key (cryptography)

Information about key (cryptography)

A key controls the encryption in a block cipher

In cryptography, a key is a piece of information (a parameter) that controls the operation of a cryptographic algorithm. In encryption, a key specifies the particular transformation of plaintext into ciphertext, or vice versa during decryption. Keys are also used in other cryptographic algorithms, such as digital signature schemes and message authentication codes.

Need for secrecy

In designing security systems, it is wise to assume that the details of the cryptographic algorithm are already available to the attacker. This principle is known as Kerckhoffs' principle — "only secrecy of the key provides security", or "the enemy knows the system". The history of cryptography provides evidence that it can be difficult to keep the details of a widely-used algorithm secret. A key is often easier to protect (it's typically a small piece of information) than an encryption algorithm, and easier to change if compromised. Thus, the security of an encryption system in most cases relies on some key being kept secret.

Keeping keys secret is one of the most difficult problems in practical cryptography; see key management. An attacker who obtains the key (by, for example, theft, extortion, dumpster diving, social engineering or inspection of a Post-it note stuck to the side of a terminal) can recover the original message from the encrypted data.

Encryption algorithms which use the same key for both encryption and decryption are known as symmetric key algorithms. A newer class of "public key" cryptographic algorithms was invented in the 1970s which uses a pair of keys, one to encrypt and one to decrypt. These asymmetric key algorithms allows one key to be made public while retaining the private key in only one location. They are designed so that finding out the private key is extremely difficult, even if the corresponding public key is known. A user of public key technology can publish their public key, while keeping their private key secret, allowing anyone to send them an encrypted message.

Key sizes

Main article: Key size

For the one-time pad system the key must be at least as long as the message. In encryption systems that use a cipher algorithm, messages can be much longer than the key. The key must, however, be long enough so that an attacker cannot try all possible combinations.

A key length of 80 bits is generally considered the minimum for strong security with symmetric encryption algorithms. 128-bit keys are commonly used and considered very strong. See the key size article for a fuller discussion.

The keys used in public key cryptography have some mathematical structure. For example, public keys used in the RSA system are the product of two prime numbers. Thus public key systems require longer key lengths than symmetric systems for an equivalent level of security. 3072 bits is the suggested key length for systems based on factoring and integer discrete logarithms which aim to have security equivalent to a 128 bit symmetric cipher. Elliptic curve cryptography may allow smaller-size keys for equivalent security, but these algorithms have only been known for a relatively short time and current estimates of the difficulty of searching for their keys may not survive. Recently, a message encrypted using a 109-bit key elliptic curve algorithm was broken by brute force. The current rule of thumb is to use an ECC key twice as long as the symmetric key security level desired. Except for the random one-time pad, the security of these systems has not (as of 2004) been proven mathematically, so a theoretical breakthrough could make everything you've encrypted an open book. This is another reason to err on the side of choosing longer keys.

Key choice

To prevent a key from being guessed, keys need to be generated truly randomly and contain sufficient entropy. The problem of how to safely generate truly random keys is difficult, and has been addressed in many ways by various cryptographic systems. There is a RFC on generating randomness (RFC 1750, Randomness Recommendations for Security). Some operating systems include tools for "collecting" entropy from the timing of unpredictable operations such as disk drive head movements. For the production of small amounts of keying material, ordinary dice provide a good source of high quality randomness.

When a password (or passphrase) is used as an encryption key, well-designed cryptosystems first run it through a key derivation function which adds a salt and compresses or expands it to the key length desired, for example by compressing a long phrase into a 128-bit value suitable for use in a block cipher.

Diceware describes a method of generating fairly easy-to-remember, yet fairly secure, passphrases, using only dice and a pencil.
Coinware is a variant of diceware using coins instead of dice. It allows generation of multilingual passphrases, especially from the readily made wordlists of Unicode for CJK languages.
Classification of cryptographic key types according to their usage
A glossary of concepts related to keys
Key authentication
Key derivation function
Key distribution center
Key escrow
Key exchange
Key generation
Key insulated cryptography
Key schedule
Key server
Key signing party
Key strengthening
Keyed hash algorithm
Random number generator
Session key
Self-certifying key
Weak key
EKMS

Cryptography • • [ e]
History of cryptography \| Cryptanalysis \| \| Topics in cryptography
Symmetric-key algorithm \| Block cipher \| Stream cipher \| Public-key cryptography \| Cryptographic hash function \| Message authentication code \| Random numbers

Cryptography (or cryptology; derived from Greek κρυπτός kryptós "hidden," and the verb γράφω gráfo "write" or λεγειν legein
..... Click the link for more information.

Parameters, in the plural form, has recently become popular with non-technical users to mean limits, but this should not be confused with the word's technical meaning.

