Security Issues with Symmetric Cryptography
One of the issues with symmetric cryptography is that you need a secure way to transport the key from one user to another. This is generally simple if the users are located in the same building, because you can just walk over to the other persons office and whisper it to them. However, its a bit more complex if one user is in a different physical location. If you communicate the key via an insecure channel, such as an unencrypted email message, the confidentiality of any information encrypted with that key is at risk; because its possible someone eavesdropped on the key communication. Another issue is that everyone who has the key must take care not to disclose it to others who are not authorized to have it for example, they shouldnt write it down in an obvious place where unauthorized people might see it.
Encryption tends to be even more computationally expensive than hashing. This is deliberate for a number of reasons, one of which is resistance to brute-force attacks. As mentioned earlier in the book, one way to discover a password is simply through brute force -- try many possible passwords, running each through the appropriate encryption algorithm, and comparing the results with the encrypted version. The longer it takes to compute the encrypted version, the fewer attempts can be made per second, or hour, or month.
One reason that encryption algorithms become outdated is that technology catches up with them. Algorithms which used to take hundreds of years to brute force on the original 4.77mhz IBM PC can be attacked in much shorter period of time on the latest 2.4ghz Pentium 4. The less time it takes, the weaker the algorithm is considered to be.
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.