Symmetric encryption is also known as secret key encryption or session key encryption. This means that it uses the same key to encrypt and decrypt data. A simple example would be moving 1 space forward for encryption and 1 space backward for decryption. The number “1” is a secret key given to two individuals to be kept secret, so no one else would have access to it and moving forward and backward will be the algorithm that goes with the key to make the encryption even more complicated.
Now let’s look at how it works in a scenario. Bob and I share the key “2”, because that’s what we agreed upon. Now using that key, I want to send bob a message. I encrypt my message “HI” by using algorithm of (plus 2) moving forward twice, so it spells out “JK”, since J is the alphabet that’s ahead of H by 2 and K for I by 2. When bob gets my encrypted message of “JK” he will decrypt it by moving 2 alphabets backwards (subtract 2), spelling out “HI”. Now, when strangers try to compromise our encrypted messages, they will have no clue what we are talking about, since they don’t have our key (symmetric key) nor our algorithm.
This works efficiently, especially on computers, because it uses one key. But in a business setting, it’s just not efficient enough. As you add more employees in the organization, you would need to generate numerous keys *n being the number of employees (n-(n-1))/2*. This method just becomes costly. In a business setting where “shared” secrets are sent and received on numerous occasion, it’s more effective to use asymmetric rather than symmetric.
There are two kinds of symmetric key algorithms. These two are called stream ciphers and block ciphers. Stream ciphers work by encrypting a message as a stream of bits one at a time, while block ciphers take blocks of bits, encrypt them as a single unit. We can cover these two in more details down the road.
As you know, encryption is always not safe. These encryption has been broken before by attacks like nown-plaintext attacks, chosen plaintext attacks, differential cryptanalysis and linear cryptanalysis. There are numerous ways it can still be cracked, especially the simple ones.
Most algorithms and keys are much more complex than this. Blowfish, AES, RC4, DES, RC5, and RC6 are examples of symmetric encryption. The most widely used symmetric algorithm is AES-128, AES-192, and AES-256. We’ll cover all these later on in details. Today, I want to focus on the general concept of symmetric and asymmetric encryption.
Asymmetric encryption is also known as public key cryptography. It uses two keys (public and private) as a matched pair to encrypt and decrypt data. Public key is for anyone in the organization to use (even hacker can access it) while private key is just like a personal used in symmetric encryption. Anything that’s encrypted with the public key can only be decrypted with the matching private key.
Let’s look at this in a scenario (without algorithm to make it simpler). For example, I create a brief case that can be locked using the code 7711. I tell that to everyone who wants to send me a private message about the code. Bob then sends me a private message in the brief case that he wants no one else but me to view. Since no one but me has the private key to unlock the brief case, it would be safe. This not only serves as a authentication, but a great way to send message in a open network. When I receive the message, I can use my secret key 9174 to unlock it.
Asymmetric encryption is great to use because it has two primary uses, one being confidentiality and other being authentication. Messages can be signed with a private key, which means that anyone with the public key can verify that the message was created by someone possessing the corresponding private key. This basically offers you proof of identity, so that you can send your personal information to that individual that you trust.
Unlike symmetric encryption, Asymmetric is slower, which is why it’s not a preferred method at work, unless you work in a very secure setting, such as a government position. But recently, it has become popular due to rise in usage of internet. Because asymmetric encryption has the ability to establish a secure channel over a non secure medium, it has been widely used regardless of its high computational burden.
But this encryption also has issues, such as, getting hit with man in the middle attacks, impersonation. Examples of Asymmetric encryption are Diffie-Hellman, RSA, ECC, ElGamal, DSA.
Both symmetric and asymmetric has its uses. Neither of them are good or bad and they both have its ups and downs in particular setting, so you can’t say one is better than the other. Sometimes, robust encryption solutions such as IPsec implement the strengths of both symmetric and asymmetric encryption.