Let's say that a client app already knows the public key of the server to which it needs to communicate with and the client app needs to connect to the server using a normal non-secured internet connection then may I assume that currently (in the current state of cryptography) a 2048bit Asymmetric Public Key and Encryption will be secure enough to allow the client and server to negotiate a symmetric encryption key?
You may ask how the client will know what the public key of the server is. In this scenario the client is written specifically for the server and they will use their own communication protocol and data thus I would assume that the server's public key might be coded into the client or maybe accessible to the client app from where it runs. I do understand that that scenario leaves the security open to anyone that has access to the client app.
I am in no way informed about which of the currently used asymmetric encryption algorithms provides the best security balanced with computational cost. I know a bit about RSA. If you have any suggestions about which are preferred then that may help me in my research as well.
Thank you for your input.
Aucun commentaire:
Enregistrer un commentaire