In mathematics, statistics, and the mathematical sciences, parameters (L: auxiliary measure
..... Click the link for more information.

encryption is the process of transforming information (referred to as plaintext) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key.
..... Click the link for more information.

plaintext is information used as input to an encryption algorithm; the output is termed ciphertext. The plaintext could be, for example, a diplomatic message, a bank transaction, an e-mail, a diary and so forth — any information that someone might want to prevent
..... Click the link for more information.

digital signature or digital signature scheme is a type of asymmetric cryptography used to simulate the security properties of a signature in digital, rather than written, form.
..... Click the link for more information.

A cryptographic message authentication code (MAC) is a short piece of information used to authenticate a message. A MAC algorithm accepts as input a secret key and an arbitrary-length message to be authenticated, and outputs a MAC (sometimes known as a tag).
..... Click the link for more information.

Kerckhoffs' principle (also called Kerckhoffs' assumption, axiom or law) was stated by Auguste Kerckhoffs in the 19th century: a cryptosystem should be secure even if everything about the system, except the key, is public knowledge.
..... Click the link for more information.

The history of cryptography begins thousands of years ago. Until recent decades, it has been the story of what might be called classic cryptography — that is, of methods of encryption that use pen and paper, or perhaps simple mechanical aids.
..... Click the link for more information.

Secrecy is the practice of sharing information among a group of people, which can be as small as one person, while hiding it from others. That which is kept hidden is known as the secret. Secrecy is often controversial.
..... Click the link for more information.

In cryptography, key management includes all of the provisions made in a cryptosystem design, in cryptographic protocols in that design, in user procedures, and so on, which are related to generation, exchange, storage, safeguarding, use, vetting, and replacement of keys.
..... Click the link for more information.

Dumpster diving (DD), is the practice of sifting through commercial or residential trash to find items that have been discarded for being unusable by their owners, but may be useful to the Dumpster diver.
..... Click the link for more information.

Social engineering is a collection of techniques used to manipulate people into performing actions or divulging confidential information.^[1] While similar to a confidence trick or simple fraud, the term typically applies to trickery for information gathering or computer
..... Click the link for more information.

The Post-it note, invented by Arthur Fry and manufactured by 3M, is a piece of stationery with a re-adherable strip of adhesive on the back, designed for temporarily attaching notes to documents, computer displays, and so forth.
..... Click the link for more information.

Symmetric-key algorithms are a class of algorithms for cryptography that use trivially related, often identical, cryptographic keys for both decryption and encryption.
..... Click the link for more information.

Centuries: 19th century - 20th century - 21st century

1940s 1950s 1960s - 1970s - 1980s 1990s 2000s
1970 1971 1972 1973 1974
1975 1976 1977 1978 1979

- -
- The 1970s decade refers to the years from 1970 to 1979, also called
..... Click the link for more information.

Public-key cryptography, also known as asymmetric cryptography, is a form of cryptography in which a user has a pair of cryptographic keys - a public key and a private key. The private key is kept secret, while the public key may be widely distributed.
..... Click the link for more information.

In cryptography, the key size (alternatively key length) is the size of the digits used to create an encrypted text; it is therefore also a measure of the number of possible keys which can be used in a cipher, and the number of keys which must be tested to 'break' the
..... Click the link for more information.

In cryptography, the one-time pad (OTP) is an encryption algorithm where the plaintext is combined with a random key or "pad" that is as long as the plaintext and used only once. A modular addition is used to combine the plaintext with the pad.
..... Click the link for more information.

RSA is an algorithm for public-key cryptography. It was the first algorithm known to be suitable for signing as well as encryption, and one of the first great advances in public key cryptography.
..... Click the link for more information.

factorization (British English: also factorisation) or factoring is the decomposition of an object (for example, a number, a polynomial, or a matrix) into a product of other objects, or factors, which when multiplied together give the original.
..... Click the link for more information.

In mathematics, specifically in abstract algebra and its applications, discrete logarithms are group-theoretic analogues of ordinary logarithms. The problem of computing discrete logarithms is a sort of sibling to the problem of integer factorization, in that both problems are
..... Click the link for more information.

Elliptic curve cryptography (ECC) is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. The use of elliptic curves in cryptography was suggested independently by Neal Koblitz^[1] and Victor S.
..... Click the link for more information.

20th century - 21st century - 22nd century
1970s 1980s 1990s - 2000s - 2010s 2020s 2030s
2001 2002 2003 - 2004 - 2005 2006 2007

2004 by topic:
News by month
Jan - Feb - Mar - Apr - May - Jun
..... Click the link for more information.

random is used to express lack of order, purpose, cause, or predictability in non-scientific parlance. A random process is a repeating process whose outcomes follow no describable deterministic pattern, but follow a probability distribution.
..... Click the link for more information.

Ice melting - a classic example of entropy increasing^[1] described in 1862 by Rudolf Clausius as an increase in the disgregation of the molecules of the body of ice.
..... Click the link for more information.

This article is copied from an article on Wikipedia.org - the free encyclopedia created and edited by online user community. The text was not checked or edited by anyone on our staff. Although the vast majority of the wikipedia encyclopedia articles provide accurate and timely information please do not assume the accuracy of any particular article. This article is distributed under the terms of GNU Free Documentation License.

EnglishInfo