Jump to content

Key (cryptography): Difference between revisions

From Wikipedia, the free encyclopedia
Browse history interactively
← Previous edit
Content deleted Content added
VisualWikitext
Reverted 1 edit by 50.245.128.179 (talk): "Key Exchange" (capitalized) is entirely unrelated to cryptography (TW)
IXNL-UUCP (talk | contribs)
454 edits
Not an improvement - Undid revision 1259983238 by 102.90.103.152 (talk)
 
(141 intermediate revisions by 100 users not shown)
Line 1: Line 1:
{{Short description|Used for encoding or decoding ciphertext}}
{{Refimprove|date=April 2010}}
A '''key''' in [[cryptography]] is a piece of information, usually a string of numbers or letters that are stored in a file, which, when processed through a cryptographic [[algorithm]], can [[Encryption|encode]] or decode cryptographic data. Based on the used method, the key can be different sizes and varieties, but in all cases, the strength of the encryption relies on the security of the key being maintained. A key's [[security strength]] is dependent on its algorithm, the size of the key, the generation of the key, and the process of key exchange.
In [[cryptography]], a '''key''' is a piece of information (a [[parameter]]) that determines the functional output of a cryptographic [[algorithm]]. For [[encryption]] algorithms, a key specifies the transformation of [[plaintext]] into [[ciphertext]], and vice versa for [[decryption]] algorithms. Keys also specify transformations in other cryptographic algorithms, such as [[digital signature]] schemes and [[message authentication code]]s.<ref>{{Cite web|url=https://searchsecurity.techtarget.com/definition/cryptography|title=What is cryptography? - Definition from WhatIs.com|website=SearchSecurity|language=en|access-date=2019-07-20}}</ref>


== Need for secrecy ==
== Scope ==
The key is what is used to encrypt data from [[plaintext]] to [[ciphertext]].<ref>{{Citation|last=Piper|first=Fred|title=Cryptography|date=2002|url=https://onlinelibrary.wiley.com/doi/abs/10.1002/0471028959.sof070|encyclopedia=Encyclopedia of Software Engineering|publisher=American Cancer Society|language=en|doi=10.1002/0471028959.sof070|isbn=978-0-471-02895-6|access-date=2021-04-09}}</ref> There are different methods for utilizing keys and encryption.


=== Symmetric cryptography ===
In designing security systems, it is wise to assume that the details of the cryptographic algorithm are already available to the attacker. This is known as [[Kerckhoffs' principle]] — "''only secrecy of the key provides security''", or, reformulated as [[Claude Shannon#Shannon's maxim|Shannon's maxim]], "''the enemy knows the system''". The [[history of cryptography]] provides evidence that it can be difficult to keep the details of a widely used algorithm secret (see [[security through obscurity]]). A key is often easier to protect (it's typically a small piece of information) than an encryption algorithm, and easier to change if compromised. Thus, the security of an encryption system in most cases relies on some key being kept secret.<ref>{{Cite web|url=https://www.idquantique.com/quantum-safe-security/overview/quantum-key-generation/|title=Quantum Key Generation from ID Quantique|website=ID Quantique|language=en-GB|access-date=2019-07-20}}</ref>
[[Symmetric cryptography]] refers to the practice of the same key being used for both encryption and decryption.<ref>{{Cite web|title=What is a cryptographic key? {{!}} Keys and SSL encryption|url=https://www.cloudflare.com/learning/ssl/what-is-a-cryptographic-key}}</ref>


