Hybrid cryptosystem: Difference between revisions
imported>Sandy Harris (expand a bit) |
mNo edit summary |
||
(5 intermediate revisions by 3 users not shown) | |||
Line 1: | Line 1: | ||
{{subpages}} | {{PropDel}}<br><br>{{subpages}} | ||
{{TOC|right}} | {{TOC|right}} | ||
'''Hybrid cryptosystems''' combine [[public key]] (asymmetric) [[cryptography]] with [[Symmetric key cryptography|secret key]] (symmetric) techniques such as [[block cipher]]s, [[stream cipher]]s and [[cryptographic hash]]es. Because asymmetric techniques are typically slower than symmetric techniques by orders of magnitude, it is more efficient to only [[Digital signature|sign]] the hash of a message than the message itself. Similarly, public-key encryption is only used to encrypt a symmetric key, which is then used to encrypt the message. Thus, the [[public key]] techniques provide [[information security#source authentication|source authentication]] and [[key management]] services while the faster symmetric techniques do the high-volume data processing. | '''Hybrid cryptosystems''' combine [[public key]] (asymmetric) [[cryptography]] with [[Symmetric key cryptography|secret key]] (symmetric) techniques such as [[block cipher]]s, [[stream cipher]]s and [[cryptographic hash]]es. Because asymmetric techniques are typically slower than symmetric techniques by orders of magnitude, it is more efficient to only [[Digital signature|sign]] the hash of a message than the message itself. Similarly, public-key encryption is only used to encrypt a symmetric key, which is then used to encrypt the message. Thus, the [[public key]] techniques provide [[information security#source authentication|source authentication]] and [[key management]] services while the faster symmetric techniques do the high-volume data processing. | ||
Line 21: | Line 21: | ||
Bob checks the authentication data, does a [[public key]] decryption to get K, then uses K to decrypt the actual message. | Bob checks the authentication data, does a [[public key]] decryption to get K, then uses K to decrypt the actual message. | ||
== | == Tunnelling systems == | ||
There are a number of network protocols which create secure encrypted tunnels between two endpoints, [[IPsec]], [[SSL]] and [[SSH]]. Details vary, but in | There are a number of network protocols which create secure encrypted tunnels between two endpoints, [[IPsec]], [[SSL]] and [[SSH]]. Details vary, but in principle they all work the same way: | ||
* provide an authentication mechanism, usually some public key system but in some cases just a shared secret | * provide an authentication mechanism, usually some [[public key]] system but in some cases just a shared secret | ||
* use a [[Diffie-Hellman]] exchange to generate some shared keying material. D-H is insecure without authentication, so apply your authentication here. | * use a [[Diffie-Hellman]] exchange to generate some shared keying material. D-H is insecure without authentication, so apply your authentication here. | ||
* use a symmetric cipher — [[block cipher]] or [[stream cipher]] — and the shared keying material to encrypt data | * use a symmetric cipher — [[block cipher]] or [[stream cipher]] — and the shared keying material to encrypt data | ||
* (in most cases) use a [[hashed message authentication code]] and some additional shared keying material to authenticate messages | |||
This requires that both players have a good [[random number generator]] for the Diffie-Hellman protocol. Some variants also require a secure method of expanding a relatively small shared secret into a larger set of shared keys. | |||
== Key sizes == | == Key sizes == | ||
RFC 3766 has guidance on choosing appropriate key sizes for the public key algorithms in hybrid systems, to match the strength of other algorithms. | RFC 3766 has guidance on choosing appropriate key sizes for the public key algorithms in hybrid systems, to match the strength of other algorithms.[[Category:Suggestion Bot Tag]] |
Latest revision as of 11:00, 30 August 2024
This article may be deleted soon. | ||
---|---|---|
Hybrid cryptosystems combine public key (asymmetric) cryptography with secret key (symmetric) techniques such as block ciphers, stream ciphers and cryptographic hashes. Because asymmetric techniques are typically slower than symmetric techniques by orders of magnitude, it is more efficient to only sign the hash of a message than the message itself. Similarly, public-key encryption is only used to encrypt a symmetric key, which is then used to encrypt the message. Thus, the public key techniques provide source authentication and key management services while the faster symmetric techniques do the high-volume data processing. For the Internet, there are a number of security systems that are hybrid cryptosystems — PGP for email, TLS for the web, SSH for remote login, IPsec as a general protection mechanism, and DNS security. All require a source of cryptographic quality random numbers. PGPTake PGP as an example. If Alice wants to securely send a message to Bob, she cannot just use a symmetric method without first securely delivering the key to him. Securely delivering a key is not a trivial problem; anything sent over the net might be monitored, phones might be tapped and so on. Bob might be some distance away and sending an officer with a briefcase handcuffed to his wrist is often impractical. If she can get Bob's public key and verify that it is valid, she can securely send a message using a public key system. However, such systems are generally much slower than symmetric methods; using them for large messages is expensive. In PGP, therefore, the public key technique is used only to provide authentication and to securely transport the symmetric keys for a block cipher. The steps for Alice are:
Bob checks the authentication data, does a public key decryption to get K, then uses K to decrypt the actual message. Tunnelling systemsThere are a number of network protocols which create secure encrypted tunnels between two endpoints, IPsec, SSL and SSH. Details vary, but in principle they all work the same way:
This requires that both players have a good random number generator for the Diffie-Hellman protocol. Some variants also require a secure method of expanding a relatively small shared secret into a larger set of shared keys. Key sizesRFC 3766 has guidance on choosing appropriate key sizes for the public key algorithms in hybrid systems, to match the strength of other algorithms. |