Hi,
Of course, the symmetric key algorithms can provide authentication. only the
user who have the key can open and use the data can provide a authtication
function. but it is difficult for the symmertric key algorithms to deploy the
key.
----- Original Message -----
From: PennGwyn
To: Rabbani
Cc: CISSP-Discuss@yahoogroups.com
Sent: Wednesday, July 12, 2006 4:09 PM
Subject: Re: [CISSP-D] Do Symmetric Key Algorithms provide authenticity?
On 8 Jul 2006 at 19:17, Rabbani wrote:
> Symmetric key algorithms can provide confidentiality but not
> authentication, says Shon Harris in her book, All In One CISSP exam
> guide (Page # 680, Quick Tips, Cryptography).
>
> Whereas the SYBEX book, CISSP Study guide, by James, Ed and Mike
> says 'Authentication can be achieved by both symmetric and asymmetric
> cryptosystems.
>
> Can any CISSPs advise on this.
In an asymmetric key cryptosystem, each entity has its own private key
which need never be shared, transmitted, or made available. So successful
participation in the cryptosystem implicitly authenticates each entity as
the possessor of its unique private key.
In a symmetric cryptosystem, a shared key must be distributed to all
entities, with attendant risk that the key distribution process might get
compromised. An entitiy's knowledge of the shared key does not uniquely
identify the entity. A shared key system might be used to protect the
exchange of further credentials, but does not by itself provide
authentication.
Symmetric key systems do not provide authentication, but their
confidentiality may be used to secure a process that does -- the SYBEX
authors may have had that in mind.
David Gillett, CISSP CCNP CCSE
