Skip to content

CS204 - Cyber Law

1 Topics 23 Posts
  • 0 Votes
    5 Posts
    887 Views
    zaasmiZ

    Actually, it’s difficult to compare the cryptographic strengths of symmetric and asymmetric key encryptions. Even though asymmetric key lengths are generally much longer (e.g. 1024 and 2048) than symmetric key lengths (e.g. 128 and 256), it doesn’t, for example, necessarily follow that a file encrypted with a 2048-bit RSA key (an asymmetric key) is already tougher to crack than a file encrypted with a 256-bit AES key (a symmetric key).

    Instead, it would be more appropriate to compare asymmetric and symmetric encryptions on the basis of two properties:

    Their computational requirements, and

    Their ease of distribution

    Symmetric key encryption doesn’t require as many CPU cycles as asymmetric key encryption, so you can say it’s generally faster. Thus, when it comes to speed, symmetric trumps asymmetric. However, symmetric keys have a major disadvantage especially if you’re going to use them for securing file transfers.

    Because the same key has to be used for encryption and decryption, you will need to find a way to get the key to your recipient if he doesn’t have it yet. Otherwise, your recipient won’t be able to decrypt the files you send him. However way you do it, it has to be done in a secure manner or else anyone who gets a hold of that key can simply intercept your encrypted file and decrypt it with the key.

    The issue of key distribution becomes even more pronounced in a file transfer environment, which can involve a large number of users and likely distributed over a vast geographical area. Some users, most of whom you may never have met, might even be located halfway around the world. Distributing a symmetric key in a secure manner to each of these users would be nearly impossible.

    Asymmetric key encryption doesn’t have this problem. For as long as you keep your private key secret, no one would be able to decrypt your encrypted file. So you can easily distribute the corresponding public key without worrying about who gets a hold of it (well, actually, there are spoofing attacks on public keys but that’s for another story). Anyone who holds a copy of that public key can encrypt a file prior to uploading to your server. Then once the file gets uploaded, you can decrypt it with your private key.