The primary mechanism used by SSL/TLS is asymmetric encryption with cipher suites.
Symmetric Encryption
- Same key used for encrypting and decrypting data
| Advantages | Disadvantages |
|---|---|
| fast, low resource usage | Same key used for encryption/decryption |
| Simple operation | Key must be distributed using an already established, secure channel |
| Secure | Different key for different parties – difficult key management/distribution |
| Cannot authenticate users |
Asymmetric Encryption
or Public Key Cryptography, uses key pairs:
- a public key
- a private key.
| Advantages | Disadvantages |
|---|---|
| Key distribution is easy | Slower than symmetric encryption |
| Authenticity | Needs more resources |
| Integrity | |
| Security |
Message Authentication Code (MAC)
- Also called a checksum, cryptographic checksum, or protected checksum.
- Method used to check authenticity and integrity of a message
- 2 input parameters:
- a secret key
- a message of arbitrary length
- The result is called a tag
- If the MAC tag of the sender and the calculated MAC tag of the recipient match, nobody tampered with the message.
Hash-Based Message Authentication Code (HMAC)
HMAC is a type of MAC that uses a hash function. Eg. of HMAC that uses the SHA256 hash algorithm.
HMAC_SHA256("s3cr3tk3y","Hello World") = 2d9615ee921dab63c7c4c839842703fe338db46fdf17593a681bcee2c52721de
Ciphers
- methods/algorithms used to encrypt and decrypt data
- provided as packages: Cipher Suites
