none
Why are Symmetric keys shorter than ASyemmetric keys and provide the same level of security.

    Question

  • Hello

    Can someone please help me with the following question.

    Can someone please give me a brief (if possible) why Symmetric Keys which are much shorter than Asymmetric keys provide a similar level of security (e.g. take as long to crack).

    I understand RSA and can to the math with a piece of paper and the Windows advanced calculator (e.g. encrypt and decrypt a sort message using a couple of small prims likes 53 and 59).

    I also understand ( to a very basic level) AES e.g. 128bit block cypher (I believe a CBC cypher using an unpredictable IV)

    Is there a simple answer if someone says why are Symmetric keys shorted and just as secure or it is just how it is? due to the different math?

    Thank you

    AAnoterUser__


    AAnotherUser__

    Tuesday, August 19, 2014 6:22 PM

Answers

  • > I want to understand whyAsymmetric keys are often 20 times bigger than symmetric.

    it is related to key management. Symmetric keys are short-living (their lifetime may be measured in seconds) and in most cases their length is enough large to protect the data in a short lifespan. Asymmetric keys are long-living, they are valid for even 20 years. Sometimes, it is enough several days to crack the symmetric key. In order to keep the key secure for long period -- additional meausres were introduced: exponents, modulus, more complex mathematical basis, etc., which caused key length increase. However, it costs performance. Asymmetric key performance degradation is dramatic. This is why symmetric and asymmetric keys are used in conjunction: symmetric key is used to encrypt session data or large amount of data and asymmetric key is used to encrypt symmetric key itself.


    My weblog: en-us.sysadmins.lv
    PowerShell PKI Module: pspki.codeplex.com
    PowerShell Cmdlet Help Editor pscmdlethelpeditor.codeplex.com
    Check out new: SSL Certificate Verifier
    Check out new: PowerShell FCIV tool.

    • Marked as answer by AAnotherUser Thursday, August 21, 2014 9:18 PM
    Wednesday, August 20, 2014 4:32 PM
  • Hi AAnotherUser__

    it is true that an 128 bit symmetric key is as secure as a 2304 bit asymmetric key. I am trusting Bruce Schneier's Applied cryptography on this. He recommends using a combination of symmetric and asymmtric keys that are at least equally save, or probably make asymmetric keys even longer as they are more long-lived.

    The reason is explained in this article:

    With symmetric keys you basically would have to try any potential key, with asymmetric keys only a subset of keys would work because the requirement of being a product of two primes has to be met.

    Elke

    • Marked as answer by AAnotherUser Friday, August 22, 2014 10:50 AM
    Friday, August 22, 2014 8:59 AM

All replies

  • Symmetric Key is used for same key for encrypsion & decryption but ASyemmetric key is used two keys (Public & private key) for encrysion & decryption.

    ASyemmetric

    1. If Public key is used for  encrypsion then private key is used for decryption .

    2. If private key is is used for  encrypsion then public key is used for decryption.

    3. It is more secure than Syemmetric


    Regards,

    Biswajit

    MCTS, MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, Enterprise Admin, ITIL F 2011

    Blog:   Script Gallary:   LinkedIn:   

    Note: Disclaimer: This posting is provided & with no warranties or guarantees and confers no rights..

    Wednesday, August 20, 2014 2:47 AM
  • Hello i.biswajith

    Thank you for the reply,

    I understand the concepts OK (at a basic level), I want to understand whyAsymmetric keys are often 20 times bigger than symmetric. Perhaps is it due to Asymmetric using the product of two (normally large) prime numbers in there setup e.g. p multiplied by q to be used as the modulus n as part of the public key. where as Symmetric as far as I know are normally based on block cyphers of a fixed size e.g. 128 bits in and 128bits out. 

    Any way still very much learning this technology, and this was just one of the questions that came to mind

    Thank you

    AAnotherUser__


    AAnotherUser__

    Wednesday, August 20, 2014 6:00 AM
  • > I want to understand whyAsymmetric keys are often 20 times bigger than symmetric.

    it is related to key management. Symmetric keys are short-living (their lifetime may be measured in seconds) and in most cases their length is enough large to protect the data in a short lifespan. Asymmetric keys are long-living, they are valid for even 20 years. Sometimes, it is enough several days to crack the symmetric key. In order to keep the key secure for long period -- additional meausres were introduced: exponents, modulus, more complex mathematical basis, etc., which caused key length increase. However, it costs performance. Asymmetric key performance degradation is dramatic. This is why symmetric and asymmetric keys are used in conjunction: symmetric key is used to encrypt session data or large amount of data and asymmetric key is used to encrypt symmetric key itself.


    My weblog: en-us.sysadmins.lv
    PowerShell PKI Module: pspki.codeplex.com
    PowerShell Cmdlet Help Editor pscmdlethelpeditor.codeplex.com
    Check out new: SSL Certificate Verifier
    Check out new: PowerShell FCIV tool.

    • Marked as answer by AAnotherUser Thursday, August 21, 2014 9:18 PM
    Wednesday, August 20, 2014 4:32 PM
  • Thank you for the explanation Vadims that makes a lot of sense :)

    AAnotherUser__


    AAnotherUser__

    Thursday, August 21, 2014 9:18 PM
  • Hi AAnotherUser__

    it is true that an 128 bit symmetric key is as secure as a 2304 bit asymmetric key. I am trusting Bruce Schneier's Applied cryptography on this. He recommends using a combination of symmetric and asymmtric keys that are at least equally save, or probably make asymmetric keys even longer as they are more long-lived.

    The reason is explained in this article:

    With symmetric keys you basically would have to try any potential key, with asymmetric keys only a subset of keys would work because the requirement of being a product of two primes has to be met.

    Elke

    • Marked as answer by AAnotherUser Friday, August 22, 2014 10:50 AM
    Friday, August 22, 2014 8:59 AM
  • Hello Elke

    Thanks for the Link, that is a great article for a beginner like me :)

    AAnotherUser__


    AAnotherUser__

    • Marked as answer by AAnotherUser Friday, August 22, 2014 10:50 AM
    • Unmarked as answer by AAnotherUser Friday, August 22, 2014 10:50 AM
    Friday, August 22, 2014 9:26 AM
  • Hay Elke

    I have just read the article posted at the link you mentioned above

    Brilliant, Brilliant, wow wow wow :)

    Explains it perfectly to a novice like me, I would recommend any one learning about the basics of cryptography to read that article, nailed it for me.

    Thanks again Elke, and thanks too Vadims

    AAnotherUser__


    AAnotherUser__

    Friday, August 22, 2014 10:50 AM