TechGenix and SolarWinds have partnered to provide a fully-functional, free 21-day trial version of SolarWinds ipMonitor, the WindowsNetworking.com Readers' Choice Award Winner for monitoring applications, servers, and network devices to all visitors who join Security Forums. Sign up to Security Forums and get your copy today! Existing members can pick up a copy from the Members Area.
| View previous topic :: View next topic |
| Author |
Message |
Starrion2003
Just Arrived
Joined: 23 Sep 2003
Posts: 3
|
 Posted: Tue Sep 23, 2003 6:02 pm Post subject: Why symmetric encryption for creation of asymmetric keys? |
 |
|
Hi,
I need some help here, I've been trying to find the answer to this question:
Why is the use of symmetric encryption recommended when creating the asymmetric private key?
A good and valid explanation would help me a lot 
Thx
Hammer
|
|
| Back to top |
|
 |
secprovider
Regular Member
Joined: 14 Jan 2003
Posts: 95
|
| Posted: Tue Sep 23, 2003 6:21 pm Post subject: Re: Why symmtric encryption for creation of asymmetric keys. |
|
|
I think you mean using public key to exchange secret key?
Because "symmetric encryption recommended when creating the asymmetric private key" sounds strange.
| Starrion2003 wrote: |
Hi,
I need some help here, I've been trying to find the answer to this question:
Why is the use of symmetric encryption recommended when creating the asymmetric private key?
A good and valid explanation would help me a lot
Thx
Hammer |
Last edited by secprovider on Thu Mar 11, 2004 12:22 pm; edited 1 time in total |
|
| Back to top |
|
|
Sgt_B
Trusted SF Member
Joined: 28 Oct 2002
Posts: 1145
Location: Chicago,IL US
|
| Posted: Tue Sep 23, 2003 6:29 pm Post subject: |
|
|
Agreed, the question does sound a bit odd. Are you talking about encrypting your private key with symmetric encryption???
Or...
Are you asking why use symmetric encryption along with asymmetric encryption?
Anyway...please expand/clarify your previous question, and we'll be able to answer it.
_________________
"All that is necessary for the triumph of evil is that good men do nothing." --Edmund Burke (1729 - 1797)
|
|
| Back to top |
|
|
ShaolinTiger
Forum Fanatic
Joined: 18 Apr 2002
Posts: 2767
Location: Kuala Lumpur, Malaysia
|
| Posted: Tue Sep 23, 2003 6:39 pm Post subject: |
|
|
Indeed a good and valid question would go a long way 
Seems suspiciously like some kind of assignment to me..
_________________
Share your knowledge, it's a
way to achieve Immortality.
Quit Smoking - Darknet Hacking
Kung-Fu Geekery
|
|
| Back to top |
|
|
secprovider
Regular Member
Joined: 14 Jan 2003
Posts: 95
|
| Posted: Tue Sep 23, 2003 6:53 pm Post subject: |
|
|
Anway if it is an assignment, probably you are asked why you use asymmetric encryption along with symmetric encryption.
Normally asymmetric encryption is more secure but time-consuming. On the other hand, for symmetric encryption the key length does not affect consumed time exponentially. So if you can distribute the secretkey securely, you can choose a long keylength for symmetric encryption and provide security.
The answer to "distribute the secretkey securely" is asymmetric encryption. So just once use asymmetic enc. and distribute the secretkey, and then go on with symmetric encryption.
I hope this helps.
| ShaolinTiger wrote: |
Seems suspiciously like some kind of assignment to me.. |
|
|
| Back to top |
|
|
Starrion2003
Just Arrived
Joined: 23 Sep 2003
Posts: 3
|
| Posted: Tue Sep 23, 2003 7:08 pm Post subject: |
|
|
Someone did said the magic word here - it wasn't me that dreamed up this unambiguous question 
Spent a long time trying to figure it out, and each time I come up with an answer I read the question again and delete it......
I thought assymetric encryption and key management was the solution to the problem with symmetric/private key distribution. So it beats me why it is 'recommended to use symmetric encryption for the creation of asymmetric keys'. Sounds like a gross contradiction to me!
Speed and security is well and good as long as the key can be distributed safely, but this doesn't really answer the question - does it?
|
|
| Back to top |
|
|
b4rtm4n
Trusted SF Member
Joined: 26 May 2002
Posts: 1248
Location: Bi Mon Sci Fi Con
|
| Posted: Tue Sep 23, 2003 7:28 pm Post subject: |
|
|
do you mean something along the lines of Diffie-Helman??
