3

In symmetric encryption, the key responsibility is for the two parties involved (sender and receiver). Hence, it can be more vulnerable, and can cause accountability issue in cases ofthe key is compromise. If symmetric encryption is too risky, then why are other those algorithm so successful and even used today?

user43387
  • 49
  • 1
  • 3
  • 2
    Are you certain that you understood the difference between **symmetric** and **asymmetric** encryption? At least to my knowledge it is not common to say **private key encryption**. At best I think there is something like **decryption + signing using the private key of an RSA public+private key pair** – humanityANDpeace Apr 03 '14 at 14:30
  • 1
    Do you mean shared key encryption or public-private key encryption? RSA is an example of that latter and as such the private key is *not* the responsibility of both parties. – Emily Shepherd Apr 03 '14 at 14:30

3 Answers3

4

There is symmetric encryption where encryption and decryption use the same key (e.g. AES, 3DES), and asymmetric encryption where encryption and decryption use distinct keys, and the encryption key can be made public without disclosing the decryption key (e.g. RSA).

We use both kinds of algorithms because neither can do all that the other can do. Symmetric encryption cannot offer the "public key" thing. Asymmetric encryption implies heavy performance issues, in particular data size expansion (and there is also a matter of CPU usage, though it is in fact secondary). If we restricted ourselves to just symmetric encryption, or just asymmetric encryption, then we would lose on functionalities. We really need both.

Hybrid encryption is the commonly used terminology to designate an assembly of a symmetric encryption algorithm and an asymmetric encryption algorithm (or key exchange algorithm).

Tom Leek
  • 170,038
  • 29
  • 342
  • 480
1

RSA is not symmetric encryption. It is an asymmetric algorithm used with keypairs of public and private keys.

Usually symmetric algorithms are used as part of hybrid encryption systems. You generate a unique one-time symmetric key for each message, encrypt the message with it, encrypt the symmetric key with an asymmetric public key(s) of the receiver(s), and then send encrypted message and encrypted key to the receiver(s).

Because each key is only used for a single message, its confidentiality is on the same level as the plaintext of the message itself.

Philipp
  • 49,017
  • 8
  • 127
  • 158
0

Symmetric encryption is faster.

Asymmetric encryption is usually used to securely share a symmetric key between two parties.

user2675345
  • 1,651
  • 9
  • 10