IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Personnel Remarks
____________________________________________________________________ .........................................
Symmetric and asymmetric encryption algorithms have advantages and
disadvantages which in some cases complement each other.
Advantages of (good) symmetric algorithms:
- They are fast, i.e. they have a high data throughput.
- The level of security is largely determined by the length of the key, i.e.
with good symmetric procedures there should be no attacks which are
considerably better than trying out all keys (brute-force attacks).
- They offer a high level of security with a relatively short key.
- It is easy to generate keys, because usually any bit sequence of a fixed
length is allowed as the key and a random number can be chosen as the
key.
Disadvantages of symmetric algorithms:
- All users have to keep all keys belonging to their communication partners
secret.
- They are less well suited to key distribution than asymmetric procedures,
especially if there are a large number of communication partners.
- They are less practicable than asymmetric procedures for non-repudiation
purposes, because when symmetric keys are used it is not easy to detect
which of the two communication partners has encrypted the message. This
can only be ensured by an intermediate third party, which is integrated into
the message flow by means of corresponding cryptographic protocols.
Advantages of (good) asymmetric procedures:
- Every party in a confidential communication process only has to keep his
own private key secret.
- They can easily be used for digital signatures.
- They offer elegant solutions for the distribution of keys in networks,
because the public keys or key certificates can be stored in freely
accessible form on central servers without imparing the security of the
procedure.
- They are well suited for non-repudiation purposes.
Disadvantages of asymmetric procedures:
- They are slow, i.e. they generally have a low data throughput.
- Security: the following applies to all well-known public key procedures:
- There are considerably better attacks than trying all keys one after
the other, which is why (in comparison with symmetric methods)
relatively long keys are required in order to achieve an equally high
degree of security.
- Security is based "only" on the presumed (but recognised among the
experts) algorithmic difficulty of a mathematical problem (for
example decomposing a large number into its prime factors).
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000