From http://www.netip.com/articles/keith/diffie-helman.htm
| Quote: |
| it is typical practice to use a symmetric system to encrypt the data and an asymmetric system to encrypt the symmetric keys. That is precisely what Diffie-Hellman is capable of doing – and does do when used for key exchange |
_________________
Went to a party, I danced all night
I drank 16 beers, And I started up a fight !
Too Drunk Too Fsck - The Dead Kennedys
|
|
| Back to top |
|
|
JustinT
Trusted SF Member
Joined: 17 Apr 2003
Posts: 1233
Location: Charlotte, NC, US / Uberlândia, MG, Brazil
|
| Posted: Wed Sep 24, 2003 9:33 am Post subject: Hmm, good question. |
|
|
| secprovider wrote: |
Anway if it is an assignment, probably you are asked why you use asymmetric encryption along with symmetric encryption.
Normally asymmetric encryption is more secure but time-consuming. On the other hand, for symmetric encryption the key length does not affect consumed time exponentially. So if you can distribute the secretkey securely, you can choose a long keylength for symmetric encryption and provide security.
The answer to "distribute the secretkey securely" is asymmetric encryption. So just once use asymmetic enc. and distribute the secretkey, and then go on with symmetric encryption.
|
This is partially true. You hit the nail on the head when you said that asymmetric cryptography is the solution to distribution of secret keys. In fact, this is the primary intent, only. However, saying that it is more secure is not a safe conjecture. This is because public-key cryptosystems are susceptible to chosen-plaintext attacks. If C=E(P) and n denotes a set of plaintexts, consider that an analyst only has to encrypt this set and compare this with C, as P belongs in that set. Now, you won't be able to determine the decryption key with this attack, but you can recover P. To solve this potentially serious problem, you can pad messages with random data, which causes identical messages to encrypt to different ciphertexts. Another downfall is encrypting small messages, m. Let's suppose one of our exponents, e, equals 5. Now, if m is smaller than the 5th root on our modulus, n, then we are faced with no modular reduction, as m^e=m^5 < n. Now what does this mean, you ask? Well, let's say all we want to encrypt is a 256-bit symmetric key. If we only encrypt this as a 256-bit integer, we end up with a value that is much smaller than the modulus. Again, no modular reduction. So, key recovery becomes as simple as computing the 5th root of the encrypted value. Padding is only one small solution. When all is said and done, keeping structure to RSA values is of much more concern. You need a way of diminishing this structure to the farthest extent possible. However ironic, structure within this structure is not a cool thing.
There's always the infamous Man-in-the-Middle attack, or MITM, of which can negate any security that the underlying symmetric algorithm in the hybrid system may offer. Authentication, authentication, and more authentication. Use it.
Even then, with RSA (the most likely choice), you are limited by the modulus, n, as to the allowed size of the message you'd like to encrypt.
So, of course, asymmetric cryptography isn't suitable for message encryption, not only because of this, but because it's significantly much slower, in juxtaposition with symmetric cryptography. With these impracticalities, it seems you have a flock of birds to kill, but only one stone this time.
The larger the keys, the greater consumption of time. This holds true for symmetric cryptography, as well, believe it or not. Factoring in the trade off between time and key length may not be exponential, as there are exceptions, but it can be rather significant at times. The algorithm in question, can determine this as well. Take AES and Serpent, for example. AES is slower, as the key length increases, whereas Serpent operates at the same speed for any key length; this being an exception.
The most important relevance between asymmetric and symmetric cryptography is key exchange methodology. That's the whole she-bang. Diffie-Hellman, or DH, as we crypto-junkies refer to it, is the original concept of such. Cheers to b4rtm4n for mentioning it, along with a link.
