If you don’t want to be troubled with the key exchange problems that come with symmetric algorithms, try asymmetric algorithms. How do they work?
Asymmetric algorithms use two different keys to encrypt and decrypt data. One for the sender and the other for the receiver. The sender uses the so-called public key to encrypt a message, while the receiver uses a private key to decrypt it.
This way if I’m the receiver, I could post my public key online and you can write me encrypted messages, which only I can decrypt with my private key (if it isn’t stolen from me).
Popular asymmetric systems in use today
|RSA||Named after its inventors Ron Rivers, Adi Shamir and Leonard Adleman. De facto standard. Used in many environements including SSL.||The most commonly used asymmetric algorithm. Used for encryption and digital signatures.|
|Elliptic Curve Cryptography (ECC)||Similar to RSA, but uses smaller key sizes to obtain the same level of security. Based on the idea of using points on a curve combinad with a point at infinity and the difficulty of solving discrete logarithm problems.||Option to RSA that uses less computing power than RSA. Popular in smart phones and other smaller devices.|
|Diffie- Hellman||Created by Whitfield Diffie and Martin Hellman (cool last name). Founders of the public/private key concept. Used to send keys across public networks. (to share them for symmetric encryption).||Key agreement.|
|ElGamal||Developed by Taher Elgamal. Uses an ephemeral key. An ephemeral key exists only for that session.||Transmitting digital signatures and key exchanges.|
What cryptography should you use?
While symmetric algorithms are faste than asymmetric algorithms, they burden a bigger risk of key disclosure.
So you should use oth of them where their strengths are needed and their weaknesses aren’t a bit risk.
The most important aspect is to use only proven cryptography technologies. Kerckhoffs principle states that the security of an algorithm should depend only on the secrecy of the key rather than the secrecy of the algorithm.
The algorithms presented in this and last weeks post are all public. “Open Source” if you will. This allows researchers to find flaws and correct them.
Use the algorithm systems presented in last weeks and this post. Avoid new or secret methods.