The private key is used to both encrypt and decrypt the data. This key is shared between the sender and receiver of the encrypted sensitive information. The private key is also called symmetric, being common for both parties. Private key cryptography is faster than public-key cryptography mechanisms.
The public key is used to encrypt, and a private key is used to decrypt the data. The private key is shared between the sender and receiver of the encrypted sensitive information. The public key is also called asymmetric cryptography.
Hi Kyuande!
This is a great question… knowing the difference between a private and a public key is beneficial. A private key aka secret key is used for encryption and decryption. It is a symmetric key because the only key is to copy or share by another party to decrypt the cipher text. Private keys are a lot faster than a public key. Additionally, the sender and receiver needs to share the same key.
A public key are two keys being used for encryption and another key is used for decryption.. The public key is used to encrypt the plain text to convert it into cipher text and the private key is used by the receiver to decrypt the cipher text to read the message. A public key is known as asymmetrical because there are 2 types of keys as described above.
I think that the main drawback of stronger encryption methods is the time variable; the more secure a system is in almost every case, the less usable it is in general. In a similar fashion, the stronger the encryption method / the longer the key length is, the longer it will take to encrypt and decrypt the message, making a more time-dependent encryption sequence. Some major exploits have been able to capture and record data during the encryption / decryption process, so it is always something to consider.
Ultimately, it’s a trade off between confidentiality/integrity and availability. Cryptography will increase the confidentiality and integrity of the data, but will reduce the availability of it. Users accessing the encrypted data may need to take additional steps such as elevating privilege before being able to read the encrypted data.
Depending on the type of encryption, there’s also the risk of a man in the middle attack.
IPsec standards provide more security than SSL/TLS, but are also more expensive to implement. In what cases might a company decide to choose SSL/TLS protection over IPsec?
Im curious if anyone has any examples of utilizing cryptography in their day-to-day. I have been trying to think of examples in my own line of work. Top of my head, my firm really pushes communicating using encrypted out-of-band platforms but I personally do not work directly with cryptography and would be curious if any of my classmates do.
I don’t personally work with cryptography, but I do receive a lot of encrypted emails. By encrypting these emails, we’re trading availability for confidentiality and integrity.
Opening these encrypted emails will typically take me to an online login portal. Yet ironically, this website portal is blocked by my company. Meaning I have to request the sender to provide these emails a different way… and that means they’re typically sent in plaintext. Or they’ll send a locked file and call me with the password, which is time consuming and prone to error..
My takeaway from this is that it’s important to make sure your encryption techniques are implemented in a way that they won’t inadvertently be blocked by the recipients’ email and web filters.
Is it likely that the debate over security vs privacy will actually lead to widescale reduced usage of applications / software, etc which enforce strict data privacy and usage policies so that they can sell it recklessly to profit over the average user?
Hey Madalyn, this is an interesting comparison, as both documents are issued by a trusted entity in order to verify the true identity of someone or something. One major difference is that driver licenses are typically only issued by one entity, the state government, whereas digital certificates can be issued by a number of root certificate providers. Certificate providers also need their own digital certificate, which can lead to interesting situations such as the time Google’s certificate was spoofed possibly by the Iranian government. https://www.computerworld.com/article/2510951/hackers-spied-on-300-000-iranians-using-fake-google-certificate.html
Hi Madalyn,
I like your question due to the fact that digital certificate and driver license have following similarities. Digital certificate and drivers’ licenses both are used for the identification of the owner. • Digital certificates ensure the identity of owner of the document and driving license ensure the identity of person
When organizations adopt the concept of functionality, automatic and manual assessments, will all security controls and privacy controls that constitute a security or privacy function be considered?
Hello Victoria,
There are multiple things that could cause an error on the SSL/TSL certificate. However, the couple of things that could cause and error on SSL/TSL Certificate are if the time and date is not set properly on the clients system or if the server is not supporting that service.
The probable question that I would share and discuss with my classmates is stated below:
How good are we at building privacy and ethics in using the data? And this question will be discussed thoroughly with all my classmates.
Would it be possible for an attacker to hijack or receive a duplicate of an SSL/TLS certificate for a website/organization, since (to my understanding) these certificates are provided by third parties? Isn’t the certificate only as reputable as the third party issuing it?
I have always wondered and would like to ask if there is any other control for ensuring access controls are more effective than encryption. Years of research point to encryption as the most secure means of access management for data at rest and in transit; however, I would like to know if there are better controls. Secondly, if not encryption, what is another alternative?
Kyuande Johnson says
What is the difference between a private key and a public key?
zijian ou says
The private key is used to both encrypt and decrypt the data. This key is shared between the sender and receiver of the encrypted sensitive information. The private key is also called symmetric, being common for both parties. Private key cryptography is faster than public-key cryptography mechanisms.
The public key is used to encrypt, and a private key is used to decrypt the data. The private key is shared between the sender and receiver of the encrypted sensitive information. The public key is also called asymmetric cryptography.
Victoria Zak says
Hi Kyuande!
