Password Attacks & Cryptography · beginner · ~12 min

Symmetric and asymmetric encryption

Distinguish symmetric from asymmetric crypto and where each is used.

Overview

Symmetric encryption uses one shared key (fast, bulk data — AES, prefer GCM, avoid ECB); asymmetric uses a public/private key pair (solves key distribution, enables signatures — RSA/ECC, slower). Real systems are hybrid: asymmetric to exchange a key, symmetric for data.

Why it matters

Knowing which scheme provides what (confidentiality, key exchange, authenticity) is essential to spot misuse — ECB mode, unauthenticated encryption, or using the wrong tool — and to understand TLS, signatures, and JWTs.

Core concepts

Symmetric. Shared key, fast; AES-GCM (authenticated), never ECB. Asymmetric. Public/private pair; encrypt-to-public, sign-with-private; RSA/ECC. Key distribution. The problem asymmetric solves. Hybrid. Asymmetric exchanges a symmetric key (TLS).

Lesson

Encryption (unlike hashing) is reversible with a key — it provides confidentiality.

Symmetric encryption

One shared secret key encrypts and decrypts. Fast; used for bulk data.

  • AES is the standard. Use an authenticated mode like AES-GCM (confidentiality and integrity). Avoid ECB mode — it leaks patterns (identical plaintext blocks → identical ciphertext blocks; the famous "ECB penguin").
  • The challenge is key distribution: how do two parties share the secret safely?

Asymmetric (public-key) encryption

A key pair: a public key (shareable) and a private key (secret). What one encrypts, only the other reverses.

  • Encrypt to someone: use their public key; only their private key decrypts. Solves key distribution.
  • Sign: encrypt a hash with your private key; anyone verifies with your public key → authenticity + integrity (digital signatures).
  • RSA and elliptic-curve (ECC) are the common families. Slower, so used to exchange a symmetric key, not bulk data.

The hybrid reality (TLS)

Real systems combine them: asymmetric crypto to authenticate and exchange a key, then fast symmetric crypto for the actual data. That's exactly how TLS works (next lesson).

Summary

Symmetric crypto (shared key, fast) handles bulk data with authenticated modes like AES-GCM; asymmetric crypto (key pairs) solves key distribution and enables signatures. Practical systems combine them — the basis of TLS.