4.5.1. Cryptographic Foundations: Symmetric and Asymmetric
💡 First Principle: Symmetric encryption uses the same key to encrypt and decrypt — it is fast and efficient but requires a secure channel to share the key before any encrypted communication can begin. Asymmetric encryption uses a mathematically linked key pair (public and private) — it solves the key distribution problem but is orders of magnitude slower than symmetric. In practice, both are used together: asymmetric to securely exchange a symmetric key, symmetric to encrypt the bulk data.
Symmetric Encryption:
| Algorithm | Key Size | Status | Notes |
|---|---|---|---|
| DES | 56-bit | ❌ Deprecated | Brute-forced in 22 hours (1999); never use |
| 3DES (TDEA) | 112-bit effective | ⚠️ Legacy | Deprecated by NIST 2023; still in some legacy systems; much slower than AES |
| AES-128 | 128-bit | ✅ Approved | NIST standard; sufficient for most commercial use |
| AES-192 | 192-bit | ✅ Approved | Additional margin; FIPS 140-3 approved |
| AES-256 | 256-bit | ✅ Approved | Recommended for highly sensitive data and quantum resistance |
| ChaCha20 | 256-bit | ✅ Modern | TLS 1.3 alternative to AES; hardware-efficient on mobile |
| Blowfish/Twofish | Variable | ⚠️ Niche | Twofish was AES finalist; still used in some applications |
| RC4 | Variable | ❌ Deprecated | Multiple vulnerabilities; prohibited in TLS |
AES modes of operation — the mode determines how AES processes data blocks:
| Mode | Description | Use | Issue |
|---|---|---|---|
| ECB | Each block encrypted independently | ❌ Avoid | Identical plaintext blocks produce identical ciphertext — patterns preserved |
| CBC | Each block XORed with previous ciphertext before encryption | Legacy file encryption | IV must be random; parallelization difficult |
| CTR | Turns block cipher into stream cipher; counter encrypted then XORed with plaintext | High-performance, parallelizable | Counter must never repeat |
| GCM | CTR mode + GHASH authentication | TLS 1.2/1.3, disk encryption | Provides authenticated encryption (confidentiality + integrity) |
GCM is the preferred mode for most modern symmetric encryption because it provides both confidentiality and integrity authentication in a single, efficient operation.
Asymmetric Encryption:
| Algorithm | Key Size | Status | Primary Use |
|---|---|---|---|
| RSA | 2048-bit minimum; 3072+ recommended | ✅ Approved (with adequate key size) | Key exchange, digital signatures, certificate signing |
| DSA | 2048-bit | ✅ Approved | Digital signatures only (not encryption) |
| ECDSA | 256-bit (equivalent to RSA-3072) | ✅ Modern preferred | Digital signatures in TLS certificates, code signing |
| ECDH | 256-bit | ✅ Modern preferred | Key exchange in TLS 1.3; forward secrecy |
| ElGamal | 2048-bit | ⚠️ Legacy | Basis for DSA; key exchange and encryption |
| Diffie-Hellman | 2048-bit minimum | ✅ Approved | Key exchange; DHE/ECDHE provide forward secrecy |
Hybrid encryption — how TLS and most practical systems work:
Forward secrecy — a property of key exchange where compromise of the long-term private key does not allow decryption of past sessions. Achieved through ephemeral key exchange (DHE or ECDHE) where a new key pair is generated for each session and discarded afterward. TLS 1.3 mandates forward secrecy; TLS 1.2 supports but doesn't require it.
⚠️ Exam Trap: RSA-1024 is no longer considered secure and has been deprecated. The current minimum for RSA is 2048 bits; 3072 bits is recommended for longer-term security. An exam question specifying RSA-1024 as a choice should be treated as a deprecated, insecure option — the same way DES is obviously wrong for symmetric encryption.
Reflection Question: A legacy application uses 3DES in CBC mode to encrypt database records. A new system is being designed. Which algorithm and mode should replace it, why is 3DES being retired, and what is CBC mode's specific weakness compared to the recommended replacement?
