Symmetric key cryptography suffers from three major vulnerabilities:
Key storage and recovery
Key distribution
Open systems
As previously mentioned, symmetric cryptography requires the sharing of secret keys between the two parties (sending and receiving), which further requires the implicit trust that this key will not be shared with any other outside third party. The only way that any type of secrecy can be achieved in this regard would be to establish some sort of trusted channel. An option here would be the use of a so-called designated controller. But this carries third-party risks as well.
With regards to the second vulnerability, since there will be many more lines of communication between the sending and the receiving parties, the need to implement more controllers becomes totally unrealistic as well as unfeasible. Thus, the distribution of the private keys can become a virtual nightmare.
Finally, with the third vulnerability, private or symmetric cryptography works best only when it is used in a very closed or “sterile” environment, where there are at best only a few (or even just a handful) of sending and receiving parties. In other words, given the threat landscape today, it would be completely unrealistic to implement a symmetric cryptography system in an open environment.
