryption types, and their pros and cons.

What are the differences between symmetric and asymmetric encryption, particularly regarding encryption, signature...

and hash?

When it comes to encryption, the latest isn't necessarily the best. You should always use the encryption algorithm that is right for the job and has been extensively publicly analyzed and tested, something the cryptographic community won't have had the chance to do with a brand new algorithm. Let's have a look at some of the most widely-used algorithms.

Types of symmetric encryption algorithms

For most people, encryption means taking plaintext and converting it to ciphertext using the same key, or secret, to encrypt and decrypt the text. This is symmetric encryption and it is comparatively fast compared to other types of encryption such as asymmetric encryption. The most widely-used algorithm used in symmetric key cryptography is AES (Advanced Encryption Standard). It comprises three block ciphers, AES-128, AES-192 and AES-256, each of which is deemed sufficient to protect government classified information up to the SECRET level with TOP SECRET information requiring either 192 or 256 key lengths.

Other common symmetric encryption algorithms include Blowfish, Twofish, Data Encryption Standard (DES), 3DES and RC4, although recent attacks have revealed weaknesses in the RC4 algorithm. While ome symmetric encryption algorithms like AES use block ciphers, others such as RC4 use stream ciphers. Symmetric encryption types like 3DES and AES are often leveraged by VPN products.

The main disadvantage of symmetric key cryptography is that all parties involved have to exchange the key used to encrypt the data before they can decrypt it. This requirement to securely distribute and manage large numbers of keys means most cryptographic services also make use of other types of encryption algorithms. Secure MIME for example uses an asymmetric algorithm -- public/private key algorithm -- for nonrepudiation and a symmetric algorithm for efficient privacy and data protection.

Encryption algorithm types

Types of asymmetric encryption algorithms

Asymmetric algorithms use two interdependent keys, one to encrypt the data, and the other to decrypt it. This interdependency provides a number of different features, the most important probably being digital signatures which are used amongst other things to guarantee that a message was created by a particular entity or authenticate remote systems or users. One of the most common asymmetric encryption algorithms is the Diffie-Hellman key exchange, which allows two parties to exchange cryptographic keys in a secure manner regardless of whether the communication channel is public or private. The RSA (Rivest, Shamir and Adleman) asymmetric algorithm is another widely used asymmetric encryption example; it is often used in electronic commerce protocols such as SSL, and is believed to be secure given sufficiently long keys and the use of up-to-date implementations. As RSA is much slower than symmetric encryption, what typically happens is that data is encrypted with a symmetric algorithm and then the comparatively short symmetric key is encrypted using RSA. This allows the key necessary to decrypt the data to be securely sent to other parties along with the symmetrically-encrypted data.

A cryptographic hash function has a somewhat different role to other cryptographic algorithms. It is used to return a value based on a piece of data, a file or message, for example. Any accidental or intentional change to the data will change this hash value. A good hash algorithm should make it impossible to either create an initial input that produces a specific hash value or allow the original input to be calculated from the hash value. MD5 and SHA-1 were widely used hash algorithms, but are now considered weak and are being replaced by SHA-224, SHA-256, SHA-384 or SHA-512, sometimes collectively referred to as SHA-2. Microsoft, Google and Mozilla have all announced plans to remove SHA-1 support from their browser products. Although no attacks have yet been reported on the SHA-2 variants, they are algorithmically similar to SHA-1 and so a new hash standard, SHA-3, will be selected in a similar way to AES in the next few years. As you can see, the landscape of cryptography is constantly changing and to stay abreast of the latest developments, follow the news and recommendations from standards bodies such as National Institute of Standards and Technology.

Next Steps

Learn the basics of symmetric and asymmetric encryption technology

Find out how Diffie-Hellman compares to RSA's key exchange algorithm

Learn why symmetric and asymmetric encryption are used in OpenPGP

Dig Deeper on Disk and file encryption tools

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

What does your organization find more effective -- symmetric encryption or asymmetric encryption?