Key (cryptography): Difference between revisions
imported>Howard C. Berkowitz No edit summary |
imported>Gareth Leng m (→Transient keys) |
||
Line 16: | Line 16: | ||
==Transient keys== | ==Transient keys== | ||
Transient keys are generated by operating cryptosystems, have short lifetimes, and are not entered into a formal key management system. The particular cryptosystem will have mechanisms for secure agreement on transient keys among parties to the communication. | Transient keys are generated by operating cryptosystems, have short lifetimes, and are not entered into a formal key management system. The particular cryptosystem will have mechanisms for secure agreement on transient keys among parties to the communication. | ||
==References== | |||
<references/> |
Revision as of 11:26, 13 February 2009
Template:TOC-right In cryptography, a key is some set data which, in combination with a cryptographic algorithm, introduces or removes the concealment applied to plaintext or taken to ciphertext. This discussion deals with the nature of keys (e.g., binary strings of length , text phrases), the basis of generating good and bad keys, the types of keys (e.g., session key, key distribution key, public key, key generating key)
Key management is a related but separate discipline of secure distribution of keys and entering them into cryptosystem, as well as technical administration practices such as authentication#authenticating keys, revoking keys, and parameterizing session-level key changes.
Characteristics of keys
Modern keys, which are directly compatible with cryptosystems, are binary strings. When needed for human readability, they are, most commonly, represented in hexadecimal.
Key length
The most essential attribute of a binary key is its length in bits. Different cryptosystems can provide better or worse security with a key of the same length, but, in general, a key that offers any appreciable level of security will be at least 256 bits long.
Key period
If a key changes frequently, it may be shorter than one that changes less frequently. A key that is used only for specialized, small-volume functions, such as key distribution keys, conceptually could be shorter because so little traffic is encrypted with it. In practice, the specialized keys have a long period and cover extremely sensitive functions, so the computational overhead of a long key can well be justified; a 1024-bit key distribution key might be used to distribute 256-bit secret keys, from which 64-bit session keys might be generated.
Bad keys
Within the constraints of its length, a key should not have a strong pattern such as all ones or all zeroes. Certain other patterns also are unwise, such as a repeated 8-bit pattern corresponding to an ASCII character.
Persistent keys
Persistent keys are commonly managed by key distribution mechanisms. Depending on the application, some keys are public with respect to some community, while others must be kept secret. A subset of keys that must be kept secret are private keys, which imply the existence of an associated public key.
Transient keys
Transient keys are generated by operating cryptosystems, have short lifetimes, and are not entered into a formal key management system. The particular cryptosystem will have mechanisms for secure agreement on transient keys among parties to the communication.