There is a wide range of terminology in use for only two
concepts. Here are the concepts:
- Secret. An algorithm that depends on a key that must remain private is a secret key system. Kerberos uses DES, which is a secret key system, to encrypt information. Because Kerberos shares the secret key among a small group of principals, it is often referred to as a shared secret key system.
- Public. An algorithm that permits a key to be published is called a public key system. PGP uses RSA, which is a public key encryption system.
If a system depends on a secret key, the intention clearly
is to prevent usage by anyone who lacks the key. Any message encrypted with a
secret key may only be decrypted by the holder of the secret key.
A public key system is actually a dual key system. Each key
consists of two parts, a secret part held by a single individual, and a public
part that may be published to the world. Anyone with the public key may encrypt
a message to the holder of the private key, and be confident that only one
individual has access to the message. In the other direction, the holder of the
private part may encrypt a message and send it to the world. Anyone who
decrypts the message with the public part of the key can be confident that the
message could only have originated from one individual. By combining the two
systems and double encrypting a message, it is possible to send a message to a
single individual and provide the recipient with confidence that the message
could only have originated from one person.
The primary advantage of public-key cryptography is
increased security. The private keys do not need to be transmitted or revealed
to anyone. In a secret-key system, by contrast, the potential always exists for
an enemy to discover the secret key during transmission. A disadvantage of
using public-key cryptography for encryption is speed. Certain popular secret-key
encryption methods are significantly faster than any currently available
public-key encryption methods.
With recent advances in the speed of computer hardware, the
trade-off between speed and security is leaning toward the public key-based
systems. Although Kerberos can be implemented with a public key encryption
system, the option to encrypt all data between principals leaves the potential
for very large amounts of encryption to take place. It is only when you plan to
encrypt large volumes of data that a shared secret key system starts to become
the better choice. With this in mind, Kerberos has been designed to handle the
problem of secure distribution of secret keys.
Private or Secret Key
Encryption
A secret-key encryption system consists of an encryption
function and a decryption function. The encryption function uses the key to
generate a mapping of the plaintext into the ciphertext. In the reverse, the
decryption system takes the same key to generate a mapping of the ciphertext
back into the plaintext. Such systems, in which the same key value is used to encrypt
and decrypt, also are known as symmetric cryptosystems. Although many secret
key encryption systems are around, the most well-known system is DES.
No comments:
Post a Comment