Symmetric
How many keys are used for symmetric encryption?
How many keys are used for asymmetric encryption?
This is the modern protocol used to secure web traffic.
TLS
This is the readable, original form of data before encryption.
Plaintext
One major reason asymmetric encryption is used in TLS even though it is slower is that it helps solve this problem.
Secure key exchange problem or initial trust problem
One big advantage of symmetric encryption is that it is generally ____________ compared to asymmetric encryption.
Faster
If Alice encrypts a message with Bob’s public key, only this key can decrypt it.
Bob's private key
When a browser shows a lock icon for HTTPS, it does not just mean encryption. It also suggests the browser successfully checked this.
Server’s identity or certificate validity
This is scrambled, unreadable data after it has been encrypted.
Ciphertext
A student says, “Since public keys are public, using them makes encryption insecure.” Explain why that logic is wrong.
Public keys are designed to be shared, and they do not let someone decrypt the message without the matching private key
One problem with symmetric encryption is safely __________ before communication starts.
Exchanging the key
This key is used to lock data so only the owner of the matching private key can unlock it.
Public key
A student says, “TLS is basically just encryption for websites.” Give the fuller answer by naming the three major protections TLS is meant to provide.
Confidentiality, authentication, and integrity
This kind of attack involves secretly listening to network traffic.
Sniffing / Eavesdropping
An attacker intercepts traffic between a victim and a fake website pretending to be a real one. Proper certificate validation is meant to help stop this type of problem.
Man in the middle attack
How do you measure the strength of an encryption algorithm?
Size of the key (Keyspace)
Work Factor (How much effort/time does it take to break)
Entropy (Level of randomness)
This is the main reason asymmetric encryption is not usually used for encrypting large amounts of data by itself.
It is slower
What are the two purposes of a digital certificate?
Prove identity
&
Share public key
This process confirms that a person or server is really who they claim to be.
Authentication
Should encryption algorithms be public or private? Explain why.
Public
Allows for public testing and peer review
If it survives, you know its good
Two branch offices already share a secret key, but that key is reused for months across many communications. Even if symmetric encryption itself is strong, this practice creates a security concern because compromise of that one key affects this.
All communications protected by that key
A company wants confidentiality, identity verification, and efficient performance in a web session. Explain why asymmetric encryption alone is usually not the best full-session solution.
It helps with secure key exchange and authentication, but it is too slow or inefficient for protecting all session data by itself
Name and explain one SSL/TLS vulnerability?
SSL Stripping
Certificate Authority Fraud
Capturing Data Before Encryption
Protocol used to transfer data from a client to a web server
HTTP
A student says, “If TLS already uses encryption, there is no need to teach both symmetric and asymmetric encryption separately.” Explain why that statement is wrong using the actual way secure web sessions work.
TLS depends on both
Asymmetric methods help authenticate identities and securely establish shared secrets, while symmetric encryption protects the actual session data efficiently. You need both concepts to understand how TLS works.