- What is the main difference between symmetric and asymmetric encryption?
- Explain what “data in transit” and “data at rest” mean, and why both need to be encrypted.
- Why should a business store hashed versions of user passwords instead of the passwords themselves?
Answer
- The main difference between symmetric and asymmetric encryption lies in how keys are used. Symmetric encryption uses a single shared key for both encrypting and decrypting data, making it fast and efficient but requiring secure key distribution. Asymmetric encryption, based on the public-key cryptography model, uses a pair of keys: a public key for encryption and a private key for decryption, which improves security for key exchange but is generally slower.
- “Data in transit” refers to information actively moving between systems, such as over the internet or a network, while “data at rest” refers to data stored on devices like servers, databases, or hard drives. Both need encryption because data in transit can be intercepted by attackers, and data at rest can be accessed if storage systems are compromised; encryption ensures that even if data is exposed, it remains unreadable without the proper keys.
- Businesses should store hashed versions of user passwords instead of plain text passwords to protect user security. Hashing uses one-way functions from the field of cryptography, meaning the original password cannot be easily recovered. This way, even if a database is breached, attackers cannot directly obtain users’ actual passwords, reducing the risk of account compromise.
