[Cryptography] Why prefer symmetric crypto over public key crypto?

Ray Dillinger bear at sonic.net
Sat Sep 7 16:01:53 EDT 2013

On 09/06/2013 06:13 AM, Jaap-Henk Hoepman wrote:
> In this oped in the Guardian
> http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance
> Bruce Schneier writes: "Prefer symmetric cryptography over public-key cryptography." The only reason I can think of is that for public key crypto you typically use an American (and thus subverted) CA to get the recipients public key.
> What other reasons could there be for this advice?

I think we can no longer rule out the possibility that some attacker
somewhere (it's easy to point a finger at the NSA but it could be
just as likely pointed at GCHQ or the IDF or Interpol) may have
secretly developed a functional quantum computer with a qbus wide
enough to handle key sizes in actual use.

And IIRC, pretty much every asymmetric ciphersuite (including all public-
key crypto) is vulnerable to some transformation of Shor's algorithm that
is in fact practical to implement on such a machine.


More information about the cryptography mailing list