Triple-DES and AES are symmetric encryption algorithms currently considered secure (as of this blog posting) while DES, RC2, and RC4 are examples of algorithms whose time has past. RSA, Elliptic Curve, and ElGamal are asymmetric approaches. ElGamal is often used in PGP. When I get a public key from a party asking me to send them information, how do I know the key does not come from someone sinister pretending to be the person I really want to talk to? Ways to manage public keys in asymmetric implementations include:
- public key infrastructure (most common, third party certificate authorities, godaddy.com and the like, verify the identities of parties advertising public keys)
- identity-based encryption (a user's email address or something similar is used as a public key, not too secure)
- web of trust (PGP approach, users verify the identity of other users and vouch for them)
No comments:
Post a Comment