This is a great question… knowing the difference between a private and a public key is beneficial. A private key aka secret key is used for encryption and decryption. It is a symmetric key because the only key is to copy or share by another party to decrypt the cipher text. Private keys are a lot faster than a public key. Additionally, the sender and receiver needs to share the same key.
A public key are two keys being used for encryption and another key is used for decryption.. The public key is used to encrypt the plain text to convert it into cipher text and the private key is used by the receiver to decrypt the cipher text to read the message. A public key is known as asymmetrical because there are 2 types of keys as described above.
Andrew Nguyen says
One question that I would like to discuss with my classmates would be about the cryptography in general. What are the downsides of using cryptography?
Antonio Cozza says
I think that the main drawback of stronger encryption methods is the time variable; the more secure a system is in almost every case, the less usable it is in general. In a similar fashion, the stronger the encryption method / the longer the key length is, the longer it will take to encrypt and decrypt the message, making a more time-dependent encryption sequence. Some major exploits have been able to capture and record data during the encryption / decryption process, so it is always something to consider.
Madalyn Stiverson says
Ultimately, it’s a trade off between confidentiality/integrity and availability. Cryptography will increase the confidentiality and integrity of the data, but will reduce the availability of it. Users accessing the encrypted data may need to take additional steps such as elevating privilege before being able to read the encrypted data.
Depending on the type of encryption, there’s also the risk of a man in the middle attack.
Patrick Jurgelewicz says
IPsec standards provide more security than SSL/TLS, but are also more expensive to implement. In what cases might a company decide to choose SSL/TLS protection over IPsec?
Kelly Sharadin says
Im curious if anyone has any examples of utilizing cryptography in their day-to-day. I have been trying to think of examples in my own line of work. Top of my head, my firm really pushes communicating using encrypted out-of-band platforms but I personally do not work directly with cryptography and would be curious if any of my classmates do.
Madalyn Stiverson says
I don’t personally work with cryptography, but I do receive a lot of encrypted emails. By encrypting these emails, we’re trading availability for confidentiality and integrity.
Opening these encrypted emails will typically take me to an online login portal. Yet ironically, this website portal is blocked by my company. Meaning I have to request the sender to provide these emails a different way… and that means they’re typically sent in plaintext. Or they’ll send a locked file and call me with the password, which is time consuming and prone to error..
My takeaway from this is that it’s important to make sure your encryption techniques are implemented in a way that they won’t inadvertently be blocked by the recipients’ email and web filters.
Dhaval Patel says
What does the process of enabling SSL/TLS look like in a Linux environment?
zijian ou says
How public key encryption can securely provide symmetric session keys?
Antonio Cozza says
Is it likely that the debate over security vs privacy will actually lead to widescale reduced usage of applications / software, etc which enforce strict data privacy and usage policies so that they can sell it recklessly to profit over the average user?
Madalyn Stiverson says
What are the similarities and differences between digital certificates and drivers’ licenses?
Patrick Jurgelewicz says
Hey Madalyn, this is an interesting comparison, as both documents are issued by a trusted entity in order to verify the true identity of someone or something. One major difference is that driver licenses are typically only issued by one entity, the state government, whereas digital certificates can be issued by a number of root certificate providers. Certificate providers also need their own digital certificate, which can lead to interesting situations such as the time Google’s certificate was spoofed possibly by the Iranian government.
https://www.computerworld.com/article/2510951/hackers-spied-on-300-000-iranians-using-fake-google-certificate.html
kofi bonsu says
Hi Madalyn,
I like your question due to the fact that digital certificate and driver license have following similarities. Digital certificate and drivers’ licenses both are used for the identification of the owner. • Digital certificates ensure the identity of owner of the document and driving license ensure the identity of person
Dan Xu says
When organizations adopt the concept of functionality, automatic and manual assessments, will all security controls and privacy controls that constitute a security or privacy function be considered?
Vraj Patel says
What is the difference between the NIST 800-53Ar4 and the NIST 800-53B?
Victoria Zak says
What could create an error on a SSL/TSL Certificate?
Vraj Patel says
Hello Victoria,
There are multiple things that could cause an error on the SSL/TSL certificate. However, the couple of things that could cause and error on SSL/TSL Certificate are if the time and date is not set properly on the clients system or if the server is not supporting that service.
kofi bonsu says
The probable question that I would share and discuss with my classmates is stated below:
How good are we at building privacy and ethics in using the data? And this question will be discussed thoroughly with all my classmates.
Michael Jordan says
Would it be possible for an attacker to hijack or receive a duplicate of an SSL/TLS certificate for a website/organization, since (to my understanding) these certificates are provided by third parties? Isn’t the certificate only as reputable as the third party issuing it?
Olayinka Lucas says
I have always wondered and would like to ask if there is any other control for ensuring access controls are more effective than encryption. Years of research point to encryption as the most secure means of access management for data at rest and in transit; however, I would like to know if there are better controls. Secondly, if not encryption, what is another alternative?
Lauren Deinhardt says
My question is how would you audit a healthcare organizational system, versus a chain restaurant?
Bernard Antwi says
What are essential ingredients of the public key directory?