Please summarized about Single Key (symmetric) Encryption (Ctrl). 2.1 Key Length vs. Security The key space doubles when one bit is added to the key. Longer keys are better, but don't necessarily increase security. Because people tend to use patterns for passwords, the attacker can build a dictionary of commonly used passwords and launch a dictionary attack. This way the attacker can save time, because he doesn't have to brute force the whole key space 2.2 Symmetric vs. Session Key The symmetric key can be changed every time Alice communicates with Bob. Then it is called a session key (randomly generated and valid only for one session). If an attacker grabs the session key, he can decrypt only the messages from one session. If Alice and Bob always used the same key, the attacker would be able to decrypt all messages encrypted with this key 2.3 Scalability and Secure Key Distribution There are a few problems with symmetric ciphers. This system is not scalable. If there are 1,000 people who want to communicate with each other, everyone needs 999 different keys to establish separate and confidential communication channels. Secure key distribution is another problem. The security of the system is broken if a man- in-the-middle can grab the key while it is being transmitted from Alice to Bob. 3. Asymmetric Encryption Two keys are used in asymmetric cipher (e.g., RSA)-a public and a private one. The public one is available for veryone, but the private one is known only by the owner. When the message is encrypted with the public key, only the corresponding private key can decrypt it. Moreover, the private key can't be learned from the public one. Asymmetric cipher solves the problem of secure key distribution. Alice takes Bob's public key and uses it to encrypt the session key Only Bob can then decrypt the encrypted session key, because he is the only one who knows the corresponding private key. Asymmetric ciphers are quite slow when compared with the symmetric ones, which is why asymmetric ciphers are used only to securely distribute the key. Then, Alice and Bob can use symmetric cipher and the session key to make the communication confidential. Use of an asymmetric cipher also solves the scalability problem. Everyone will need only one public key and one private key to communicate with other people 4. Mail Security Let's analyze how symmetric and asymmetric encryption can be used to build secure mail system. 4.1 Achieving Message Confidentiality Alice is going to send a mail to Bob. She wants to to read the message. Confidentiality can be achieved by using symmetric encryption (the session key) needs to be securely sent to Bob. Asymmetric encryption is used for the purpose of secure key distribution. keep the message secret. Bob is the only one who should be able encryption. The key used for symmetric