11

Why do we use RSA encryption for ANY text/communication/data encryption when everybody on internet is writing that AES-256 is much stronger than RSA-2048? If this is true, why do encrypted email services like Protonmail even use RSA encryption for their email communication when it is not as secure as AES-256?

I have read that it is currently impossible to break AES-256 using brute force attacks, but RSA is not such a big problem to break. Why is this method even used in cryptography when it is slower and weaker than a symmetric cipher like AES?

Is the only reason for using RSA is because of its asymmetric geometry (private/public key)?

I know that this question is not easy to answer but I will give one example: If I want send secure and encrypted plaintext of - for example - two full A4 pages of text, is it better to use AES-256 or RSA-2048? What I know much stronger and also faster is using AES, but maybe I am missing something?

Mike Edward Moras
  • 18,161
  • 12
  • 87
  • 240
daniel
  • 391
  • 2
  • 4
  • 13

2 Answers2

23

AES is symmetric encryption. Both sides must have the same secret key. RSA is asymmetric encryption. Each side has a public and private key. You share your public key so that others can encrypt a message such that only you can read it (with your private key)

There are situations where the key exchange for AES isn't reasonable. For those situations, we use asymmetric encryption methods like RSA.

Cort Ammon
  • 3,301
  • 17
  • 22
16

Most likely, you're using both.

1 Generate a random 256-bit AES key.

2 Encrypt it with RSA2048 or 3072 or whatever size of RSA you have.

3 Encrypt your actual plaintext with AES256, using that random key.

The two algorithms do different things; it's a little like asking why we need a hammer when we've got a power screwdriver.

Now, RSA's strength depends on the size of its modulus. You can generate an RSA keypair with a large enough modulus that, as best anyone can estimate, it would take as much work to break that RSA key by factoring as it would to break AES256 by brute force search. Unfortunately, RSA gets very slow as you make the modulus very large.

The other issue with RSA vs AES is that if we ever get big enough quantum computers, RSA will be very efficiently broken by them, whereas AES256 will still be fine. However, that's also true for the other commonly used key agreement/key exchange mechanisms (Diffie-Hellman or ECDH). There is a big effort underway (both at NIST and in the bigger community) to develop and vet post-quantum public-key algorithms.

John Kelsey
  • 219
  • 1
  • 2