Featured news

__Author's Homepage__- Thursday, 17 April 2003.

__A Practical Guide to Red Hat Linux 8__". An interview with the author is available

__here__.

**Public Key Encryption**

In order to use public key encryption, you must generate two keys: a public key and a private key. You keep the private key for yourself and give the public key to the world. In a similar manner your friends will generate a pair of keys and give you their public keys. Public key encryption is marked by two distinct features.

1. When you encrypt data with someone's public key, only that person's private key can decrypt it.

2. When you encrypt data with your private key, anyone else can decrypt it with your public key.

You may wonder why the second point is useful at all: Why would you want everybody else to be able to decrypt something you just encrypted? The answer lies in the purpose of the encryption. Although encryption changes the original message into unreadable ciphertext, the purpose of this encryption is to provide a digital signature. If the message decrypts properly with your public key, only you could have encrypted it with your private key, proving that the message is authentic. Combining these two modes of operation yields privacy and authenticity. You can sign something with your private key so that it is verified as authentic, and then you can encrypt it with your friend's public key so that only your friend can decrypt it.

Public key encryption has three major shortcomings.

1. Public key encryption algorithms are generally much slower than symmetric key algorithms and usually require a much larger key size and a way to generate large prime numbers to use as components of the key, making them more resource intensive.

2. The private key must be stored securely and its integrity safeguarded. If a person's private key is obtained by another party, that party can encrypt, decrypt, and sign messages impersonating the original owner of the key. If the private key is lost or becomes corrupted, any messages previously encrypted with it are also lost, and a new keypair must be generated.

3. It is difficult to authenticate the origin of a key, that is, to prove who it originally came from. This is known as the key-distribution problem and is the raison d'etre for such companies as

__VeriSign__.

Algorithms such as RSA, Diffie-Hellman, and El-Gamal implement public key encryption methodology. Today a 512-bit key is considered barely adequate for RSA encryption and offers marginal protection; 1,024-bit keys are expected to withhold determined attackers for several more years. Keys that are 2,048 bits long are now becoming commonplace and rated as espionage strength. A mathematical paper published in late 2001 and reexamined in the spring of 2002 describes how a machine can be built-for a very large sum of money-that could break 1,024-bit RSA encryption in seconds to minutes (

__www.counterpane.com/crypto-gram-0203.html#6__). Although the cost of such a machine is beyond the reach of most individuals and smaller corporations, it is well within the reach of large corporations and governments.

**Symmetric Key Encryption**

# Spotlight

## The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014. | Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.

## Why IT security is broken and how math can save it

Posted on 26 August 2014. | Stuart McClure, CEO at Cylance, talks about how the information security industry has evolved when it comes to detecting bad guys, but it's being mostly reactive and not proactive.

## Inside the ISO 27001 Documentation Toolkit

Posted on 25 August 2014. | You work for a small or medium company and you'd like to become compliant, but budget is always an issue. The ISO 27001 Documentation Toolkit is here to help.

## Securing the U.S. electrical grid

Posted on 25 August 2014. | The Center for the Study of the Presidency & Congress (CSPC) launched a project to bring together representatives from the Executive Branch, Congress, and the private sector to discuss how to better secure the U.S. electric grid.

## 8 ways to talk security with executive management

Posted on 25 August 2014. | The importance of information security and technology risk management continues to grow, but many risk and security professionals continue to struggle with non-IT executive communication.

Reading our newsletter every Monday will keep you up-to-date with security news.

Receive a daily digest of the latest security news.