Key (cryptography): Difference between revisions

From Citizendium
Jump to navigation Jump to search
imported>Howard C. Berkowitz
No edit summary
imported>Howard C. Berkowitz
No edit summary
Line 4: Line 4:


[[Key management]] is a related but separate discipline of secure distribution of keys and entering them into cryptosystem, as well as technical administration practices such as [[authentication#authenticating]] keys, [[key revocation|revoking keys]], and parameterizing session-level key changes.
[[Key management]] is a related but separate discipline of secure distribution of keys and entering them into cryptosystem, as well as technical administration practices such as [[authentication#authenticating]] keys, [[key revocation|revoking keys]], and parameterizing session-level key changes.
==Characteristics of keys==
Modern keys, which are directly compatible with cryptosystems, are binary strings. When needed for human readability, they are, most commonly, represented in [[hexadecimal]].
===Key length===
The most essential attribute of a binary key is its length in bits. Different cryptosystems can provide better or worse security with a key of the same length, but, in general, a key that offers any appreciable level of security will be at least 256 bits long.
===Key period===
If a key changes frequently, it may be shorter than one that changes less frequently. A key that is used only for specialized, small-volume functions, such as key distribution keys, conceptually could be shorter because so little traffic is encrypted with it. In practice, the specialized keys have a long period and cover extremely sensitive functions, so the computational overhead of a long key can well be justified; a 1024-bit key distribution key might be used to distribute 256-bit secret keys, from which 64-bit session keys might be generated.
===Bad keys===
Within the constraints of its length, a key should not have a strong pattern such as all ones or all zeroes. Certain other patterns also are unwise, such as a repeated 8-bit pattern corresponding to an ASCII character.
==Persistent keys==
Persistent keys are commonly managed by [[key distribution]] mechanisms. Depending on the application, some keys are [[Key (cryptography)#public key|public with respect to some community]], while others must be kept secret. A subset of keys that must be kept secret are [[Key (cryptography)#private key|private keys,]] which imply the existence of an associated public key.
==Transient keys==
Transient keys are generated by operating cryptosystems, have short lifetimes, and are not entered into a formal key management system. The particular cryptosystem will have mechanisms for secure agreement on transient keys among parties to the communication.

Revision as of 10:31, 30 October 2008

This article is a stub and thus not approved.
Main Article
Discussion
Related Articles  [?]
Bibliography  [?]
External Links  [?]
Citable Version  [?]
 
This editable Main Article is under development and subject to a disclaimer.

Template:TOC-right In cryptography, a key is some set data which, in combination with a cryptographic algorithm, introduces or removes the concealment applied to plaintext or taken to ciphertext. This discussion deals with the nature of keys (e.g., binary strings of length , text phrases), the basis of generating good and bad keys, the types of keys (e.g., session key, key distribution key, public key, key generating key)

Key management is a related but separate discipline of secure distribution of keys and entering them into cryptosystem, as well as technical administration practices such as authentication#authenticating keys, revoking keys, and parameterizing session-level key changes.

Characteristics of keys

Modern keys, which are directly compatible with cryptosystems, are binary strings. When needed for human readability, they are, most commonly, represented in hexadecimal.

Key length

The most essential attribute of a binary key is its length in bits. Different cryptosystems can provide better or worse security with a key of the same length, but, in general, a key that offers any appreciable level of security will be at least 256 bits long.

Key period

If a key changes frequently, it may be shorter than one that changes less frequently. A key that is used only for specialized, small-volume functions, such as key distribution keys, conceptually could be shorter because so little traffic is encrypted with it. In practice, the specialized keys have a long period and cover extremely sensitive functions, so the computational overhead of a long key can well be justified; a 1024-bit key distribution key might be used to distribute 256-bit secret keys, from which 64-bit session keys might be generated.

Bad keys

Within the constraints of its length, a key should not have a strong pattern such as all ones or all zeroes. Certain other patterns also are unwise, such as a repeated 8-bit pattern corresponding to an ASCII character.

Persistent keys

Persistent keys are commonly managed by key distribution mechanisms. Depending on the application, some keys are public with respect to some community, while others must be kept secret. A subset of keys that must be kept secret are private keys, which imply the existence of an associated public key.

Transient keys

Transient keys are generated by operating cryptosystems, have short lifetimes, and are not entered into a formal key management system. The particular cryptosystem will have mechanisms for secure agreement on transient keys among parties to the communication.