Which is more secure? RSA, Diffie-Hellmann/DSS

Posted on 2008-10-23
Last Modified: 2012-05-05
I want to know the plus and minus points of:

RSA Keys and,
Diffie-Hellmann/DSS Keys.

Which is recommended and more secure?
Question by:rpkhare
  • 4
  • 3

Expert Comment

ID: 22790805
what is the purpose these algorithms...

Diffie Hellman is not used for identification or authentication, only key exchanges. It is a Symmetric key encryption. Meaning you would only use DH or RSA to provide the keying for other symmetric key algorithms (AES, 3DES)...

RSA is not as secure as DH, but they comparable...

what is the purpose of this encryption?


Author Comment

ID: 22791232
These algorithms are used in Public Key Cryptography, I know this much. I have been using them since a long time. I just wanted to know which is more secure. As you said RSA is weak, please let me know why?

Accepted Solution

sullivanr6 earned 125 total points
ID: 22791329
I said not as strong. not weak. Both are suitable choices, you could in fact have chosen to use a hash such as message digest or SHA...

I can't answer your question in complete honesty as to why one algorithm is weaker than the other, I am not a mathematician. Computational factoring is not my day job :)

...never knew RSA was developed at MIT, I just got a little bit of respect of RSA, this is a good read, although a bit abstract. hope it helps...

Diffie-Hellman: The basis for the technique is the difficulty of calculating logs in modular arithmetic. Say A and B wish to establish a key. A sends B the number g, the modulus m and the number h1 = g^e1 mod(m), where e1 is a large number (<m). B then sends back to A the number h2 = g^e2 mod(m). They each then use the number k = g^(e1*e2)= h1^e2=h2^e1 mod(m) as the private key. Any enemy must be able to calculate either e1 from g,m,h1 or e2 from g,m,h2. This is believed to be very very hard for large enough values of g,m.
DH can also be used in a public key crypto system. To use it in this way, the recipient publishes g,m, h1 and the sender chooses a random exponent e2 and sends h2 along with the message encrypted using the private key crypto system and the key k. This system does not have the feature that one can easily sign messages, as with RSA. It has the political advantage that the patent expires in 1997. It also depends for its security on both recipient and sender choosing exponents e1 and e2 in a strong way.

RSA is a cypher based on the concept of a trapdoor function. This is a function which is easily calculated, but whose inverse is extremely difficult to calculate. In the RSA case, this function is factoring. Take two prime numbers, p and q, (ie numbers which cannot be divided evenly by any other number), and multiply them together to get their product N. This is very easily done. However, if we only know N, then it is extremely difficult to determine what the factors p and q are if N is sufficienlty large. Typically in crypography, N takes a value of greater than 500 bits (150 digits). The message is written as a series of numbers each of which is smaller than N but has approximately the same length as N. Each of these message numbers M are then multiplied by themselves e times. (In PGP ,e is often taken to have the value 17). Then the result of that set of multiplications is divided by N, and only the remainder of that division is kept and is the encrypted message. To decrypt the message, the recipient uses another specially chosen number d, which is typically a very large number (of the order of half the length of N). This number is chosen so that if we now multiply the encrypted message with itself d times, divide by N, and keep only the remainder, then we get the original message back. The only way known to find d is to know p and q. e and N are the public key, which is published, while d is the private key, which must be kept secret. e and d are symmetric in that using either as the encryption key, the other can be used as the decryption key. This is what makes signing possible. RSA is patented in the USA by MIT
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.


Author Comment

ID: 22791416
I have heard of Diffie-Hellman of a max 2048 bits, whereas RSA is available for 4096 bits.

Expert Comment

ID: 22791471
...Diffie Hellman is a stronger, thus why PGP uses it. One other interesting note, I guess RSA was patented by MIT, but give exclusive rights to "RSA Security" which screwed a lot of people.

However there patent expired in 2000, and PGP still chooses to use DH.

Author Comment

ID: 22791591
RSA labs is now owned by EMC. Are there any future developments going on Diffie-Hellman technology?

Author Closing Comment

ID: 31509405

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our b…
Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now