Thursday, December 24, 2009

Symmetric vs Asymmetric

Cryptography covers 15 percent of the CompTIA Security+ (Exam SY0-201) objectives, and cryptographic algorithms are important to understand.

Algorithms are primarily characterized as either symmetric or asymmetric.  In short, symmetric encryption uses a single key to encrypt and decrypt. Asymmetric uses two keys.

Symmetric encryption:
  • Is about 1000 times faster than asymmetric encryption.
  • Uses the same key to encrypt as it does to decrypt.  For example, if the key 123 is used to encrypt data using the Advanced Encryption Standard (AES), then the same key of 123 is used to decrypt the data. (Encryption keys are actually much more complex than just a simple number like 123.)
  • The key is commonly called a session key, a shared key, a preshared key, or a shared secret.
  • The most popular encryption algorithm is AES which faster and more efficient than other encryption algorithms (such as DES and 3DES).
Asymmetric encryption:
  • Is extremely slow compared to symmetric encryption so only used to encrypt/decrypt a very small amount of data.
  • Is primarily used to privately share a symmetric key over a public network (such as the Internet).  Once the key is exchanged using asymmetric encryption, symmetric encryption is used to encrypt session data.
  • Uses two keys know as a public key and a private key (or public/private key pair).  The public key is freely shared but the private key is kept private for a single entity (such as a single server). 
  • Requires a public key infrastructure (PKI) to publish certificates. Public keys are published in a certificate and the certificate is freely shared to others.
  • If a public key encrypts data, only the private key can decrypt it. 
  • If a private key encrypts data, only the public key can decrypt it.
Other blogs on cryptography you might like:
And of course, this book CompTIA Security+: Get Certified Get Ahead: SY0-201 Study Guide has a full chapter on the relevant cryptography concepts needed to pass the Security+ exam the first time.

 Good luck with your studies.

Darril Gibson