Although asymmetric encryption is more secure, it also requires much more processing
power. Symmetric encryption is faster but can be less secure because both the encryptor and
the decryptor have knowledge of a single key. With symmetric encryption, the encryptor needs
to send the key to the decryptor. With Internet communications, there is often no way of
ensuring that this key remains a secret from third parties when it is sent to the encryptor.
Asymmetric encryption gets around this by using key pairs. There is never a need for
the decryption key to be divulged, so it??™s much more difficult for a third party to break the
encryption. Because it requires a lot more processing power, however, the practical method
of operation is to use asymmetric encryption to exchange a symmetric key over the Internet,
CHAPTER 16 ?– MANAGING CUSTOMER DETAILS 483
which is then used for symmetric encryption safe in the knowledge that this key has not
been exposed to third parties.
In the TShirtShop application, things are much simpler than with Internet communications.
You just need to encrypt data for storage in the database and decrypt it again when
required, so you can use a symmetric encryption algorithm.
?– Note Behind the scenes, some asymmetric encryption is also going on, however, because that is the
method implemented by HTTPS communication.
Pages:
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606