With symmetric key algorithms the same key that is used to encrypt is also the same key that is used to decrypt.

There are two ciphers that the National Institute of Standards and Technologies’ Computer Security Resource Center approve AES and Triple DES(3DES). In trying to encrypt communication there is the challenge of getting the key to the other side without it getting intercepted. The solution to this challenge is a key exchange algorithm . Diffie-Hellman is one type of key exchange algorithm where both side create a common secret key. This the key exchange algorithm used by SSH and does not require a third party.

One of weakness of this method of key exchange is it is vulnerable to a man-in-the-middle attack. Simply put, a man-in-the-middle attack is where the attacker acts as a proxy between the server and client. The server see the attacker as the client and the client see the attacker as the server. The attacker could receive the servers public key to talk to the server and give the client its own public key to receive and decrypt messages from the client.

Another key exchange algorithm is Public Key Infrastructure(PKI). It uses a third party to prevent man-in-the-middle-attacks and asymmetric or public-key encryption .

With asymmetric or public-key encryption, two keys are created. What is encrypted with one key can only be decrypted with the other key .

One of the two keys is designated as the private key and the other is the public key. The private key is kept secret usually on the server and the public key is given to the clients who want to communicate with the server. The client encrypts the message it wants to send with the public key and the server decrypts it with the private key. Since the private key can only decrpyt what the public key encrypted, only the server can decrypt the message since it has the private key. This is analogous to an unlocked box and a key. The public key is the unlocked box and the private key is the key. The server sends out boxes with unlocked boxes to all it’s clients. The clients put the message they want to send in the box and lock it and send it back to the server. Only the server can unlock the box.

Public-key encryption is still vulnerable to man-in-the-middle-attacks, but public key infrastructure(PKI) uses third parties and hashes with public-key encryption to prevent man-in-the-middle-attacks. Public-key encryption is not a strong and takes more compute power as symmetric encryption, so public key infrastructure(PKI) is used to encrypt and send the key for symmetric encryption as a key exchange algorithm and the rest of the data in the session is symmetric encryption.