Symmetric-Key Encryption

Symmetric-Key encryption (also some times called bulk encryption) is what most people think of as a secret code. The essence of a symmetric-key system is that both parties must know a shared secret. The sending party performs some predefined manipulation of the data, using the shared secret as a key. The result is a scrambled message which can only be interpreted by reversing the encryption process, using the same secret key. A good example of a symmetric-key encryption mechanism was the Enigma system used in World War II. In that case the manipulation was performed by an electro-mechanical machine and the key was a series of patch panel connections. The key was changed at regular intervals, so there was a fresh challenge for the code breakers every few weeks.

Using modern computer systems, symmetric-key encryption is very fast and secure. Its effectiveness is governed by two main factors:

- The size of the key. All symmetric-key algorithms can be cracked, but the difficulty of doing so rises exponentially as the key size increases. With modern computers there is no problem in encrypting with keys which are large enough to be impossible to economically crack. However, the U.S. Government imposes restrictions on the export of cryptographic code. You need to ask for a licence from the National Security Agency (NSA) to export any symmetric-key cryptographic product. The NSA will oly grant export licences for general use if the cipher is weaker than an NSA-defined, arbitrary, strength. In the case of the Rc2 and RC4 ciphers this means using a key size of 40 bits. There have been recent demonstrations to show that encryption crippled in this way can be broken with a relatively small investment of equipment and time (you can read the details of one of this demonstrations at http://www.brute.cl.cam.ac.uk/brute/hal2.html).

- The security with which the key is disseminated and stored. Since both partners in a symmetric-key system must know the secret key, there has to be some way for it to be transmitted from one to the other. It is therefore vital to protect the key transmission and also to protect the key when it is stored on either of the partner systems.