Now, I'm going to try to answer the question at hand, the best way I perceive. I'm going to do so, very briefly, by presenting the most common way to generate asymmetric keys, which is through a PRNG-induced mechanism. This isn't necessarily simple, as there are dos and donts. The latter of which can produce a bad PRNG, which will generate predictable patterns of composites - such as the same result, each time. Now that we've established that a PRNG is commonly used to generate keys, with RSA, for instance, we can now look at how this correlates to symmetric cryptography. In all honesty, before I elaborate, I'll say that this question is a little vague and perhaps a bit misleading. However, I can be technical enough to shed some light as to what it *could* validly mean. A PRNG, obviously, has a "generator" function. Simply, without brewing anymore mathematical equations, this generator function may consist of a conventional block cipher, such as AES, which just so happens to be symmetric. Ultimately, this symmetric block cipher is part of a PRNG, which is ultimately part of an RSA key pair generation, which is ultimately part of a PKI, which exhibits an interaction between asymmetric and symmetric systems. There you have it. My opinion on your question, in regards to how a symmetric algorithm plays an important role in asymmetric key generation. Sure, essentially, in a PKI environment, it's important. The sad thing is, a great majority of implementers aren't well-versed enough in cryptography to successfully deploy asymmetric methodology to begin with, much less reap the security of any other facet of the overall system. Asymmetric encryption only serves its purpose, if you take the necessary procedures required to thwart the system from the relative attack model, which is introduced when using this type of cryptography.
Trust me, it's not this easy. To deploy these figments in a trustworthy succession, consider that there are many cons to go along with the pros. If you're not careful, you'll be tripping into so many holes, security will only be a pipedream that you won't wake up to.
_________________
"Strict Avalanche Criterion n. Restrictive clause in ski-insurance policy."
Last edited by JustinT on Sun Mar 14, 2004 9:17 pm; edited 3 times in total |
|
| Back to top |
|
|
Starrion2003
Just Arrived
Joined: 23 Sep 2003
Posts: 3
|
| Posted: Wed Sep 24, 2003 12:53 pm Post subject: |
|
|
Thanx for all the effort and good replies guys! 
No matter what conclusion I reach, I've learned a lot - that's for sure!
|
|
| Back to top |
|
|
aberent
Trusted SF Member
Joined: 08 May 2003
Posts: 128
Location: Toronto
|
| Posted: Wed Sep 24, 2003 3:12 pm Post subject: |
|
|
| Starrion2003 wrote: |
Thanx for all the effort and good replies guys!
No matter what conclusion I reach, I've learned a lot - that's for sure! |
Usually asymmetric encryption is used for key exchange while symmetric encryption is used for the actual encryption of the message. This is done because symmetric encryption is faster.
So the basic steps are:
Generate a symmetric key
Encrypt symmetric key using asymmetric encryption (RSA)
Send it to the other party
Encrypt the rest of the data using symmetric key
Send it to the other party.
Discard the symmetric key (never reuse)
This is very simplified but basically that is how it works.
_________________
Adam Berent
www.abisoft.net
|
|
| Back to top |
|
|
Dwonis
Frequent Member
Joined: 27 Jul 2003
Posts: 106
Location: Canada
|
| Posted: Thu Mar 11, 2004 5:58 am Post subject: |
|
|
|
Also, when you're generating a private key (for example, in PGP), you will typically be asked if you want to encrypt it with a symmetric algorithm (where the "passphrase" you choose is used to generate the symmetric key) before it is stored in a file on your hard disk. That way, if your adversaries get access to the file where your private key is stored, the file won't be of much use to them unless they also manage to pry the passphrase from your brain.
|
|
| Back to top |
|
|
Voyager
Just Arrived
Joined: 22 Nov 2003
Posts: 5
Location: 303
|
| Posted: Thu Mar 25, 2004 10:43 am Post subject: |
|
|
| secprovider wrote: |
| Normally asymmetric encryption is more secure but time-consuming. |
Actually, for a given key-length, symmetric ciphers tend to be more secure than asymmetric ciphers.
This is why you see 64-256 bit keys with symmetric ciphers and 512-4096 bit keys with asymmetric ciphers.
Voyager
_________________
Webmaster: http://www.hackfaq.org
|
|
| Back to top |
|
|
JustinT
Trusted SF Member
Joined: 17 Apr 2003
Posts: 1233
Location: Charlotte, NC, US / Uberlândia, MG, Brazil
|
| Posted: Thu Mar 25, 2004 7:10 pm Post subject: Be careful. |
|
|
| Voyager wrote: |
Actually, for a given key-length, symmetric ciphers tend to be more secure than asymmetric ciphers.
This is why you see 64-256 bit keys with symmetric ciphers and 512-4096 bit keys with asymmetric ciphers.
|
Your statements aren't that dangerous, and generally true, if you understand the context. However, they may be a bit misleading to those who don't.
