Key (cryptography)

From Citizendium
Revision as of 22:12, 4 February 2010 by imported>Sandy Harris (→‎Bad keys: hashing a passphrase)
Jump to navigation Jump to search
This article is a stub and thus not approved.
Main Article
Discussion
Related Articles  [?]
Bibliography  [?]
External Links  [?]
Citable Version  [?]
 
This editable Main Article is under development and subject to a disclaimer.

In cryptography, a key is some set data which, in combination with a cryptographic algorithm, introduces or removes the concealment applied to plaintext or taken to ciphertext. This discussion deals with the nature of keys (e.g., binary strings of length , text phrases), the basis of generating good and bad keys, the types of keys (e.g., session key, key distribution key, public key, key generating key)

Key management is a related but separate discipline of secure distribution of keys and entering them into cryptosystem, as well as technical administration practices such as authentication#authenticating keys, revoking keys, and parameterizing session-level key changes.

Characteristics of keys

Modern keys, which are directly compatible with cryptosystems, are binary strings. When needed for human readability, they are, most commonly, represented in hexadecimal.

Key length

The most essential attribute of a binary key is its length in bits. Different cryptosystems can provide better or worse security with a key of the same length, but, in general, a key that offers any appreciable level of security will be at least 256 bits long.

Key period

If a key changes frequently, it may be shorter than one that changes less frequently. A key that is used only for specialized, small-volume functions, such as key distribution keys, conceptually could be shorter because so little traffic is encrypted with it. In practice, the specialized keys have a long period and cover extremely sensitive functions, so the computational overhead of a long key can well be justified; a 1024-bit key distribution key might be used to distribute 256-bit secret keys, from which 64-bit session keys might be generated.

Bad keys

Within the constraints of its length, a key should not have a strong pattern such as all ones or all zeroes. Certain other patterns also are unwise, such as a repeated 8-bit pattern corresponding to an ASCII character. In fact, using any ASCII text is a bad idea because the top bits of every byte are zero, a highly undesirable characteristic in a key.

Text in any human language and any character set makes a poor key because it is partly predictable. When a key must be generated from text a human can remember, normal practice is to apply a cryptographic hash to the text before using it as a key. The passphrases (not just passwords) used for this must be long; estimates of the entropy of normal English text run about one bit per character, which means that to get a strong n-bit key, you need about n characters in the passphrase.

Persistent keys

Persistent keys are commonly managed by key distribution mechanisms. Depending on the application, some keys are public with respect to some community, while others must be kept secret. A subset of keys that must be kept secret are private keys, which imply the existence of an associated public key.

Transient keys

Transient keys, often referred to as session keys, are generated by operating cryptosystems, have short lifetimes, and are not entered into a formal key management system. The particular cryptosystem will have mechanisms for secure agreement on transient keys among parties to the communication. One common method is the Diffie-Hellman key agreement protocol.

References