What is the difference between symmetric and asymmetric encryption?

Symmetric encryption uses the same key for encryption and decryption - fast but key exchange is challenging. Asymmetric uses different keys - secure distribution but slower. In practice, hybrid approaches combining both are standard.

What is AES-256 and is it secure?

AES-256 is a symmetric encryption standard with a 256-bit key length, the most widely used encryption standard today. It is used to protect US government classified information, and no practical decryption method is currently known.

What is the difference between password encryption and hashing?

Encryption is reversible - data can be restored with a key. Hashing is one-way and cannot be reversed. Password storage should use hashing (bcrypt or Argon2), not encryption.

Encryption Basics: Symmetric, Asymmetric, and Hashing

About 10 min read

Data exchanged over the Internet is protected from eavesdropping and tampering by third parties through encryption. Password protection also relies heavily on cryptographic technology, and understanding the basics of encryption is essential knowledge for safeguarding your accounts. As of 2025, with the advancement of quantum computers, NIST is progressing the standardization of post-quantum cryptography (PQC), and cryptographic technology is entering a new turning point. For a closer look at how quantum computing may affect password security, see our article on post-quantum password security. This article explains the differences between symmetric-key and public-key encryption, how hashing works, and the cryptographic strength of passwords generated by passtsuku.com.

What Is Encryption?

Encryption is the process of converting original data (plaintext) into unintelligible data (ciphertext) using a specific algorithm and key. Only the recipient with the correct key can decrypt the ciphertext back to plaintext, so even if data is intercepted by a third party on the communication path, the content cannot be read. Cryptographic technology is used in everyday situations such as HTTPS communication, email encryption, and file protection.

The strength of encryption is determined by the type of algorithm used and the key length. The longer the key, the exponentially greater the computational effort required to find the correct key by brute force, making decryption more difficult. For example, the key space of AES-128 is 2 to the power of 128 (approximately 3.4 × 10 to the power of 38) possibilities, and even trying 1 billion keys per second would require approximately 10 to the power of 21 years for exhaustive search. Current standard cryptographic algorithms recommend key lengths of 128 bits or more.

Symmetric-Key and Public-Key Encryption

Symmetric-Key Encryption

Symmetric-key encryption uses the same key for both encryption and decryption. A representative algorithm is AES (Advanced Encryption Standard), which is widely used for encrypting large volumes of data due to its high-speed processing. AES-256 can encrypt several GB of data per second and is also used for file encryption and full-disk encryption (BitLocker, FileVault).

The challenge of symmetric-key encryption is the "key distribution problem." Since the sender and receiver must share the same key, a means of securely delivering the key itself is required. Public-key encryption was devised to solve this problem. A common misconception is that "symmetric-key encryption is old technology with low security," but AES remains the most widely used encryption algorithm today and offers extremely high security as long as key management is proper.

To systematically learn the principles of cryptographic algorithms, introductory cryptography books (Amazon)are helpful references.

Public-Key Encryption (Asymmetric Encryption)

Public-key encryption uses a pair of two keys: a "public key" for encryption and a "private key" for decryption. The public key can be shared with anyone, while the private key is kept only by the owner. RSA and Elliptic Curve Cryptography (ECC) are representative algorithms. The security of RSA-2048 is considered sufficient until around 2030, but for longer-term security, RSA-4096 or ECC (256 bits or more) is recommended. This technology forms the basis of PKI (Public Key Infrastructure), and proper key management is essential for maintaining security.

In HTTPS communication, a hybrid approach is used where the common key is first securely exchanged using public-key encryption, and subsequent communication is performed using fast symmetric-key encryption. This mechanism solves the key distribution problem while achieving high-speed encrypted communication. Note that public-key encryption is 100 to 1,000 times slower than symmetric-key encryption, so it is generally not used directly for encrypting large amounts of data but is limited to key exchange and digital signatures.

Comparison of Encryption Methods

Item	Symmetric-Key (AES)	Public-Key (RSA/ECC)
Number of keys	1 (shared between sender and receiver)	2 (public key + private key)
Processing speed	Fast (several GB/sec)	Slow (1/100 to 1/1000 of symmetric)
Key distribution challenge	Yes (secure sharing method required)	No (public key can be shared openly)
Recommended key length	128 bits or more (AES-256 recommended)	RSA-2048+ / ECC-256+
Main uses	File encryption, disk encryption, communication data encryption	Key exchange, digital signatures, certificates
Recommended for	Scenarios requiring encryption of large data volumes	Scenarios requiring secure key exchange or identity verification

In actual HTTPS communication, a hybrid approach is used where the common key is securely exchanged using public-key encryption, and subsequent communication is performed using fast symmetric-key encryption. By combining the strengths of both, security and speed are achieved simultaneously.

What Should You Actually Do?

