Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Which is more secure? RSA, Diffie-Hellmann/DSS

Posted on 2008-10-23
Medium Priority
Last Modified: 2012-05-05
I want to know the plus and minus points of:

RSA Keys and,
Diffie-Hellmann/DSS Keys.

Which is recommended and more secure?
Question by:rpkhare
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3

Expert Comment

ID: 22790805
what is the purpose these algorithms...

Diffie Hellman is not used for identification or authentication, only key exchanges. It is a Symmetric key encryption. Meaning you would only use DH or RSA to provide the keying for other symmetric key algorithms (AES, 3DES)...

RSA is not as secure as DH, but they comparable...

what is the purpose of this encryption?


Author Comment

ID: 22791232
These algorithms are used in Public Key Cryptography, I know this much. I have been using them since a long time. I just wanted to know which is more secure. As you said RSA is weak, please let me know why?

Accepted Solution

sullivanr6 earned 375 total points
ID: 22791329
I said not as strong. not weak. Both are suitable choices, you could in fact have chosen to use a hash such as message digest or SHA...

I can't answer your question in complete honesty as to why one algorithm is weaker than the other, I am not a mathematician. Computational factoring is not my day job :)

...never knew RSA was developed at MIT, I just got a little bit of respect of RSA, this is a good read, although a bit abstract. hope it helps...

Diffie-Hellman: The basis for the technique is the difficulty of calculating logs in modular arithmetic. Say A and B wish to establish a key. A sends B the number g, the modulus m and the number h1 = g^e1 mod(m), where e1 is a large number (<m). B then sends back to A the number h2 = g^e2 mod(m). They each then use the number k = g^(e1*e2)= h1^e2=h2^e1 mod(m) as the private key. Any enemy must be able to calculate either e1 from g,m,h1 or e2 from g,m,h2. This is believed to be very very hard for large enough values of g,m.
DH can also be used in a public key crypto system. To use it in this way, the recipient publishes g,m, h1 and the sender chooses a random exponent e2 and sends h2 along with the message encrypted using the private key crypto system and the key k. This system does not have the feature that one can easily sign messages, as with RSA. It has the political advantage that the patent expires in 1997. It also depends for its security on both recipient and sender choosing exponents e1 and e2 in a strong way.

RSA is a cypher based on the concept of a trapdoor function. This is a function which is easily calculated, but whose inverse is extremely difficult to calculate. In the RSA case, this function is factoring. Take two prime numbers, p and q, (ie numbers which cannot be divided evenly by any other number), and multiply them together to get their product N. This is very easily done. However, if we only know N, then it is extremely difficult to determine what the factors p and q are if N is sufficienlty large. Typically in crypography, N takes a value of greater than 500 bits (150 digits). The message is written as a series of numbers each of which is smaller than N but has approximately the same length as N. Each of these message numbers M are then multiplied by themselves e times. (In PGP ,e is often taken to have the value 17). Then the result of that set of multiplications is divided by N, and only the remainder of that division is kept and is the encrypted message. To decrypt the message, the recipient uses another specially chosen number d, which is typically a very large number (of the order of half the length of N). This number is chosen so that if we now multiply the encrypted message with itself d times, divide by N, and keep only the remainder, then we get the original message back. The only way known to find d is to know p and q. e and N are the public key, which is published, while d is the private key, which must be kept secret. e and d are symmetric in that using either as the encryption key, the other can be used as the decryption key. This is what makes signing possible. RSA is patented in the USA by MIT

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.


Author Comment

ID: 22791416
I have heard of Diffie-Hellman of a max 2048 bits, whereas RSA is available for 4096 bits.

Expert Comment

ID: 22791471
...Diffie Hellman is a stronger, thus why PGP uses it. One other interesting note, I guess RSA was patented by MIT, but give exclusive rights to "RSA Security" which screwed a lot of people.

However there patent expired in 2000, and PGP still chooses to use DH.

Author Comment

ID: 22791591
RSA labs is now owned by EMC. Are there any future developments going on Diffie-Hellman technology?

Author Closing Comment

ID: 31509405

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
Healthcare providers, insurance companies and other covered entities trust eFax Corporate to transmit their most sensitive documents. eFax Corporate can help your organization implement a HIPAA compliant cloud faxing solution.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question