tcp-ip-protocal-stack Public Key Algorithms Continue Web Security Summary Web Security Overview

RSA Public Key Encryption

RSA (Rivest-Shamir-Adelman) is the most commonly used public key algorithm. It was invented in 1977 shortly after Diffie and Hellman had first proposed the idea of public key cryptosystems. RSA can be used both for encryption and for signing, though in this chapter we will consider its use purely for encryption.

RSA is the most important public key algorithm because it is the technology that underlies well known systems such as SSL and PCT, as well as many of the firewall and network security products currently available.

RSA is generally considered to be secure when sufficiently long keys are used (512 bits is insecure, 768 bits is moderately secure, 1024 bits is secure and 2048 bits should remain secure for the foreseeable future). This need for very long keys is common to all public key cryptosystems, unlike pure private key systems they require much large key sizes if they are to remain secure. a 128 bit private key system is more secure than a 1,024 bit public key system - despite the apparent advantage of the large key size for the public key system.

The security of RSA relies on the difficulty of factoring large integers, these large integers are the mathematical relationship between the public and private keys. If a mathematician were to make sudden dramatic advances in techniques for factoring large integers it would immediately make it much easier to break RSA. RSA is very vulnerable to chosen plaintext attacks. There is also a new timing attack that can be used to break many implementations of RSA. The RSA algorithm is believed to be safe when used properly, but one must be very careful when using it to avoid these attacks.

You might ask why we don’t simply dispense with private key algorithms and use public key algorithms for everything. The problem lies in performance, the RSA algorithm is fairly quick for a public key algorithm but nonetheless is anywhere between 1,000 and 10,000 times slower than an typical private key algorithm. Hence it simply isn’t capable of moving data at near network speeds, while a private key algorithm is. So in practise we end up using a combination of public and private key techniques to achieve the secure links we acceptable performance that we require.

Contents ] DNS ] p6spy ] Weblogic Tuning ] Cactus ] The Grinder ] Word to PDF ]

©1994-2006 All text and images copyright: www.abcseo.com; last updated: