Answered by:
Why are Symmetric keys shorter than ASyemmetric keys and provide the same level of security.

Hello
Can someone please help me with the following question.
Can someone please give me a brief (if possible) why Symmetric Keys which are much shorter than Asymmetric keys provide a similar level of security (e.g. take as long to crack).
I understand RSA and can to the math with a piece of paper and the Windows advanced calculator (e.g. encrypt and decrypt a sort message using a couple of small prims likes 53 and 59).
I also understand ( to a very basic level) AES e.g. 128bit block cypher (I believe a CBC cypher using an unpredictable IV)
Is there a simple answer if someone says why are Symmetric keys shorted and just as secure or it is just how it is? due to the different math?
Thank you
AAnoterUser__
AAnotherUser__
Question
Answers

> I want to understand whyAsymmetric keys are often 20 times bigger than symmetric.
it is related to key management. Symmetric keys are shortliving (their lifetime may be measured in seconds) and in most cases their length is enough large to protect the data in a short lifespan. Asymmetric keys are longliving, they are valid for even 20 years. Sometimes, it is enough several days to crack the symmetric key. In order to keep the key secure for long period  additional meausres were introduced: exponents, modulus, more complex mathematical basis, etc., which caused key length increase. However, it costs performance. Asymmetric key performance degradation is dramatic. This is why symmetric and asymmetric keys are used in conjunction: symmetric key is used to encrypt session data or large amount of data and asymmetric key is used to encrypt symmetric key itself.
My weblog: enus.sysadmins.lv
PowerShell PKI Module: pspki.codeplex.com
PowerShell Cmdlet Help Editor pscmdlethelpeditor.codeplex.com
Check out new: SSL Certificate Verifier
Check out new: PowerShell FCIV tool. Marked as answer by AAnotherUser Thursday, August 21, 2014 9:18 PM

Hi AAnotherUser__
it is true that an 128 bit symmetric key is as secure as a 2304 bit asymmetric key. I am trusting Bruce Schneier's Applied cryptography on this. He recommends using a combination of symmetric and asymmtric keys that are at least equally save, or probably make asymmetric keys even longer as they are more longlived.
The reason is explained in this article:
With symmetric keys you basically would have to try any potential key, with asymmetric keys only a subset of keys would work because the requirement of being a product of two primes has to be met.
Elke
 Marked as answer by AAnotherUser Friday, August 22, 2014 10:50 AM
All replies

Symmetric Key is used for same key for encrypsion & decryption but ASyemmetric key is used two keys (Public & private key) for encrysion & decryption.
ASyemmetric
1. If Public key is used for encrypsion then private key is used for decryption .
2. If private key is is used for encrypsion then public key is used for decryption.
3. It is more secure than Syemmetric
Regards,
Biswajit
MCTS, MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, Enterprise Admin, ITIL F 2011
Blog: Script Gallary: LinkedIn:Note: Disclaimer: This posting is provided & with no warranties or guarantees and confers no rights..

Hello i.biswajith
Thank you for the reply,
I understand the concepts OK (at a basic level), I want to understand whyAsymmetric keys are often 20 times bigger than symmetric. Perhaps is it due to Asymmetric using the product of two (normally large) prime numbers in there setup e.g. p multiplied by q to be used as the modulus n as part of the public key. where as Symmetric as far as I know are normally based on block cyphers of a fixed size e.g. 128 bits in and 128bits out.
Any way still very much learning this technology, and this was just one of the questions that came to mind
Thank you
AAnotherUser__
AAnotherUser__

> I want to understand whyAsymmetric keys are often 20 times bigger than symmetric.
it is related to key management. Symmetric keys are shortliving (their lifetime may be measured in seconds) and in most cases their length is enough large to protect the data in a short lifespan. Asymmetric keys are longliving, they are valid for even 20 years. Sometimes, it is enough several days to crack the symmetric key. In order to keep the key secure for long period  additional meausres were introduced: exponents, modulus, more complex mathematical basis, etc., which caused key length increase. However, it costs performance. Asymmetric key performance degradation is dramatic. This is why symmetric and asymmetric keys are used in conjunction: symmetric key is used to encrypt session data or large amount of data and asymmetric key is used to encrypt symmetric key itself.
My weblog: enus.sysadmins.lv
PowerShell PKI Module: pspki.codeplex.com
PowerShell Cmdlet Help Editor pscmdlethelpeditor.codeplex.com
Check out new: SSL Certificate Verifier
Check out new: PowerShell FCIV tool. Marked as answer by AAnotherUser Thursday, August 21, 2014 9:18 PM


Hi AAnotherUser__
it is true that an 128 bit symmetric key is as secure as a 2304 bit asymmetric key. I am trusting Bruce Schneier's Applied cryptography on this. He recommends using a combination of symmetric and asymmtric keys that are at least equally save, or probably make asymmetric keys even longer as they are more longlived.
The reason is explained in this article:
With symmetric keys you basically would have to try any potential key, with asymmetric keys only a subset of keys would work because the requirement of being a product of two primes has to be met.
Elke
 Marked as answer by AAnotherUser Friday, August 22, 2014 10:50 AM

Hello Elke
Thanks for the Link, that is a great article for a beginner like me :)
AAnotherUser__
AAnotherUser__
 Marked as answer by AAnotherUser Friday, August 22, 2014 10:50 AM
 Unmarked as answer by AAnotherUser Friday, August 22, 2014 10:50 AM

Hay Elke
I have just read the article posted at the link you mentioned above
Brilliant, Brilliant, wow wow wow :)
Explains it perfectly to a novice like me, I would recommend any one learning about the basics of cryptography to read that article, nailed it for me.
Thanks again Elke, and thanks too Vadims
AAnotherUser__
AAnotherUser__