Q
Problem solve Get help with specific problems with your technologies, process and projects.

# Storing a DES encryption key

How should I store my DES encryption key?

DES is a fine algorithm and has had the most analysis of any of the commonly used algorithms, but it has the disadvantage of having a small key. A 56 bit key is not considered to be strong security any more, which is the whole reason why the US NIST sponsored the Advanced Encryption Standard (AES).

However, you handle *any* symmetric key the same way that would handle a DES key. So no matter what algorithm you choose, this is what you do:

It matters a great deal on what you're encrypting. If you are encrypting a communications link, for example, you are using what is called an ephemeral key. This is a key that you produce from a random number generator, use it, and throw it away. The important thing to remember is to clear any memory in your program that held the key after you're done with it.

If you are encrypting storage, or files, then you have to keep the key, because you'll need it later. There are a number of ways you can handle this problem.

One is to keep it in a safe place. Smart cards and other secure storage places provide good places to keep keys. Unfortunately, most programs don't have the luxury of secure key storage. (Also, ideally, you'd decrypt the data on your storage device, too.)

Another good way is to produce it from something like a passphrase. This way, you have your user memorize some bit of text that gets transformed into a key that you use. The question then is how to transform some text into a cryptographically strong key.

Fortunately, there's an easy answer to that. That answer is "SHA-1." SHA-1 is a secure hash algorithm. You hand it a block of data and it returns you a 20-byte (160 bit) string that is completely arbitrary and as unique as possible. You then take your key from that hash. Note, however, that when you use DES, the 56-bits are typically taken as 7 bits of each of 8-bytes, not a 7-byte string. Read your library carefully.

One problem with simply hashing a passphrase is what are called dictionary attacks. In a dictionary attack, the attacker takes a common table and tries all of those first. There are a number of ways to fight this.

One is to use something called "salt." Salt is simply some arbitrary bits of data that you hash along with the passphrase. You store the salt in the clear along with your ciphertext. Depending on what you're trying to do, this may be a useful technique for you.

Another related technique is to use an encryption mode such as Cipher Block Chaining (CBC) or Cipher Feed Back (CFB). These modes improve the over all encryption of your data. They use something called an "initialization vector," which is nothing more than arbitrary (but it still should be pretty random) data mixed in with the encryption stream.

For more information on this topic, visit these other SearchSecurity.com resources: Ask the Expert: Encryption above 3-DES

This was last published in October 2001

## Content

Find more PRO+ content and other member only offers, here.

#### Have a question for an expert?

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

#### Start the conversation

Send me notifications when other members comment.

## SearchCloudSecurity

• ### Cloudflare Access takes on VPNs with reverse proxy approach

Cloudflare takes inspiration from Google's BeyondCorp with a new service called Cloudflare Access, which aims to replace ...

• ### TLS 1.3: What it means for enterprise cloud use

The latest draft version of TLS 1.3 is out, and it will likely affect enterprises that use cloud services. Expert Ed Moyle ...

• ### The biggest cloud security threats, according to the CSA

The Cloud Security Alliance reported what it found to be the biggest cloud security threats. Expert Rob Shapland looks at how ...

## SearchNetworking

• ### ThousandEyes-Juniper pact focuses on hybrid WANs

ThousandEyes and Juniper boost visibility for hybrid WANs; IDC records sharp rise in cloud spending; and a vendor group issues ...

• ### ExtremeLocation latest addition to Extreme wireless portfolio

Extreme Networks is targeting retailers with a new set of services, called ExtremeLocation. The latest technology adds ...

• ### Take network configuration management tools to the next level

Script management systems and intent-based networking are driving the future of network configuration management tools, shifting ...

## SearchCIO

• ### Wayfair's chief architect talks AI-driven innovation, impactful IT

Wayfair sells home furnishings, but under the covers, it's a tech juggernaut. Chief Architect Ben Clark explains how AI-driven ...

• ### Synthetic data could ease the burden of training data for AI models

Sometimes it's better to manufacture training data for machine learning models than it is to collect it.

• ### CES 2018 for CIOs: Rise of the AI voice assistant class

What happens in Vegas doesn't stay there -- not at CES 2018, where AI voice assistants and sentient objects were ubiquitous and ...

## SearchEnterpriseDesktop

• ### Ten Windows 10 Fall Creators Update features to know

Microsoft introduced some significant changes to Windows 10 in the Fall Creators Update. The My People app, for example, lets ...

• ### Guard the line with Windows Defender features

The Windows 10 Fall Creators Update took Windows 10 security up a notch by adding advanced features to Windows Defender, ...

• ### Ready to master virtualization-based security in Windows 10?

Put your knowledge of virtualization-based security in Windows 10 on the line with this quiz covering the ins and outs of ...

## SearchCloudComputing

• ### Google Cloud Dedicated Interconnect offers VPN alternative

Google's Dedicated Interconnect enables an enterprise to privately connect its data center to the public cloud. Here's a ...

• ### Chip bugs hit cloud computing usage less than first feared

IT shops expected their cloud usage to flag due to recent chip bugs, but most environments survived the patches unscathed.

• ### Providers continue to push hybrid cloud technologies in 2018

The hybrid cloud market changes rapidly, as major cloud providers release new services to bridge private and public platforms, ...

## ComputerWeekly.com

• ### UK and France to collaborate on digital tech

The UK and French governments have joined forces to increase technology and innovation cooperation between the two nations

• ### Create security culture to boost cyber defences, says Troy Hunt

Security suffers when there is tension between software developers and security professionals, but it is common in many ...

• ### Nordic IT executive interview: Daniel Kjellén, CEO, Tink

Sweden could have a head start in the race to open up banking through the European Union’s PSD2 regulation

Close