This preview shows page 1. Sign up to view the full content.
Unformatted text preview: it is to find them in cryptosystems. Alice and Bob must protect their key to the same degree as all the data it encrypts. If a key isn’t changed regularly, this can be an enormous amount of data. Unfortunately, many commercial products simply proclaim “We use DES” and forget about everything else. The results are not very impressive. For example, the DiskLock program for Macintosh (version 2.1), sold at most software stores, claims the security of DES encryption. It encrypts files using DES. Its implementation of the DES algorithm is correct. However, DiskLock stores the DES key with the encrypted file. If you know where to look for the key, and want to read a file encrypted with DiskLock’s DES, recover the key from the encrypted file and then decrypt the file. It doesn’t matter that this program uses DES encryption—the implementation is completely insecure. Further information on key management can be found in [457,98,1273,1225,775,357]. The following sections discuss some of the issues and solutions. 8.1 Generating Keys
The security of an algorithm rests in the key. If you’re using a cryptographically weak process to generate keys, then your whole system is weak. Eve need not cryptanalyze your encryption algorithm; she can cryptanalyze your key generation algorithm. Reduced Keyspaces
DES has a 56bit key. Implemented properly, any 56bit string can be the key; there are 256 (1016) possible keys. Norton Discreet for MSDOS (versions 8.0 and earlier) only allows ASCII keys, forcing the highorder bit of each byte to be zero. The program also converts lowercase letters to uppercase (so the fifth bit of each byte is always the opposite of the sixth bit) and ignores the loworder bit of each byte, resulting in only 240 possible keys. These poor key generation procedures have made its DES ten thousand times easier to break than a proper implementation. Table 8.1 gives the number of possible keys with various constraints on the input strings. Table 8.2 gives the time required for an exhaustive search through all of those keys, given a million attempts per second. Remember, there is very little time dif...
View
Full
Document
This note was uploaded on 10/18/2010 for the course MATH CS 301 taught by Professor Aliulger during the Fall '10 term at Koç University.
 Fall '10
 ALIULGER
 Cryptography

Click to edit the document details