IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [asymmetric]

Asymmetric cryptography, or public-key cryptography, is the foundation of security protocols that do not require shared secrets.

Asymmetric cryptography, or public-key cryptography, is the foundation of security protocols that do not require shared secrets. Asymmetric cryptography uses key pairs: a public key and a private key. For example, a protocol that requires data confidentiality can encrypt with the public key and decrypt with the private key. A protocol that requires data authenticity can sign with the private key and verify with the public key.

Use this tag for questions about choosing and understanding protocols based on public-key cryptography algorithms, such as , , , etc. Other related tags include and .

283 questions
294
votes
11 answers

"Diffie-Hellman Key Exchange" in plain English

Can someone explain what the Diffie-Hellman Key Exchange algorithm in plain English? I have read that Twitter has implemented this technology which allows two parties to exchange encrypted messages on top of a non-secured channel. How does that…
user15119
199
votes
8 answers

Why not use larger cipher keys?

RSA Security commonly uses keys of sizes 1024-bit, 2048-bit or even 3072-bit. And most Symmetric algorithms only between 112-bit and 256-bit. I do realize that the current keys are secure enough for today's hardware, but as computers get faster,…
Koning
  • 1,633
  • 3
  • 11
  • 5
132
votes
11 answers

Is it completely safe to publish an ssh public key?

I use a RSA key to log into remote servers with ssh. And I keep my dot files under version control in a publicly accessible place so that I can quickly setup new servers to work the way I like. Right now I don't have my .ssh directory under version…
Brian
  • 1,291
  • 2
  • 8
  • 6
63
votes
7 answers

Asymmetric vs Symmetric Encryption

I am currently taking a Principles of Information Security class. While talking about different encryption methods, a large number of my classmates seem to believe that Asymmetric Encryption is better (more secure) than Symmetric Encryption. A…
matthew
  • 1,090
  • 1
  • 7
  • 10
49
votes
4 answers

Why is key exchange necessary at all?

Let's say "Alice" and "Bob" want to communicate with each other over an insecure network. Using Diffie–Hellman key exchange, they can get the same symmetric key at last. However, as I understand, they do not have to get the same symmetric key at…
Firegun
  • 503
  • 4
  • 8
42
votes
3 answers

Which host key algorithm is best to use for SSH?

When you first connect to an SSH server that is not contained inside your known_hosts file your SSH client displays the fingerprint of the public key that the server gave. I found from this question here that as a client you are able to specify…
user4191887
  • 749
  • 1
  • 6
  • 10
38
votes
7 answers

How dangerous might be publishing a public key?

Maybe this question sounds obvious, but I wonder how dangerous might be publishing a public key for an asymmetric encryption system? I know public keys are meant for encrypting messages by anyone who's meant to do so, that's why we can even download…
nKn
  • 669
  • 2
  • 8
  • 14
38
votes
3 answers

What specific padding weakness does OAEP address in RSA?

It's been recommended to use OAEP when padding messages to be encrypted via RSA, to prevent known plain text attacks. Can someone elaborate this in better detail? I'd specifically like to know the weakness in the previous scheme, both from a…
DeepSpace101
  • 2,143
  • 3
  • 22
  • 35
29
votes
6 answers

Principle of asymmetric algorithm in plain english

I was giving a presentation to my colleagues about cryptography basics in which I explained about asymmetric algorithm and its use. One of the common question from the audience about asymmetric algorithm encryption/decryption is, why can't we…
Sivachandran
  • 393
  • 3
  • 6
25
votes
5 answers

Why is Bruce Schneier recommending symmetric crypto over public key crypto

I just read the article written by Bruce Schneier, the crypto guru. In the article, he says : Prefer symmetric cryptography over public-key cryptography. But, he doesn't shed any light as to why. Now, I thought that public key systems avoid…
Rahul
  • 353
  • 3
  • 6
23
votes
1 answer

Why a symmetric key for HMAC?

I am working on securing a RESTful API and am using the Amazon AWS HMAC model as my guide. I am struggling with coming up with a secure way to store the symmetric keys on my end. What is the standard practice? This is a Java web app running in a…
user25231
  • 233
  • 1
  • 2
  • 6
21
votes
4 answers

What asymetric scheme provides the shortest signature, while being secure?

I've had a look at several signature schemes (DSA, ECDSA for the most common ones), and am wondering about whether there exist a scheme that would have the following properties : Be asymmetric (one need a private key to sign, one can verify with a…
Wam
  • 313
  • 2
  • 6
15
votes
2 answers

How X509 Certificates are used for Encryption

I have small doubt regarding the process of X509. I am aware of OpenPGP Encryption/Decryption, where we generate the public key and private key. We can share the public key to vendors and they can encrypt data with the key and we can decrypt the…
RaceBase
  • 253
  • 1
  • 2
  • 5
15
votes
1 answer

Why is asymmetric encryption less efficient than symmetric encryption?

It's common knowledge that asymmetric encryption is in general much more expensive to compute than symmetric encryption, thus common practice is to use asymmetric encryption to establish a symmetric key for bulk data exchange. I'm not finding any…
Izz
  • 153
  • 1
  • 4
14
votes
2 answers

Ways to generate symmetric and asymmetric keys

We are using Beaglebone Black based custom board, and want to use hybrid encryption for encrypting firmware file, i.e. symmetric for encryption big firmware file and asymmetric for encrypting symmetric key file. I refer to this blog for hybrid…
ART
  • 273
  • 1
  • 2
  • 9
1
2 3
18 19