Key (cryptography): Difference between revisions
imported>Caesar Schinas m (Robot: Changing template: TOC-right) |
imported>Sandy Harris |
||
Line 15: | Line 15: | ||
Persistent keys are commonly managed by [[key distribution]] mechanisms. Depending on the application, some keys are [[Key (cryptography)#public key|public with respect to some community]], while others must be kept secret. A subset of keys that must be kept secret are [[Key (cryptography)#private key|private keys,]] which imply the existence of an associated public key. | Persistent keys are commonly managed by [[key distribution]] mechanisms. Depending on the application, some keys are [[Key (cryptography)#public key|public with respect to some community]], while others must be kept secret. A subset of keys that must be kept secret are [[Key (cryptography)#private key|private keys,]] which imply the existence of an associated public key. | ||
==Transient keys== | ==Transient keys== | ||
Transient keys are generated by operating cryptosystems, have short lifetimes, and are not entered into a formal key management system. The particular cryptosystem will have mechanisms for secure agreement on transient keys among parties to the communication. | Transient keys are generated by operating cryptosystems, have short lifetimes, and are not entered into a formal key management system. The particular cryptosystem will have mechanisms for secure agreement on transient keys among parties to the communication. One common method is the [[Diffie-Hellman]] key agreement protocol. | ||
==References== | ==References== | ||
<references/> | <references/> |
Revision as of 04:57, 13 August 2009
In cryptography, a key is some set data which, in combination with a cryptographic algorithm, introduces or removes the concealment applied to plaintext or taken to ciphertext. This discussion deals with the nature of keys (e.g., binary strings of length , text phrases), the basis of generating good and bad keys, the types of keys (e.g., session key, key distribution key, public key, key generating key)
Key management is a related but separate discipline of secure distribution of keys and entering them into cryptosystem, as well as technical administration practices such as authentication#authenticating keys, revoking keys, and parameterizing session-level key changes.
Characteristics of keys
Modern keys, which are directly compatible with cryptosystems, are binary strings. When needed for human readability, they are, most commonly, represented in hexadecimal.
Key length
The most essential attribute of a binary key is its length in bits. Different cryptosystems can provide better or worse security with a key of the same length, but, in general, a key that offers any appreciable level of security will be at least 256 bits long.
Key period
If a key changes frequently, it may be shorter than one that changes less frequently. A key that is used only for specialized, small-volume functions, such as key distribution keys, conceptually could be shorter because so little traffic is encrypted with it. In practice, the specialized keys have a long period and cover extremely sensitive functions, so the computational overhead of a long key can well be justified; a 1024-bit key distribution key might be used to distribute 256-bit secret keys, from which 64-bit session keys might be generated.
Bad keys
Within the constraints of its length, a key should not have a strong pattern such as all ones or all zeroes. Certain other patterns also are unwise, such as a repeated 8-bit pattern corresponding to an ASCII character.
Persistent keys
Persistent keys are commonly managed by key distribution mechanisms. Depending on the application, some keys are public with respect to some community, while others must be kept secret. A subset of keys that must be kept secret are private keys, which imply the existence of an associated public key.
Transient keys
Transient keys are generated by operating cryptosystems, have short lifetimes, and are not entered into a formal key management system. The particular cryptosystem will have mechanisms for secure agreement on transient keys among parties to the communication. One common method is the Diffie-Hellman key agreement protocol.