Where parties do not have a shared secret and large quantities of sensitive information must be passed, the
most efficient means of transferring information is to use Hybrid Encryption Methods. What does this mean?

A.
Use of public key encryption to secure a secret key, and message encryption using the secret key.

B.
Use of the recipient’s public key for encryption and decryption based on the recipient’s private key.

C.
Use of software encryption assisted by a hardware encryption accelerator.

D.
Use of elliptic curve encryption.

Explanation:
For large quantities of sensitive information, symmetric key encryption (using a secret key) is more efficient.
Public key cryptography uses two keys (public and private) generated by an asymmetric algorithm for protecting
encryption keys and key distribution, and a secret key is generated by a symmetric algorithm and used for bulk
encryption. Then there is a hybrid use of the two different algorithms: asymmetric and symmetric. Each
algorithm has its pros and cons, so using them together can be the best of both worlds.
In the hybrid approach, the two technologies are used in a complementary manner, with each performing a
different function. A symmetric algorithm creates keys used for encrypting bulk data, and an asymmetric
algorithm creates keys used for automated key distribution.
When a symmetric key is used for bulk data encryption, this key is used to encrypt the message you want to
send. When your friend gets the message you encrypted, you want him to be able to decrypt it, so you need to
send him the necessary symmetric key to use to decrypt the message. You do not want this key to travel
unprotected, because if the message were intercepted and the key were not protected, an evildoer could
intercept the message that contains the necessary key to decrypt your message and read your information. If
the symmetric key needed to decrypt your message is not protected, there is no use in encrypting the message
in the first place. So we use an asymmetric algorithm to encrypt the symmetric key. Why do we use the
symmetric key on the message and the asymmetric key on the symmetric key? The reason is that the
asymmetric algorithm takes longer because the math is more complex. Because your message is most likely
going to be longer than the length of the key, we use the faster algorithm (symmetric) on the message and the
slower algorithm (asymmetric) on the key.
Incorrect Answers:
B: For large quantities of sensitive information, symmetric key encryption (using a secret key) is more efficient.
Using public and private keys for encryption and decryption is asymmetric key encryption.
C: Software encryption is not an answer on its own. We need to determine what type of software encryption to
use.
D: Elliptical curve cryptography (ECC) is a public key encryption technique. Symmetric key encryption is more
efficient for large amounts of data.

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, 2013, p. 793