Q
Problem solve Get help with specific problems with your technologies, process and projects.

# Storing a DES encryption key

How should I store my DES encryption key?

DES is a fine algorithm and has had the most analysis of any of the commonly used algorithms, but it has the disadvantage of having a small key. A 56 bit key is not considered to be strong security any more, which is the whole reason why the US NIST sponsored the Advanced Encryption Standard (AES).

However, you handle *any* symmetric key the same way that would handle a DES key. So no matter what algorithm you choose, this is what you do:

It matters a great deal on what you're encrypting. If you are encrypting a communications link, for example, you are using what is called an ephemeral key. This is a key that you produce from a random number generator, use it, and throw it away. The important thing to remember is to clear any memory in your program that held the key after you're done with it.

If you are encrypting storage, or files, then you have to keep the key, because you'll need it later. There are a number of ways you can handle this problem.

One is to keep it in a safe place. Smart cards and other secure storage places provide good places to keep keys. Unfortunately, most programs don't have the luxury of secure key storage. (Also, ideally, you'd decrypt the data on your storage device, too.)

Another good way is to produce it from something like a passphrase. This way, you have your user memorize some bit of text that gets transformed into a key that you use. The question then is how to transform some text into a cryptographically strong key.

Fortunately, there's an easy answer to that. That answer is "SHA-1." SHA-1 is a secure hash algorithm. You hand it a block of data and it returns you a 20-byte (160 bit) string that is completely arbitrary and as unique as possible. You then take your key from that hash. Note, however, that when you use DES, the 56-bits are typically taken as 7 bits of each of 8-bytes, not a 7-byte string. Read your library carefully.

One problem with simply hashing a passphrase is what are called dictionary attacks. In a dictionary attack, the attacker takes a common table and tries all of those first. There are a number of ways to fight this.

One is to use something called "salt." Salt is simply some arbitrary bits of data that you hash along with the passphrase. You store the salt in the clear along with your ciphertext. Depending on what you're trying to do, this may be a useful technique for you.

Another related technique is to use an encryption mode such as Cipher Block Chaining (CBC) or Cipher Feed Back (CFB). These modes improve the over all encryption of your data. They use something called an "initialization vector," which is nothing more than arbitrary (but it still should be pretty random) data mixed in with the encryption stream.

For more information on this topic, visit these other SearchSecurity.com resources: Ask the Expert: Encryption above 3-DES
Best Web Links: Encryption

This was last published in October 2001

#### Start the conversation

Send me notifications when other members comment.

## SearchCloudSecurity

• ### Defining and evaluating SOC as a service

As cloud use increases, many enterprises outsource some security operations center functions. Evaluate if SOCaaS is the best ...

• ### Get to know the elements of Secure Access Service Edge

Cloud services use cases continue to expand, but implementation challenges remain. Discover Secure Access Service Edge, or SASE, ...

• ### Boost security with a multi-cloud workload placement process

IT must incorporate a multi-cloud workload placement process into its multi-cloud strategy in order to maintain or improve cloud ...

## SearchNetworking

• ### A deep dive into the differences between 5G and Wi-Fi 6

While the latest cellular and Wi-Fi technology generations -- 5G and Wi-Fi 6, respectively -- have been pitted against one ...

• ### Maintaining network infrastructure in a pandemic and beyond

Network infrastructure that supports remote workers is essential today and will be far into the future. That includes VPN ...

• ### DriveNets' disaggregated router tech wins innovation award

Networking startup DriveNets is bringing cloud principles to carrier networks with disaggregated router technology that could ...

## SearchCIO

• ### How IT can build an agile business partnership

Gene Kim, award-winning researcher, author and founder of IT Revolution, discusses why IT leaders need to involve their ...

• ### Former Cisco CEO offers C-suite leadership tips in time of crisis

COVID-19 is forcing enterprises to make tough decisions. There is no one-size-fits-all roadmap, but those who've survived earlier...

• ### COVID-19 radically refocuses CIO agendas in 4 key areas

As a result of the COVID-19 virus, CIOs must shift their priorities and now focus on the impact the pandemic has on the economy, ...

## SearchEnterpriseDesktop

• ### How to enable and troubleshoot fast startup in Windows 10

The fast startup feature on Windows desktops can add value, but IT must understand when it should and shouldn't enable this ...

• ### 4 negotiation tactics for success in a Microsoft software agreement

A Microsoft software agreement requires skill and knowledge. Use these four Microsoft negotiation tactics to get the best ...

• ### 3 Mac remote management software options for enterprise use

IT pros may be forced to manage remote macOS desktops, so they should understand the options they have for remote desktop ...

## SearchCloudComputing

• ### Explore the pros and cons of cloud computing

Familiarize yourself with the basics of computing in the cloud, how the market has changed over the years, and the advantages and...

• ### How to protect and manage Azure Pipelines secrets with Key Vault

Follow along with this Azure Key Vault tutorial to securely manage passwords and other sensitive information in an Azure DevOps ...

• ### 7 Google Cloud database options to free up your IT team

Moving data to a cloud database is an effective way to optimize cost and performance for applications. Review seven of Google's ...

## ComputerWeekly.com

• ### Nigerian email attacks evolving into credible, dangerous threat

Palo Alto’s Unit 42 reports on Nigeria’s SilverTerrier cyber crime group, which is becoming a highly dangerous threat to ...

• ### Nokia launches AI-based operations to help telcos enter the 5G era

Cognitive operations designed to help comms service providers transform their network, service and business operations through ...

• ### Netherlands schools harness Apple technology

Most Dutch schools use Windows computers, interactive whiteboards and Chromebooks, but there are a number of pioneers who choose ...

Close