=== Asymmetric cryptography ===
Trying to keep keys secret is one of the most difficult problems in practical cryptography; see [[key management]]. An attacker who obtains the key (by, for example, theft, extortion, [[dumpster diving]], assault, torture, or [[social engineering (computer security)|social engineering]]) can recover the original message from the encrypted data, and issue signatures.
[[Asymmetric cryptography]] has separate keys for encrypting and decrypting.<ref>{{Cite web|title=Asymmetric-Key Cryptography|url=https://www.cs.cornell.edu/courses/cs5430/2013sp/TL04.asymmetric.html|access-date=2021-04-02|website=www.cs.cornell.edu}}</ref><ref>{{Cite book|last1=Chandra|first1=S.|last2=Paira|first2=S.|last3=Alam|first3=S. S.|last4=Sanyal|first4=G.|title=2014 International Conference on Electronics, Communication and Computational Engineering (ICECCE) |chapter=A comparative survey of Symmetric and Asymmetric Key Cryptography |date=2014|chapter-url=https://ieeexplore.ieee.org/document/7086640|pages=83–93|doi=10.1109/ICECCE.2014.7086640|isbn=978-1-4799-5748-4 |s2cid=377667 }}</ref> These keys are known as the public and private keys, respectively.<ref>{{Cite book|last1=Kumar|first1=M. G. V.|last2=Ragupathy|first2=U. S.|title=2016 International Conference on Wireless Communications, Signal Processing and Networking (WiSPNET) |chapter=A Survey on current key issues and status in cryptography |date=March 2016|chapter-url=https://ieeexplore.ieee.org/document/7566121|pages=205–210|doi=10.1109/WiSPNET.2016.7566121|isbn=978-1-4673-9338-6 |s2cid=14794991 }}</ref>


== Key scope ==
== Purpose ==
Since the key protects the confidentiality and integrity of the system, it is important to be kept secret from unauthorized parties. With public key cryptography, only the private key must be kept secret, but with symmetric cryptography, it is important to maintain the confidentiality of the key. [[Kerckhoffs's principle|Kerckhoff's principle]] states that the entire security of the cryptographic system relies on the secrecy of the key.<ref>{{Cite book|last1=Mrdovic|first1=S.|last2=Perunicic|first2=B.|title=Networks 2008 - the 13th International Telecommunications Network Strategy and Planning Symposium |chapter=Kerckhoffs' principle for intrusion detection |date=September 2008|chapter-url=https://ieeexplore.ieee.org/document/6231360|volume=Supplement|pages=1–8|doi=10.1109/NETWKS.2008.6231360|isbn=978-963-8111-68-5 }}</ref>
Keys are generated to be used with a given ''suite of algorithms'', called a [[cryptosystem]]. Encryption algorithms which use the same key for both encryption and decryption are known as [[symmetric key algorithm]]s. A newer class of "public key" cryptographic algorithms was invented in the 1970s. These [[asymmetric key algorithm]]s use a pair of keys—or ''keypair''—a public key and a private one. Public keys are used for encryption or signature verification; private ones decrypt and sign. The design is such that finding out the private key is extremely difficult, even if the corresponding public key is known. As that design involves lengthy computations, a keypair is often used to [[key exchange|exchange]] an on-the-fly symmetric key, which will only be used for the current session. [[RSA (cryptosystem)|RSA]] and [[Digital Signature Algorithm|DSA]] are two popular public-key cryptosystems; DSA keys can only be used for signing and verifying, not for encryption.


== Ownership and revocation ==
== Key sizes ==
{{main|Key size}}
Part of the security brought about by cryptography concerns confidence about who signed a given document, or who replies at the other side of a connection. Assuming that keys are not compromised, that question consists of determining the owner of the relevant public key. To be able to tell a key's owner, public keys are often enriched with attributes such as names, addresses, and similar identifiers. The packed collection of a public key and its attributes can be digitally signed by one or more supporters. In the [[Public-key infrastructure|PKI]] model, the resulting object is called a [[Public key certificate|certificate]] and is signed by a [[certificate authority]] (CA). In the [[Web of trust|PGP]] model, it is still called a "key", and is signed by various people who personally verified that the attributes match the subject.<ref name=":0">{{cite web|url=http://digitalmonki.com |title=The GNU Privacy Handbook |editor=Mike Ashley |author1=Matthew Copeland |author2=Joergen Grahn |author3=David A. Wheeler |date=1999 |website=GnuPG |accessdate=14 December 2013 |url-status=dead |archiveurl=https://web.archive.org/web/20150412183457/http://digitalmonki.com/ |archivedate=12 April 2015 }}</ref>


[[Key size]] is the number of [[bit]]s in the key defined by the algorithm. This size defines the upper bound of the cryptographic algorithm's security.<ref>{{Cite web|title=What is Key Length? - Definition from Techopedia|url=http://www.techopedia.com/definition/3999/key-length|access-date=2021-05-01|website=Techopedia.com|date=16 November 2011 |language=en}}</ref> The larger the key size, the longer it will take before the key is compromised by a brute force attack. Since perfect secrecy is not feasible for key algorithms, researches are now more focused on computational security.
In both PKI and PGP models, compromised keys can be revoked. Revocation has the side effect of disrupting the relationship between a key's attributes and the subject, which may still be valid. In order to have a possibility to recover from such disruption, signers often use different keys for everyday tasks: Signing with an ''intermediate certificate'' (for PKI) or a ''subkey'' (for PGP) facilitates keeping the principal private key in an offline safe.


