nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

Symmetric and Asymmetric Encryption

veritas_libertas

Hello everyone,

As you know I am gearing up to take the Security+ very soon. I am trying to learn about encryption (emphasis on trying.) Does this some things up well?

Symmetric uses the following: AES, DES, 3DES, Blowfish, IDEA, and the Rivest Ciphers

Asymmetric uses the following: RSA, Diffie-Hellman, El Gamal, and elliptic curve

Find more posts tagged with

SAVE $250 on Your CompTIA Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View CompTIA Boot Camps

Comments

dynamik

SHA and MD are hashing algorithms, not encryption algorithms.

veritas_libertas

dynamik wrote: »

SHA and MD are hashing algorithms, not encryption algorithms.

Thanks Dynamik, I was tired while reading and typing... Asleep at the wheel.

I skipped a line while reading the ExamCram2 book.

I am correcting my first post if you could look at it.

Zartanasaurus

You're also going to want to know the difference between the two (I'm sure you know) and how they work. Confidentiality is provided by encrypting with the public key, but authenticity (digital signature) is provided by encrypting with the sender's private key.

Zartanasaurus

My notes also say to know what a hash collision is.

veritas_libertas

Zartanasaurus wrote: »

My notes also say to know what a hash collision is.

I had never heard of a hash collision before. Thanks.

Hash table - Wikipedia, the free encyclopedia

abefroman

veritas_libertas wrote: »

I had never heard of a hash collision before. Thanks.

Hash table - Wikipedia, the free encyclopedia

You can practice with GPG asymmetric encryption here:
FreeGPG.org

I created freegpg.org in my current study for the Security+

dynamik

Looks better. Be sure you understand that DH is used for key exchange, and the end result is symmetric encryption. That might trip you up if you're not familiar with it. That's used for things like IPSec.

And yes, collisions occur when different input produces the same hashes. This is more common for MD5 than SHA1 because of the smaller size. It's not impossible for it to occur with SHA1 though, and you typically see both listed because the odds are even smaller that they will both produce collisions simultaneously.

Darril

Great thread on cryptography.

Just to add a few things....

Understanding the basics (like the security triad CIA) is important. Confidentiality (the C in the CIA security triaty) is enforced with encryption with cryptogrpahy.

I posted this blog a while ago on ecnryption basics that may be useful:
http://sy0201.blogspot.com/2009/10/encryption-basics-for-security.html

On symmetric, I don't see AES in your list. This is a big one. It's the current standard and is being used quite a bit today. It's strong and efficient and would be used instead of AES and DES.

You should also understand that symmetric uses only one key for both encryption and decryption, and that asymmetric uses two keys (public and private key matched key pairs where data encrypted by one key can be decrypted by the matching key).

I don't see SSL on the list but it is also important. It uses both symmetric and assymmetric. This blog entry talks about the SSL process and may help to understand the difference between asymmetric and symmetric.

Security Plus: Get Certified Get Ahead: SSL, OCSP vs CRL

Digital Signatures provide integrity, authentication, and non-repudication and depend on asymmetric encryption. I just posted this blog entry that talks about that process that you may find useful.
Security Plus: Get Certified Get Ahead: Digital Signatures

Collisions are associated with hashing - used for integrity (the I in CIA). That might be a great source for another thread.

Darril Gibson
Author: CompTIA Security+: Get Certified Get Ahead
www.sy0-201.com

Security+ Blog
Security Plus: Get Certified Get Ahead

Security+ Tip of day Tweets
twitter.com/DarrilGibson

veritas_libertas

Thanks everyone. I think I am at last beginning to understand encryption.

veritas_libertas

abefroman wrote: »

You can practice with GPG asymmetric encryption here:
FreeGPG.org

I created freegpg.org in my current study for the Security+

I actually use The GNU Privacy Guard - GnuPG.org

abefroman

veritas_libertas wrote: »

I actually use The GNU Privacy Guard - GnuPG.org

freegpg.org used the gnu binary via a php shell_exec, do you do your encrypt from the Linux command line?

What is your public key?

Mine is:

BEGIN PGP PUBLIC KEY BLOCK

Version: GnuPG v1.4.5 (GNU/Linux)

mQGiBErgkdgRBACBPltJFeAkhONundeuR/eAF3SqtwkPHWCq44m/NBgvKII10PDC
Xv7JSCzX3m2gUxtUdGuvEUo7e2iRrs1JWW7cT4FNXO64w+pUpqHzGQOKwz3a58cK
w5+FVQYMw7rEjLNF2xem4F2lAV7wyoHuNcdnYHRhjiDfg+r1F8MIi489bwCghWrk
fydSQRD6YibRec6WoR/khVsD/iY0RifqhLd17fiND1UWs+6EOawmFh1YRRd0zP26
eeJLCxhGuyHEumRuJcvC6J05WA2rwWpMz0TCt5xnyHxs70/5SnP1iVjs0HE6dphD
J0Ff2P7HbjZtxGegAnZI32Eoi6/TZiXKK9BYhJE1XjSWy6Wa0K7sUEp2abpOdJee
GXiSA/9/RXTikIeT04MuCGXHzCAoBg+bskGKnCwXKNGpGOEC4bUGWyzVF7h1uSTJ
BTpKtPewfYb4PiESGIFJ8xSwsHozQlMq3+OCupaE56IWLpVyINsSnaMhyGDZQz+x
D3RE15gDcJAmY8LrFLaJHfpp3Ky+atoRdeKMx2PmJKYsW7YFP7QdR1BHIENyeXB0
IDxuaWNrZ0BjaGlob3N0LmNvbT6IYAQTEQIAIAUCSuCR2AIbIwYLCQgHAwIEFQII
AwQWAgMBAh4BAheAAAoJEBSzhOleAfIU3/QAnRxaCbp/bbF9F0IdMfm+9QV33jwG
AJ4yQWXWeZAZAJ1pCLPvB8eY8S1RpLkBDQRK4JHYEAQAhrv4m2mqwd6JNp/DgpSN
dOjxAJoOKhcGpHQ9cZpskmLnpD0IlHEdU1PsUpAdRmnTNEOxexc73etT2SbgedNG
b/bVR+Qtnvd7WkTwXBHMQz3q6efsTgGXI/+KYl1lq2Qp2KUo8Wk9+LXlCAnWQJsG
vCMSYFPlFzIyp7RDazm51BcAAwUD+gMKegLfpTc1wUGkSLuGD02CqYgTdYFAsxP4
n7QYSw5eaSj/cIv1fIGQYtQZAkLqqPi7si+Krqi0lt3EupWo6DSHUtb+Tfw1pNs8
ICQj6bn9jiLlXo84r86G5qQEIuN30FzMiFQTJoiEBvcz3Yi8RedyfGMZVCitk109
oTaLwDGOiEkEGBECAAkFAkrgkdgCGwwACgkQFLOE6V4B8hRLEwCbBoWbvYGVwBGp
j8o1nUerpwg8NKYAnRbGG4GdXtH4JKC2nte0q3P+JAEs
=aoPQ

END PGP PUBLIC KEY BLOCK