What is RSA and AES?
The names of the algorithms sound like they mean something really important, but they're actually very easy to remember.
The acronyms are both an acronym for "Rivest Shamir Adleman" and stand for "RSA" and "Advanced Encryption Standard." These names describe two different encryption algorithms. RSA is an algorithm patented by Richard Schroeppel, Neal H. Friedman, and Bruce Schneier in the mid-1970s that allows people to share data across a network without a message being readable to anyone except those people sharing the data. If you share data with a friend and she has a copy of it, you're sure she can decrypt it, because even if she wanted to decrypt it herself it would take her a long time to do it. And with a copy of the data stored with a bunch of friends in data-sharing communities, you're guaranteed not to lose your data. RSA can also be used as a password or passphrase and is often combined with a salt to secure the data more efficiently. The main disadvantage is that it's computationally expensive for most applications.
AES (Advanced Encryption Standard) is an algorithm invented in 1991 by the National Institute of Standards and Technology. The US Department of Commerce published standards for AES in 1994, and organizations including the NIST and the UK's Government Communications Headquarters have built a large number of AES libraries for Windows, Mac, Linux, mobile phones, and web browsers. However, most people don't know what AES is or how it works. It's very important, so I'll explain it here. AES requires 128 bits (ie, 16 bytes or 1 kilobyte of data) to operate. If the key of any encryption algorithm is too short to provide adequate security, the algorithm will be broken. This is why there's so much talk about the need to use longer keys for strong encryption, and how difficult it is to guess keys of sufficient length to protect messages sent on the Internet.
The way to think of a good AES key is to take three factors: security, and security. Security means that only those who know the key can read it; security means that it's more difficult than someone breaking the key when they do not know it; and security means that it's more difficult than any attacker finding an already known key. The three parts of AES are: "Key size," "Block size," and "IV.
What is the difference between RSA and DES?
DES was originally a Data Encryption Standard.
In 1977, the U. Government adopted an encryption system using the 56-bit DES algorithm, with a key size of 64 bits. When the U. Government switched to RSA, this standard came to be known as the Data Encryption Standard, but the DES key size is still in use.
RSA was invented by Ron Rivest, Adi Shamir, and Leonard Adleman as an efficient means of exchanging keys. The name stands for "Rivest, Shamir and Adelman" but most refer to it as RS(This is a variant of the joke that "the initials 'Ron Rivest' stand for 'Ronald Revere' and 'Stallman.' ") The RSA algorithm allows much stronger public keys. One 256-bit key corresponds to 1,024-bit symmetric encryption keys. (Note that this means you can have an 8,192-bit public key and a 512-bit private key, or 16,384-bit public key and an 896-bit private key.)
DES was standardized as FIPS-197. The DES standard defines 56-bit keys, or 112-bit key material (56 x 4 bytes), but this is rarely used in practice since it does not require all the 56 bits to encrypt, leaving 52 bits to protect against brute-force attacks. The US National Institute for Standards and Technology (NIST) currently specifies 56-bit DES keys.
As for implementation, DES and AES require dedicated hardware. DES relies on special hardware in the CPU to operate while an implementation uses the general purpose registers of the CPU.
In contrast, RSA does not require special hardware. A typical implementation works by splitting the symmetric key into two pieces, one of which is encrypted and the other of which is public. This process is called "encrypting the public key with the private key." Then the result is mathematically related to a plaintext message to compute a ciphertext message.
It is the mathematical relationship between the two messages that makes it safe to use a public key (in addition to the private key). If you know only the encrypted public key, but don't know the private key, you can't use it to decrypt the ciphertext, which is what makes it safe to use public keys in cryptography.
When to use DES?
Why AES instead of RSA?
- Aes instead of RSA - Crypto SE
We recently released the public version of our platform and after some tests it looks that encryption in particular is a real bottleneck for our performance.
It's really important to have our files encrypted by AES, but I wonder if we shouldn't switch to RSA encryption too.
Aes-128: 4,096 KB/s. Rsa-2048: 16,384 KB/s. Aes-256: 18,432 KB/s. And it's also weird to me that when we are encrypting files (1 GB file size) using AES it is faster than when we are using RSSo what should I use? Should we just stick to RSA? Or does AES actually have any advantage here? P. We are storing a lot of small files (1-4 KBs) in S3 so maybe the reason could be different.
I can't answer your performance question. You need to check with the appropriate benchmarking tool.
But I will point out that AES is a stream cipher, and R.A is a block cipher. A block cipher makes lots of different messages, whereas a stream cipher operates one or two at a time. So you can expect RSA to be faster than AES.
You can test with the openssl benchmark tool. I'd probably use RSA in order to simplify the implementation, assuming you know which cipher suites you're going to be using. (You can find an excellent write-up on crypto at wikipedia.org, I learned a lot from it.