In the past, keys were required to be a minimum of 40 bits in length, however, as technology advanced, these keys were being broken quicker and quicker. As a response, restrictions on symmetric keys were enhanced to be greater in size.
Deleting a key on purpose to make the data inaccessible is called [[crypto-shredding]].


Currently, 2048 bit [[RSA (cryptosystem)|RSA]]<ref>{{Cite journal|last=Hellman|first=Martin|title=An Overview of Public Key Cryptography|url=https://netlab.ulusofona.pt/im/teoricas/OverviewPublicKeyCryptography.pdf|journal=IEEE Communications Magazine}}</ref> is commonly used, which is sufficient for current systems. However, current key sizes would all be cracked quickly with a powerful quantum computer.{{cn|date=October 2024}}
== Key sizes ==
{{main|Key size}}


“The keys used in public key cryptography have some mathematical structure. For example, public keys used in the RSA system are the product of two prime numbers. Thus public key systems require longer key lengths than symmetric systems for an equivalent level of security. 3072 bits is the suggested key length for systems based on factoring and integer discrete logarithms which aim to have security equivalent to a 128 bit symmetric cipher.”<ref>{{Cite web|date=2013-05-27|title=Anatomy of a change – Google announces it will double its SSL key sizes|archive-url=https://web.archive.org/web/20230908035830/https://nakedsecurity.sophos.com/2013/05/27/anatomy-of-a-change-google-announces-it-will-double-its-ssl-key-sizes/ |archive-date=8 September 2023|url=https://nakedsecurity.sophos.com/2013/05/27/anatomy-of-a-change-google-announces-it-will-double-its-ssl-key-sizes/|access-date=2021-04-09|website=Naked Security|language=en-US}}</ref>
For the [[one-time pad]] system the key must be at least as long as the message. In encryption systems that use a [[cipher]] algorithm, messages can be much longer than the key. The key must, however, be long enough so that an attacker cannot try all possible combinations.


== Key generation ==
A key length of 80 bits is generally considered the minimum for strong security with symmetric encryption algorithms. 128-bit keys are commonly used and considered very strong. See the [[key size]] article for a more complete discussion.
{{Main|Key generation}}
To prevent a key from being guessed, keys need to be generated randomly and contain sufficient [[Entropy (information theory)|entropy]]. The problem of how to safely generate random keys is difficult and has been addressed in many ways by various cryptographic systems. A key can directly be generated by using the output of a Random Bit Generator (RBG), a system that generates a sequence of unpredictable and unbiased bits.<ref>{{Cite web|last=Dang|first=Quynh|date=August 2012|title=Recommendation for Applications Using Approved Hash Algorithms|url=https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-107r1.pdf|access-date=2021-04-02}}</ref> A RBG can be used to directly produce either a symmetric key or the random output for an asymmetric key pair generation. Alternatively, a key can also be indirectly created during a key-agreement transaction, from another key or from a password.<ref name=NIST>{{cite journal |url=https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-132.pdf | doi=10.6028/NIST.SP.800-132 | title=Recommendation for password-based key derivation | date=2010 | last1=Turan | first1=M. S. | last2=Barker | first2=E. B. | last3=Burr | first3=W. E. | last4=Chen | first4=L. | s2cid=56801929 }}</ref>