You don't need to understand the details of cryptographic technology, but the points to practice in daily life are clear. Beginners should make it a habit to enter passwords only on HTTPS sites and generate random passwords of 16 characters or more with passtsuku.com. Intermediate users should enable disk encryption (BitLocker / FileVault) and manage unique passwords for each service with a password manager. Encryption doesn't reach its full potential just by being "set up" - it only works effectively when combined with strong passwords.

Hashing and Password Protection

Unlike encryption, hashing is a one-way transformation. You can compute a hash value from the original data, but you cannot recover the original data from the hash value. Using this property, services store passwords in hashed form. During login, the entered password is hashed and compared with the stored hash value for authentication.

Currently recommended password hashing algorithms are bcrypt, scrypt, and Argon2. These are intentionally designed with high computational cost, significantly reducing the speed at which attackers can guess passwords by brute force. For example, bcrypt (cost factor 12) takes about 250 milliseconds per hash computation, so even with a GPU, only a few thousand attempts per second are possible. In contrast, general-purpose hash functions like SHA-256 can perform billions of computations per second and are not suitable for password hashing.

Salt and Pepper

By adding a random string called a "salt" to the password during hashing, different hash values are generated even for the same password. This invalidates attacks using pre-computed hash value tables (rainbow tables). Additionally, adding a server-side secret value called "pepper" makes password cracking difficult even if the database is leaked. Without salt, all users with the same password would have identical hash values, meaning cracking one password would compromise all accounts using that same password.

Cryptographic Strength of Passwords Generated by passtsuku.com

passtsuku.com generates passwords using the Web Crypto API's crypto.getRandomValues(). This API is based on a cryptographically secure pseudorandom number generator (CSPRNG), and the generated passwords have no statistical bias. Since CSPRNG obtains its seed from the OS entropy pool, it is fundamentally different from predictable pseudorandom numbers like Math.random().

Password strength is measured by entropy (in bits). For example, a 16-character password using 4 types of characters - uppercase, lowercase, digits, and symbols (about 95 characters) - has approximately 105 bits of entropy calculated as log2(95^16). This strength would require approximately 10^13 years for exhaustive search even with current supercomputers (10^18 operations per second). On the other hand, an 8-character password using only lowercase letters has only about 38 bits and could be cracked in a few hours.

To deeply understand password entropy and cryptographic strength, password entropy and cryptographic strength guides (Amazon)are practical references.

Tips for Using Encryption in Daily Life

To maximize the benefits of cryptographic technology, several practical habits are important. First, enter passwords only on sites where HTTPS is enabled. On HTTP sites, communication is not encrypted and passwords are sent in plaintext. As of 2024, approximately 95% of web traffic is HTTPS-encrypted, but risks still exist in the remaining 5%.

Next, use sufficiently long random passwords generated by passtsuku.com. Passwords of 16 characters or more generated with cryptographically secure random numbers have extremely high resistance to brute-force attacks even in hashed form. By setting a different password for each service and managing them with a password manager, you can prevent impact on other accounts even if one service is compromised. For details on the relationship between password entropy and strength, see the article on password entropy. To understand how random number quality affects password security, see the random number quality article. When browsing the web, SSL/TLS encryption protects your data in transit, and using a VPN adds an additional layer of encryption.

For data stored on devices, enabling disk encryption (Windows BitLocker, macOS FileVault, smartphone device encryption) protects data in case of device loss or theft. Encryption is a technology that only reaches its full potential when combined with strong passwords, not just by being "set up." Note that if the disk encryption password is weak, the encryption itself becomes meaningless.

A prime example of encryption directly protecting assets is cryptocurrency wallet security - see our guide on cryptocurrency wallet security for details.

What You Can Do Right Now

Generate a random password of 16 characters or more with passtsuku.com and set it for your main email account (confirm 100 bits or more on the strength meter)
Enable disk encryption on your PC (Windows: BitLocker, macOS: FileVault, Smartphone: device encryption)
Make it a habit to check for HTTPS (lock icon) in the browser address bar and never enter passwords on HTTP sites
Review the relationship between password entropy and strength in the password entropy article and reassess the strength of your passwords

Frequently Asked Questions

What is the difference between symmetric and asymmetric encryption?: Symmetric encryption uses the same key for encryption and decryption - fast but key exchange is challenging. Asymmetric uses different keys - secure distribution but slower. In practice, hybrid approaches combining both are standard.
What is AES-256 and is it secure?: AES-256 is a symmetric encryption standard with a 256-bit key length, the most widely used encryption standard today. It is used to protect US government classified information, and no practical decryption method is currently known.
What is the difference between password encryption and hashing?: Encryption is reversible - data can be restored with a key. Hashing is one-way and cannot be reversed. Password storage should use hashing (bcrypt or Argon2), not encryption.

Was this article helpful?

Generate passwords →