Semantically, it is a generally acceptable statement to say that symmetric ciphers tend to be more secure than asymmetric ciphers. This is based on the mathematical problems in which they gain their conditional security, and the structure of which each type exhibits. It has very little to do with their key lengths, as most people falsely compare them. This holds true for the inherent purpose of symmetric cryptography - typically, message encryption. Asymmetric cryptography provides a layer of security for the transmission of symmetric session keys, thus giving it the inherent purpose of - typically, key encryption. Essentially, both have properties that satisfy security notions that one or the other doesn't.
There is also an inaccuracy in comparing the two in a "for a given key-length" sense. This is only conditionally true, in a minuscule way. It is conjectured that an 80-bit symmetric key and 1024-bit asymmetric key share the same general level of security, given the conditions of the structures of each type of cryptography. However, to actually compare these two types of cryptography is absurd, when discussing any other common key lengths; especially larger keys.
The mathematical structure, in conjunction with the cryptanalytical security, is much different between the two, and because of that, the attack models are like apples and oranges; quite different. It serves no logic to base a decision upon this. Also, such a statement, as quoted, may give the implication that asymmetric and symmetric cryptography should be juxtaposed in regards to the same purpose; in this case, portraying both types of cryptography as a game of golf - the lower score (key), the better. In all actuality, symmetric cryptography uses such sized keys because that is how symmetric cryptography is designed, as is asymmetric cryptography, respectively.
It is an unfair criticism to say, for example, "AES is more secure for 128-bit keys than RSA is for 1024-bit keys." Message encryption is the primary purpose of symmetric cryptography, while only a canonical function of asymmetric cryptography that you hardly see in wide-scale practice. People may get the idea that AES and RSA may function similarly, for the same purpose, but it takes a larger key (more computational power and memory) for RSA to be secure, when in fact, AES and RSA serve two different purposes. I have seen numerous misconceptions pertaining to this. Therefore, you should be careful as to how you portray them, because this is from where many misconceptions derive.
Be sure to specify, completely.
Otherwise, it leaves the statement open to many negating counter-statements, such as saying that it makes no sense to use a 40-bit symmetric key with a 4096-bit asymmetric key, nor does it makes sense to use a 512-bit symmetric key with a 128-bit asymmetric key. This shows that either type of key can be more environmentally and computationally "secure", if one or the other is poorly chosen for a "given" length. They should both be chosen for security, based on reasonable estimates, and not compared to each other in any other way but the security of being used together, in a hybrid scheme. It can be quite confusing when referring to the security of a key, and the security of an algorithm. Both of these concepts come into play, when symmetric and asymmetric cryptography is juxtaposed. Many fail to realize that there are actually mathematics to understand. Imagine that.
If you should be comparing any facet of both types, it is what I call the cryptanalytical computation value. This simply denotes the "shelf life" of a key, while considering cryptanalytical and computational aspects of their respective life spans. Even then, never find yourself trying to predict the future of computational feasibility; just use the obvious as a probable pointer. If you have followed the history of cryptography, for the past few decades, you will notice that asymmetric keys generally have a longer "shelf life" and since we use them to encrypt our symmetric session keys, we want to make sure they are secure enough to satisfy our estimates, if they hold true. This is why choosing an asymmetric key that is estimated to be much stronger than a symmetric key is a good tactic. This isn't to say that the symmetric key should be weak, by any means. This is just based on the current estimates of their life span. The basis for the estimates of either is much different, and we rely more on the size of an asymmetric key, for an asymmetric algorithm's security, than we do on a symmetric key, for a symmetric algorithm's security, in one sense, from the perspective of cryptanalysis of their structure's security and the problems on which they are based. There is a basis for this "prediction scale", along with referenced formulas, but it is rather volatile, as any other would be. Don't live by this, though, as any prediction of cryptographic key security can be very dangerous.
However, to obtain a "2^128 security level", if we actually used the suggested key lengths of both symmetric (256-bit) and asymmetric (6800-bit) cryptography, in a myriad of cases, we would not be able to computationally afford it; especially in the case of asymmetric cryptography. 256-bit symmetric keys and 2048-bit asymmetric keys should be your absolute minimum, to ensure sufficient security for both.
Overall, the idea is to keep both symmetric and asymmetric properly secure, in your system - not illogically compare them in many of the regards in which they are compared by the media.
_________________
"Strict Avalanche Criterion n. Restrictive clause in ski-insurance policy."
|
|
| Back to top |
|
|
|