Some operating systems include tools for "collecting" entropy from the timing of unpredictable operations such as disk drive head movements. For the production of small amounts of keying material, ordinary dice provide a good source of high-quality randomness.
The keys used in [[public key cryptography]] have some mathematical structure. For example, public keys used in the [[RSA (cryptosystem)|RSA]] system are the product of two prime numbers. Thus public key systems require longer key lengths than symmetric systems for an equivalent [[level of security]]. 3072 bits is the suggested key length for systems based on [[Factorization|factoring]] and integer [[discrete logarithm]]s which aim to have security equivalent to a 128 bit symmetric cipher. [[Elliptic curve cryptography]] may allow smaller-size keys for equivalent security, but these algorithms have only been known for a relatively short time and current estimates of the difficulty of searching for their keys may not survive. As early as 2004, a message encrypted using a 109-bit key elliptic curve algorithm had been broken by brute force.<ref>{{cite book |title=The Internet Encyclopedia |first=Hossein |last=Bidgoli |publisher=John Wiley |year=2004 |isbn=0-471-22201-1 |page=567 |url=https://books.google.com/books?id=t0J2QcUtMKcC&pg=PA567 |via=[[Google Books]] }}</ref> The current rule of thumb is to use an ECC key twice as long as the symmetric key security level desired. Except for the random [[one-time pad]], the security of these systems has not been [[Mathematical proof|proven mathematically]] {{As of|2018|lc=on}}, so a theoretical breakthrough could make everything one has encrypted an open book (see [[P versus NP problem#Consequences of solution|P versus NP problem]]). This is another reason to err on the side of choosing longer keys.


== Key choice ==
== Establishment scheme ==
{{Main|Key exchange}}
The security of a key is dependent on how a key is exchanged between parties. Establishing a secured communication channel is necessary so that outsiders cannot obtain the key. A key establishment scheme (or key exchange) is used to transfer an encryption key among entities. Key agreement and key transport are the two types of a key exchange scheme that are used to be  remotely exchanged between entities . In a key agreement scheme, a secret key, which is used between the sender and the receiver to encrypt and decrypt information, is set up to be sent indirectly. All parties exchange information (the shared secret) that permits each party to derive the secret key material. In a key transport scheme, encrypted keying material that is chosen by the sender is transported to the receiver. Either symmetric key or asymmetric key techniques can be used in both schemes.<ref name=NIST/>


The [[Diffie–Hellman key exchange]] and [[Rivest-Shamir-Adleman]] (RSA) are the most two widely used key exchange algorithms.<ref name=":1">{{Cite book|last1=Yassein|first1=M. B.|last2=Aljawarneh|first2=S.|last3=Qawasmeh|first3=E.|last4=Mardini|first4=W.|last5=Khamayseh|first5=Y.|title=2017 International Conference on Engineering and Technology (ICET) |chapter=Comprehensive study of symmetric key and asymmetric key encryption algorithms |date=2017|chapter-url=https://ieeexplore.ieee.org/document/8308215/;jsessionid=aTy3qyMmnoiUUKufk8VEl4llW1jnhntWSm9CUa21rjkJ3qW3bths!861039390|pages=1–7|doi=10.1109/ICEngTechnol.2017.8308215|isbn=978-1-5386-1949-0 |s2cid=3781693 }}</ref> In 1976, [[Whitfield Diffie]] and [[Martin Hellman]] constructed the [[Diffie–Hellman key exchange|Diffie–Hellman]] algorithm, which was the first public key algorithm. The [[Diffie–Hellman key exchange|Diffie–Hellman]] key exchange protocol allows key exchange over an insecure channel by electronically generating a shared key between two parties. On the other hand, [[Rivest–Shamir–Adleman|RSA]] is a form of the asymmetric key system which consists of three steps: key generation, encryption, and decryption.<ref name=":1" />
To prevent a key from being guessed, keys need to be generated truly [[random]]ly and contain sufficient [[Entropy (information theory)|entropy]]. The problem of how to safely generate truly random keys is difficult, and has been addressed in many ways by various cryptographic systems. There is a [[Request for comment|RFC]] on [[random number generator|generating randomness]] (RFC 4086, ''Randomness Requirements for Security''). Some operating systems include tools for "collecting" entropy from the timing of unpredictable operations such as [[disk drive]] head movements. For the production of small amounts of keying material, ordinary [[dice]] provide a good source of high quality randomness.

