Will I obtain better (more secure) routines using RSA over AES?

Dev Shed Forums Sponsor:

April 27th, 2011, 07:12 AM

ITemplate

Registered User

Join Date: Apr 2011

Posts: 3

Time spent in forums: 1 h 3 m 54 sec
Reputation Power: 0

Will I obtain better (more secure) routines using RSA over AES?

Hi,

I need to encrypt some data files on a laptop. The goal is that these files are inaccessible if the laptop is stolen. So in other words I don't need the signature or public key functionality that asymmetric encryption offers. The encryption and decryption is done when the user inserts a USB key that contains the key file.

Given my scenario, which is the most secure encryption: Using symmetric AES with a 256 bit key or using some RSA solution with a 256 bit block cipher and 4096 bit for that key?

Surely the RSA would be better but I have seen undocumented statements that indicates that IRL - if you don't need to send data over the wire - it really doesn't matter which is used. Do you agree?

--
Werner

April 27th, 2011, 07:34 AM

E-Oreo

Lost in code

Join Date: Dec 2004

Posts: 7,931

Folding Points: 945 Folding Title: Novice Folder

Time spent in forums: 2 Months 7 h 48 m 54 sec
Reputation Power: 7053

RSA is rarely used to directly encrypt data because it is not able to encrypt a large payload. When you use RSA, it is almost always used to encrypt an AES (or other symmetric cipher) key, which is then used to directly encrypt the data using AES (or the other symmetric cipher).

If you're going to store the key on a USB drive and don't need the signature or public key functionality of RSA then I really don't see any point in using RSA in this scenario. Your actual data is going to end up being 256-bit AES encrypted either way.

__________________
PHP FAQ
How to program a basic, secure login system using PHP

Quote:

Originally Posted by Spad

Ah USB, the only rectangular connector where you have to make 3 attempts before you get it the right way around

April 27th, 2011, 07:41 AM

ITemplate

Registered User

Join Date: Apr 2011

Posts: 3

Time spent in forums: 1 h 3 m 54 sec
Reputation Power: 0

Quote:

Originally Posted by E-Oreo

Thanks for answering. Yes it's true that the data is encrypted with AES but that encryption is bullet proof as long as the key isn't broken as I understand it. And if I use a 4096 bit RSA encryption on, say, a 256 bit AES key - well then surely it would be a LOT harder to break than just attacking the 256 bit of the AES?

--
Werner

April 27th, 2011, 10:58 PM

E-Oreo

Lost in code

Join Date: Dec 2004

Posts: 7,931

Time spent in forums: 2 Months 7 h 48 m 54 sec
Reputation Power: 7053

Quote:

And if I use a 4096 bit RSA encryption on, say, a 256 bit AES key - well then surely it would be a LOT harder to break than just attacking the 256 bit of the AES?

No, because the data is still only encrypted with 256 bit AES either way. Assuming both keys are random, it's just as easy to attack one 256 bit AES key as it is to attack another 256 bit AES key.

RSA encrypting the key only affects the key; it has no effect on the strength of the encryption on the data. Encrypting the key with RSA is only useful if you're going to be transmitting the key through a public channel. Based on your description, it doesn't sound like you're doing that at all.

April 28th, 2011, 01:27 AM

ITemplate

Registered User

Join Date: Apr 2011

Posts: 3

Time spent in forums: 1 h 3 m 54 sec
Reputation Power: 0

Quote:

Originally Posted by E-Oreo

Yes I see your point, it just breaks with what I thought until now

. I'll have to read up on the matter. Thanks for the clarification.

--
Werner

Will I obtain better (more secure) routines using RSA over AES?

Developer Shed Advertisers and Affiliates