[Cryptography] Why prefer symmetric crypto over public key crypto?

Jon Callas jon at callas.org
Sat Sep 7 02:50:26 EDT 2013

Hash: SHA1

On Sep 6, 2013, at 11:05 PM, Jaap-Henk Hoepman <jhh at cs.ru.nl> wrote:

>> Public-key cryptography is less well-understood than symmetric-key cryptography. It is also tetchier than symmetric-key crypto, and if you pay attention to us talking about issues with nonces, counters, IVs, chaining modes, and all that, you see that saying that it's tetchier than that is a warning indeed.
> You have the same issues with nonces, counters, etc. with symmetric crypto so I don't see how that makes it preferable over public key crypto.

Point taken.

Bruce made a quip, and I offered an explanation about why that quip might make sense. 

I have also, in debate with Jerry, opined that public-key cryptography is a powerful thing that can't be replaced with symmetric-key cryptography. That's something that I firmly believe. At its most fundamental, public-key crypto allows one to encrypt something to someone whom one does not have a prior security relationship with. That is powerful beyond words.

If you want to be an investigative reporter and want to say, "If you need to talk to me privately, use K" -- you can't do it with symmetric crypto; you have to use public-key. If you are a software developer and want to say say, "If you find a bug in my system and want to tell me, use K" -- you can't do it with symmetric crypto.

Heck, if you want to leave someone a voicemail securely you've never talked to, you need public key crypto.

That doesn't make Bruce's quip wrong, it just makes it part of the whole story.


Version: PGP Universal 3.2.0 (Build 1672)
Charset: us-ascii


More information about the cryptography mailing list