#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2011
    Posts
    6
    Rep Power
    0

    Will I obtain better (more secure) routines using RSA over AES?


    Hi,

    I need to encrypt some data files on a laptop. The goal is that these files are inaccessible if the laptop is stolen. So in other words I don't need the signature or public key functionality that asymmetric encryption offers. The encryption and decryption is done when the user inserts a USB key that contains the key file.

    Given my scenario, which is the most secure encryption: Using symmetric AES with a 256 bit key or using some RSA solution with a 256 bit block cipher and 4096 bit for that key?

    Surely the RSA would be better but I have seen undocumented statements that indicates that IRL - if you don't need to send data over the wire - it really doesn't matter which is used. Do you agree?

    --
    Werner
  2. #2
  3. No Profile Picture
    Lost in code
    Devshed Supreme Being (6500+ posts)

    Join Date
    Dec 2004
    Posts
    8,317
    Rep Power
    7170
    RSA is rarely used to directly encrypt data because it is not able to encrypt a large payload. When you use RSA, it is almost always used to encrypt an AES (or other symmetric cipher) key, which is then used to directly encrypt the data using AES (or the other symmetric cipher).

    If you're going to store the key on a USB drive and don't need the signature or public key functionality of RSA then I really don't see any point in using RSA in this scenario. Your actual data is going to end up being 256-bit AES encrypted either way.
    PHP FAQ

    Originally Posted by Spad
    Ah USB, the only rectangular connector where you have to make 3 attempts before you get it the right way around
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2011
    Posts
    6
    Rep Power
    0
    Originally Posted by E-Oreo
    RSA is rarely used to directly encrypt data because it is not able to encrypt a large payload. When you use RSA, it is almost always used to encrypt an AES (or other symmetric cipher) key, which is then used to directly encrypt the data using AES (or the other symmetric cipher).

    If you're going to store the key on a USB drive and don't need the signature or public key functionality of RSA then I really don't see any point in using RSA in this scenario. Your actual data is going to end up being 256-bit AES encrypted either way.
    Thanks for answering. Yes it's true that the data is encrypted with AES but that encryption is bullet proof as long as the key isn't broken as I understand it. And if I use a 4096 bit RSA encryption on, say, a 256 bit AES key - well then surely it would be a LOT harder to break than just attacking the 256 bit of the AES?

    --
    Werner
  6. #4
  7. No Profile Picture
    Lost in code
    Devshed Supreme Being (6500+ posts)

    Join Date
    Dec 2004
    Posts
    8,317
    Rep Power
    7170
    And if I use a 4096 bit RSA encryption on, say, a 256 bit AES key - well then surely it would be a LOT harder to break than just attacking the 256 bit of the AES?
    No, because the data is still only encrypted with 256 bit AES either way. Assuming both keys are random, it's just as easy to attack one 256 bit AES key as it is to attack another 256 bit AES key.

    RSA encrypting the key only affects the key; it has no effect on the strength of the encryption on the data. Encrypting the key with RSA is only useful if you're going to be transmitting the key through a public channel. Based on your description, it doesn't sound like you're doing that at all.
    PHP FAQ

    Originally Posted by Spad
    Ah USB, the only rectangular connector where you have to make 3 attempts before you get it the right way around
  8. #5
  9. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2011
    Posts
    6
    Rep Power
    0
    Originally Posted by E-Oreo
    No, because the data is still only encrypted with 256 bit AES either way. Assuming both keys are random, it's just as easy to attack one 256 bit AES key as it is to attack another 256 bit AES key.

    RSA encrypting the key only affects the key; it has no effect on the strength of the encryption on the data. Encrypting the key with RSA is only useful if you're going to be transmitting the key through a public channel. Based on your description, it doesn't sound like you're doing that at all.
    Yes I see your point, it just breaks with what I thought until now . I'll have to read up on the matter. Thanks for the clarification.

    --
    Werner

IMN logo majestic logo threadwatch logo seochat tools logo