Key confirmation delivers an assurance between the key confirmation recipient and provider that the shared keying materials are correct and established. The [[National Institute of Standards and Technology]] recommends key confirmation to be integrated into a key establishment scheme to validate its implementations.<ref name=NIST/>

== Management ==
{{Main|Key management}}
[[Key management]] concerns the generation, establishment, storage, usage and replacement of cryptographic keys. A [[Key management|key management system]] (KMS) typically includes three steps of establishing, storing and using keys. The base of security for the generation, storage, distribution, use and destruction of keys depends on successful key management protocols.<ref>{{Cite web|last=Barker|first=Elaine|date=January 2016|title=Recommendation for Key Management|url=https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r4.pdf|access-date=2021-04-02}}</ref>


== Key vs password ==
== Key vs password ==


A password is a memorized series of characters including letters, digits, and other special symbols that are used to verify identity. It is often produced by a human user or a password management software to protect personal and sensitive information or generate cryptographic keys. Passwords are often created to be memorized by users and may contain non-random information such as dictionary words.<ref name=NIST/> On the other hand, a key can help strengthen password protection by implementing a cryptographic algorithm which is difficult to guess or replace the password altogether. A key is generated based on random or pseudo-random data and can often be unreadable to humans.<ref>{{Cite web|last=Khillar|first=Sagar|title=Difference Between Encryption and Password Protection {{!}} Difference Between|date=29 April 2020 |url=http://www.differencebetween.net/technology/difference-between-encryption-and-password-protection/|access-date=2021-04-02|language=en-US}}</ref>
For most computer security purposes and for most users, "key" is not synonymous with "password" (or "[[passphrase]]"), although a password can in fact be used as a key. The primary practical difference between keys and passwords is that the latter are intended to be generated, read, remembered, and reproduced by a human user (though the user may delegate those tasks to password management software). A key, by contrast, is intended for use by the software that is implementing the cryptographic algorithm, and so human readability etc. is not required. In fact, most users will, in most cases, be unaware of even the existence of the keys being used on their behalf by the security components of their everyday software applications.


If a [[password]] ''is'' used as an encryption key, then in a well-designed crypto system it would not be used as such on its own. This is because passwords tend to be human-readable and, hence, may not be particularly strong. To compensate, a good crypto system will use the ''password-acting-as-key'' not to perform the primary encryption task itself, but rather to act as an input to a [[key derivation function]] (KDF). That KDF uses the password as a starting point from which it will then generate the actual secure encryption key itself. Various methods such as adding a [[Salt (cryptography)|salt]] and key stretching may be used in the generation.
A password is less safe than a cryptographic key due to its low entropy, randomness, and human-readable properties. However, the password may be the only secret data that is accessible to the cryptographic algorithm for [[information security]] in some applications such as securing information in storage devices. Thus, a deterministic algorithm called a [[key derivation function]] (KDF) uses a password to generate the secure cryptographic keying material to compensate for the password's weakness. Various methods such as adding a [[Salt (cryptography)|salt]] or key stretching may be used in the generation.<ref name=NIST/>


== See also ==
== See also ==
{{Div col|colwidth=25em}}
{{Div col|colwidth=25em}}
* [[Cryptographic key types]] classification according to their usage
* [[Cryptographic key types]]
* [[Diceware]]
* [[Diceware]] describes a method of generating fairly easy-to-remember, yet fairly secure, passphrases, using only dice and a pencil.
* [[EKMS]]
* [[EKMS]]
* [[Group key]]
* [[Group key]]
Line 57: Line 69:
* [[Key stretching]]
* [[Key stretching]]
* [[Key-agreement protocol]]
* [[Key-agreement protocol]]
* [[List of cryptographic key types|glossary]] of concepts related to keys
* [[List of cryptographic key types|glossary]]
* [[Password psychology]]
* [[Password psychology]]
* [[Public key fingerprint]]
* [[Public key fingerprint]]
Line 74: Line 86:


<!-- Interlang -->
<!-- Interlang -->

<!-- Categories -->
<!-- Categories -->
[[Category:Cryptography]]
[[Category:Key management]]
[[Category:Key management]]

Latest revision as of 19:24, 28 November 2024

A key in cryptography is a piece of information, usually a string of numbers or letters that are stored in a file, which, when processed through a cryptographic algorithm, can encode or decode cryptographic data. Based on the used method, the key can be different sizes and varieties, but in all cases, the strength of the encryption relies on the security of the key being maintained. A key's security strength is dependent on its algorithm, the size of the key, the generation of the key, and the process of key exchange.

