Quiz Entry - updated: 2026.07.14
Why is key management a major drawback of symmetric cryptography in a network of users?
Each pair of communicating parties needs its own shared key — so for n users the total number of keys grows as n(n-1)/2, quadratically.
Example sizes:
| Users (n) | Keys needed |
|---|---|
| 4 | 6 |
| 10 | 45 |
| 100 | 4,950 |
| 1,000 | 499,500 |
| 10,000 | 49,995,000 |
And every key must be:
- Generated securely (CSPRNG).
- Exchanged over a secure channel (chicken-and-egg).
- Stored securely on every endpoint.
- Rotated periodically.
- Revoked if a participant leaves or is compromised.
The bigger question this raises:
"Und wie wird der Schlüssel sicher ausgetauscht?" (And how is the key securely exchanged?)
That's literally the question asymmetric cryptography was invented to answer. Two solutions:
- Key Distribution Centre (KDC) — a trusted central server hands out session keys. Kerberos works this way. Still needs each user to pre-share a key with the KDC.
- Public-key / Diffie-Hellman key exchange — derive a shared secret over a public channel without prior contact. The breakthrough of 1976 that made modern HTTPS possible.
Tip: Pure symmetric setups work fine for small fixed groups (e.g. point-to-point VPN, satellite uplink). For the internet's billions of arbitrary peers, you need asymmetric crypto — and that's exactly what TLS does to bootstrap a session.