Which is more secure? RSA, Diffie-Hellmann/DSS

I want to know the plus and minus points of:

RSA Keys and,
Diffie-Hellmann/DSS Keys.

Which is recommended and more secure?
LVL 8
rpkhareAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

sullivanr6Commented:
what is the purpose these algorithms...

Diffie Hellman is not used for identification or authentication, only key exchanges. It is a Symmetric key encryption. Meaning you would only use DH or RSA to provide the keying for other symmetric key algorithms (AES, 3DES)...

RSA is not as secure as DH, but they comparable...

what is the purpose of this encryption?

J
0
rpkhareAuthor Commented:
These algorithms are used in Public Key Cryptography, I know this much. I have been using them since a long time. I just wanted to know which is more secure. As you said RSA is weak, please let me know why?
0
sullivanr6Commented:
I said not as strong. not weak. Both are suitable choices, you could in fact have chosen to use a hash such as message digest or SHA...

I can't answer your question in complete honesty as to why one algorithm is weaker than the other, I am not a mathematician. Computational factoring is not my day job :)

...never knew RSA was developed at MIT, I just got a little bit of respect of RSA, this is a good read, although a bit abstract. hope it helps...

Diffie-Hellman: The basis for the technique is the difficulty of calculating logs in modular arithmetic. Say A and B wish to establish a key. A sends B the number g, the modulus m and the number h1 = g^e1 mod(m), where e1 is a large number (<m). B then sends back to A the number h2 = g^e2 mod(m). They each then use the number k = g^(e1*e2)= h1^e2=h2^e1 mod(m) as the private key. Any enemy must be able to calculate either e1 from g,m,h1 or e2 from g,m,h2. This is believed to be very very hard for large enough values of g,m.
DH can also be used in a public key crypto system. To use it in this way, the recipient publishes g,m, h1 and the sender chooses a random exponent e2 and sends h2 along with the message encrypted using the private key crypto system and the key k. This system does not have the feature that one can easily sign messages, as with RSA. It has the political advantage that the patent expires in 1997. It also depends for its security on both recipient and sender choosing exponents e1 and e2 in a strong way.


RSA is a cypher based on the concept of a trapdoor function. This is a function which is easily calculated, but whose inverse is extremely difficult to calculate. In the RSA case, this function is factoring. Take two prime numbers, p and q, (ie numbers which cannot be divided evenly by any other number), and multiply them together to get their product N. This is very easily done. However, if we only know N, then it is extremely difficult to determine what the factors p and q are if N is sufficienlty large. Typically in crypography, N takes a value of greater than 500 bits (150 digits). The message is written as a series of numbers each of which is smaller than N but has approximately the same length as N. Each of these message numbers M are then multiplied by themselves e times. (In PGP ,e is often taken to have the value 17). Then the result of that set of multiplications is divided by N, and only the remainder of that division is kept and is the encrypted message. To decrypt the message, the recipient uses another specially chosen number d, which is typically a very large number (of the order of half the length of N). This number is chosen so that if we now multiply the encrypted message with itself d times, divide by N, and keep only the remainder, then we get the original message back. The only way known to find d is to know p and q. e and N are the public key, which is published, while d is the private key, which must be kept secret. e and d are symmetric in that using either as the encryption key, the other can be used as the decryption key. This is what makes signing possible. RSA is patented in the USA by MIT
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Cloud Class® Course: Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

rpkhareAuthor Commented:
I have heard of Diffie-Hellman of a max 2048 bits, whereas RSA is available for 4096 bits.
0
sullivanr6Commented:
...Diffie Hellman is a stronger, thus why PGP uses it. One other interesting note, I guess RSA was patented by MIT, but give exclusive rights to "RSA Security" which screwed a lot of people.

However there patent expired in 2000, and PGP still chooses to use DH.
0
rpkhareAuthor Commented:
RSA labs is now owned by EMC. Are there any future developments going on Diffie-Hellman technology?
0
rpkhareAuthor Commented:
Thanks
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Encryption

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.