SSL uses both asymmetric cryptography and symmetric cryptography.
Why can't it, or why doesn't it, just use one of them?
Asked
Active
Viewed 6,363 times
14
-
11It is unclear what your are asking but my guess is that you mean SSL/TLS instead of SSI and mean asymmetric (public key) vs. symmetric ("secret key") cryptography. Still it is unclear what you are trying to ask with *"why can't employ one of them?"*. Also, how does the tag *passwords* you used apply to this question? If this is about SSL/TLS you might actually find your answer in [How does SSL/TLS work?](https://security.stackexchange.com/questions/20803/how-does-ssl-tls-work). – Steffen Ullrich Mar 19 '17 at 05:35
-
10Did you make research on what you want to comprehend ? because the question suggests the opposite. – elsadek Mar 19 '17 at 06:06
-
Asymmetric crypto is used just to encrypt the "session key", this one is a symmetric key which is, then, used to ecrypt/decrypt the communication between the server and client. – elsadek Mar 19 '17 at 06:52
-
Technically you can use TLS without public key crypto if you use pre-shared secrets or other key exchange methods. This is however pretty rare due to the advantage of not needing to pre-arrange the connection with public keys. And you can also use a anonymous exchange, which is vulnerable to man in the middle. And just to make the confusion perfect, null-ciphers (i.e. No symmetric encryption) are also possible – eckes Mar 19 '17 at 11:44
-
@elsadek No. Asymmetric cryptography is used to authenticate at least one of the peers. The session key is not encrypted or transmitted. This is a common misunderstanding about TLS. – user207421 Mar 19 '17 at 16:43
-
2SSL is not just "considered" to employ both of those. It ***does*** employ both of those. – user253751 Mar 19 '17 at 22:32
-
@elsadek Adding to what EJP wrote, for example the [Diffie-Hellman key exchange](https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange) protocol allows key agreement without ever transmitting the actual key *in any way* (whether in the clear or encrypted). – user Mar 20 '17 at 08:25
-
1@MichaelKjörling So does TLS. It has its own key agreement protocol, and that is what is used. – user207421 Mar 20 '17 at 11:09
-
It'd be really useful if we could all agree that the asker definitely meant symmetric cryptography by writing "secret key cryptography". That's definitely *not* obvious to me. 'secret key cryptography' is not a phrase I've ever encountered. Nor does a cursory Google search produce any high-quality results for that phrase (for me). – Kenny Evitt Mar 20 '17 at 13:23
-
I'm voting to close this question as off-topic because it lacks basic research – paj28 Mar 20 '17 at 15:12
2 Answers
35
Symmetric cryptography cannot be used for exchanging secrets between machines that had never communicated before, but asymmetric cryptography is limited to encrypting very small data (the size of the key) and is extremely slow when used to encrypt larger blocks. That's why all practical cryptography scheme uses both.
Lie Ryan
- 31,089
- 6
- 68
- 93
-
Actually, you can use symmetric cryptography to do that; however that requires a trusted middle agent to exchange trust. This is sort of like a CA, however (unlike) a CA, it needs to be an active participant. – poncho Mar 19 '17 at 21:24
-
1@poncho Symmetric key crypto requires unique keys per session, especially if you would use it without prior asymmetric crypto to initiate a secure connection. I have no idea how you would implement a trusted middle part that would correctly manage and handle out the symmetric keys without risking impersonation – BlueCacti Mar 19 '17 at 22:17
-
1[Waited to long to edit last comment] Pure symmetric key communications are often only done between parties who know each other and who have an already trusted method of sharing the symmetric keys amongst each other, preferably using a method where each party can identify/authenticate and authorize the other. – BlueCacti Mar 19 '17 at 22:24
-
@GroundZero: the Kerberos model; Alice shares a secret key with the central authority, Bob shares a secret key with the central authority; it all works from there. Yes, asymmetric crypto really is considerably more convenient, however, there are alternatives... – poncho Mar 20 '17 at 03:13
-
@poncho Then said central authority gets compromised. Note that Kerberos solves the problem of one node *authenticating itself* to another; it doesn't attempt to solve the problem of key distribution. Key distribution might possibly be superimposed on top of regular Kerberos, but then you are using it to do something it wasn't intended to do, with all of the caveats that follow. – user Mar 20 '17 at 08:28
-
@poncho In fact TLS does not even assume Alice and Bob aren't going to be compromised, due to https://en.wikipedia.org/wiki/Forward_secrecy – Aron Mar 20 '17 at 09:35
-
`Symmetric cryptography cannot be used for exchanging secrets between machines that had never communicated before` [Diffie-Hellman key exchange](https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange) does just this. – Mordechai Jun 17 '19 at 15:08
-
@Mordechai: No, DH doesn't actually do that. DH requires that the machines had either previously exchanged certificates, or that the machines are able to reach a trusted party to authenticate each other. While anonymous DH is mathematically possible, in practice it is useless as it's vulnerable to MITM. – Lie Ryan Jun 17 '19 at 16:39
13
Just to underline how TLS use this
- Asymmetric cryptography :: The client check the certificate (from the server) and use the public key specified into it. It makes some good things (you can learn more on Wikipedia) and then establish a secret key for symmetric encryption.
- Symmetric cryptography :: Here, the data is securely exchanged between the client and the server, using the secret key generated previously.
Let's say we want just one of them:
- Symmetric only : As the Red Telephone, then you have to establish a secure way to share the key
- Asymmetric only : You need to be really patient, an heavy computational cost, and can be less secure, as it's not using session keys.
Leath
- 306
- 1
- 5