 |
|
| > |
QUESTION POSED ON: 19 October 2001
How should I store my DES encryption key?
|
|
| > |
DES is a fine algorithm and has had the most analysis of any of the
commonly used algorithms, but it has the disadvantage of having a small
key. A 56 bit key is not considered to be strong security any more, which
is the whole reason why the US NIST sponsored the Advanced Encryption
Standard (AES).
However, you handle *any* symmetric key the same way that would handle a
DES key. So no matter what algorithm you choose, this is what you do:
It matters a great deal on what you're encrypting. If you are encrypting a
communications link, for example, you are using what is called an ephemeral
key. This is a key that you produce from a random number generator, use it,
and throw it away. The important thing to remember is to clear any memory
in your program that held the key after you're done with it.
If you are encrypting storage, or files, then you have to keep the key,
because you'll need it later. There are a number of ways you can handle
this problem.
One is to keep it in a safe place. Smart cards and other secure storage
places provide good places to keep keys. Unfortunately, most programs don't
have the luxury of secure key storage. (Also, ideally, you'd decrypt the
data on your storage device, too.)
Another good way is to produce it from something like a passphrase. This
way, you have your user memorize some bit of text that gets transformed
into a key that you use. The question then is how to transform some text
into a cryptographically strong key.
Fortunately, there's an easy answer to that. That answer is "SHA-1." SHA-1
is a secure hash algorithm. You hand it a block of data and it returns you
a 20-byte (160 bit) string that is completely arbitrary and as unique as
possible. You then take your key from that hash. Note, however, that when
you use DES, the 56-bits are typically taken as 7 bits of each of 8-bytes,
not a 7-byte string. Read your library carefully.
One problem with simply hashing a passphrase is what are called dictionary
attacks. In a dictionary attack, the attacker takes a common table and
tries all of those first. There are a number of ways to fight this.
One is to use something called "salt." Salt is simply some arbitrary bits
of data that you hash along with the passphrase. You store the salt in the
clear along with your ciphertext. Depending on what you're trying to do,
this may be a useful technique for you.
Another related technique is to use an encryption mode such as Cipher Block
Chaining (CBC) or Cipher Feed Back (CFB). These modes improve the over all
encryption of your data. They use something called an "initialization
vector," which is nothing more than arbitrary (but it still should be
pretty random) data mixed in with the encryption stream.
For more information on this topic, visit these other SearchSecurity.com resources:
Ask the Expert: Encryption above 3-DES
Best Web Links: Encryption
|
|
|
|
|
|
|
|
Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and
answer pairs from more than 250 TechTarget industry experts.
|
|
|
|
|
|
|
|
|
|
|
|