Scope

[edit]

The key is what is used to encrypt data from plaintext to ciphertext.[1] There are different methods for utilizing keys and encryption.

Symmetric cryptography

[edit]

Symmetric cryptography refers to the practice of the same key being used for both encryption and decryption.[2]

Asymmetric cryptography

[edit]

Asymmetric cryptography has separate keys for encrypting and decrypting.[3][4] These keys are known as the public and private keys, respectively.[5]

Purpose

[edit]

Since the key protects the confidentiality and integrity of the system, it is important to be kept secret from unauthorized parties. With public key cryptography, only the private key must be kept secret, but with symmetric cryptography, it is important to maintain the confidentiality of the key. Kerckhoff's principle states that the entire security of the cryptographic system relies on the secrecy of the key.[6]

Key sizes

[edit]
Main article: Key size

Key size is the number of bits in the key defined by the algorithm. This size defines the upper bound of the cryptographic algorithm's security.[7] The larger the key size, the longer it will take before the key is compromised by a brute force attack. Since perfect secrecy is not feasible for key algorithms, researches are now more focused on computational security.

In the past, keys were required to be a minimum of 40 bits in length, however, as technology advanced, these keys were being broken quicker and quicker. As a response, restrictions on symmetric keys were enhanced to be greater in size.

Currently, 2048 bit RSA[8] is commonly used, which is sufficient for current systems. However, current key sizes would all be cracked quickly with a powerful quantum computer.[citation needed]

“The keys used in public key cryptography have some mathematical structure. For example, public keys used in the RSA system are the product of two prime numbers. Thus public key systems require longer key lengths than symmetric systems for an equivalent level of security. 3072 bits is the suggested key length for systems based on factoring and integer discrete logarithms which aim to have security equivalent to a 128 bit symmetric cipher.”[9]

Key generation

[edit]
Main article: Key generation

To prevent a key from being guessed, keys need to be generated randomly and contain sufficient entropy. The problem of how to safely generate random keys is difficult and has been addressed in many ways by various cryptographic systems. A key can directly be generated by using the output of a Random Bit Generator (RBG), a system that generates a sequence of unpredictable and unbiased bits.[10] A RBG can be used to directly produce either a symmetric key or the random output for an asymmetric key pair generation. Alternatively, a key can also be indirectly created during a key-agreement transaction, from another key or from a password.[11]

Some operating systems include tools for "collecting" entropy from the timing of unpredictable operations such as disk drive head movements. For the production of small amounts of keying material, ordinary dice provide a good source of high-quality randomness.

Establishment scheme

[edit]
Main article: Key exchange

The security of a key is dependent on how a key is exchanged between parties. Establishing a secured communication channel is necessary so that outsiders cannot obtain the key. A key establishment scheme (or key exchange) is used to transfer an encryption key among entities. Key agreement and key transport are the two types of a key exchange scheme that are used to be  remotely exchanged between entities . In a key agreement scheme, a secret key, which is used between the sender and the receiver to encrypt and decrypt information, is set up to be sent indirectly. All parties exchange information (the shared secret) that permits each party to derive the secret key material. In a key transport scheme, encrypted keying material that is chosen by the sender is transported to the receiver. Either symmetric key or asymmetric key techniques can be used in both schemes.[11]

The Diffie–Hellman key exchange and Rivest-Shamir-Adleman (RSA) are the most two widely used key exchange algorithms.[12] In 1976, Whitfield Diffie and Martin Hellman constructed the Diffie–Hellman algorithm, which was the first public key algorithm. The Diffie–Hellman key exchange protocol allows key exchange over an insecure channel by electronically generating a shared key between two parties. On the other hand, RSA is a form of the asymmetric key system which consists of three steps: key generation, encryption, and decryption.[12]

Key confirmation delivers an assurance between the key confirmation recipient and provider that the shared keying materials are correct and established. The National Institute of Standards and Technology recommends key confirmation to be integrated into a key establishment scheme to validate its implementations.[11]

Management

[edit]
Main article: Key management

Key management concerns the generation, establishment, storage, usage and replacement of cryptographic keys. A key management system (KMS) typically includes three steps of establishing, storing and using keys. The base of security for the generation, storage, distribution, use and destruction of keys depends on successful key management protocols.[13]

Key vs password

[edit]

A password is a memorized series of characters including letters, digits, and other special symbols that are used to verify identity. It is often produced by a human user or a password management software to protect personal and sensitive information or generate cryptographic keys. Passwords are often created to be memorized by users and may contain non-random information such as dictionary words.[11] On the other hand, a key can help strengthen password protection by implementing a cryptographic algorithm which is difficult to guess or replace the password altogether. A key is generated based on random or pseudo-random data and can often be unreadable to humans.[14]

A password is less safe than a cryptographic key due to its low entropy, randomness, and human-readable properties. However, the password may be the only secret data that is accessible to the cryptographic algorithm for information security in some applications such as securing information in storage devices. Thus, a deterministic algorithm called a key derivation function (KDF) uses a password to generate the secure cryptographic keying material to compensate for the password's weakness. Various methods such as adding a salt or key stretching may be used in the generation.[11]

See also

[edit]

References

[edit]
  1. ^ Piper, Fred (2002), "Cryptography", Encyclopedia of Software Engineering, American Cancer Society, doi:10.1002/0471028959.sof070, ISBN 978-0-471-02895-6, retrieved 2021-04-09
  2. ^ "What is a cryptographic key? | Keys and SSL encryption".
  3. ^ "Asymmetric-Key Cryptography". www.cs.cornell.edu. Retrieved 2021-04-02.
  4. ^ Chandra, S.; Paira, S.; Alam, S. S.; Sanyal, G. (2014). "A comparative survey of Symmetric and Asymmetric Key Cryptography". 2014 International Conference on Electronics, Communication and Computational Engineering (ICECCE). pp. 83–93. doi:10.1109/ICECCE.2014.7086640. ISBN 978-1-4799-5748-4. S2CID 377667.
  5. ^ Kumar, M. G. V.; Ragupathy, U. S. (March 2016). "A Survey on current key issues and status in cryptography". 2016 International Conference on Wireless Communications, Signal Processing and Networking (WiSPNET). pp. 205–210. doi:10.1109/WiSPNET.2016.7566121. ISBN 978-1-4673-9338-6. S2CID 14794991.
  6. ^ Mrdovic, S.; Perunicic, B. (September 2008). "Kerckhoffs' principle for intrusion detection". Networks 2008 - the 13th International Telecommunications Network Strategy and Planning Symposium. Vol. Supplement. pp. 1–8. doi:10.1109/NETWKS.2008.6231360. ISBN 978-963-8111-68-5.
  7. ^ "What is Key Length? - Definition from Techopedia". Techopedia.com. 16 November 2011. Retrieved 2021-05-01.
  8. ^ Hellman, Martin. "An Overview of Public Key Cryptography" (PDF). IEEE Communications Magazine.
  9. ^ "Anatomy of a change – Google announces it will double its SSL key sizes". Naked Security. 2013-05-27. Archived from the original on 8 September 2023. Retrieved 2021-04-09.
  10. ^ Dang, Quynh (August 2012). "Recommendation for Applications Using Approved Hash Algorithms" (PDF). Retrieved 2021-04-02.
  11. ^ a b c d e Turan, M. S.; Barker, E. B.; Burr, W. E.; Chen, L. (2010). "Recommendation for password-based key derivation" (PDF). doi:10.6028/NIST.SP.800-132. S2CID 56801929. {{cite journal}}: Cite journal requires |journal= (help)
  12. ^ a b Yassein, M. B.; Aljawarneh, S.; Qawasmeh, E.; Mardini, W.; Khamayseh, Y. (2017). "Comprehensive study of symmetric key and asymmetric key encryption algorithms". 2017 International Conference on Engineering and Technology (ICET). pp. 1–7. doi:10.1109/ICEngTechnol.2017.8308215. ISBN 978-1-5386-1949-0. S2CID 3781693.
  13. ^ Barker, Elaine (January 2016). "Recommendation for Key Management" (PDF). Retrieved 2021-04-02.
  14. ^ Khillar, Sagar (29 April 2020). "Difference Between Encryption and Password Protection | Difference Between". Retrieved 2021-04-02.
Retrieved from "https://en.wikipedia.org/enwiki/w/index.php?title=Key_(cryptography)&oldid=1260085944"