Master-Key Cryptosystems
We initiate the study of a new class of secret-key cryptosystems, called master-key cryptosystems (MKCSs), in which an authorized third party (hereinafter called "the government," although it need not literally be one) possesses a "master key" that allows efficient recovery of the cleartext without knowledge of the session key.
Read the Article
|
Minimal Key Lengths for Symmetric Ciphers to Provide Adequate Commercial Security
Encryption plays an essential role in protecting the privacy of electronic information against threats from a variety of potential attackers. In so doing, modern cryptography employs a combination of conventional or symmetric cryptographic systems for encrypting data and public key or asymmetric systems for managing the keys used by the symmetric systems.
Read the Article
|
Protecting Secret Keys with Personal Entropy
Conventional encryption technology often requires users to protect a secret key by selecting a password or passphrase. While a good passphrase will only be known to the user, it also has the flaw that it must be remembered exactly in order to recover the secret key. As time passes, the ability to remember the passphrase fades and the user may eventually lose access to the secret key. We propose a scheme whereby a user can protect a secret key using the personal entropy" in his own life, by encrypting the passphrase using the answers to several personal questions. We designed the scheme so the user can forget answers to a subset of the questions and still recover the secret key, while an attacker must learn the answer to a large subset of the questions in order to recover the secret key.
Read the Article
|
Password Based Cryptography
The following document provides a guideline for implementation of password-based (symmetric) cryptography. The goal of this guideline is to provide a relatively simple and secure implementation. The document follows the PKCS#5 v2 standard in all aspects except for the message format. The message is instead stored in XML rather then ASN.1.
Read the Article
|
Keeping Your Private Files Private: An Introduction to GNU Privacy Guard.
This week's article is an introduction to cryptography using GNU Privacy Guard.
Read the Article
|
Using PGP to Verify Digital Signatures
PGP stands for Pretty Good Privacy. It is a computer program that uses mathematical algorithms to encrypt files and protect them from unauthorized access. It is also used to digitally sign and verify documents. Versions of the PGP program are available for most popular computer operating systems-Microsoft Windows, MacOS, and UNIX, to name a few.
Read the Article
|
Building a Secured OS for a Root Certificate Authority
This paper discusses the procedures necessary for securing an installation of Red Hat Enterprise Server 2.1 in support of a root certificate authority that will eventually function in the Higher Education Bridge Certificate Authority. As a basis of evaluation, the Federal Bridge Certificate Authority requirements will be used to provide guidance for assembling the certificate authority, as published by the Higher Education Public Key Infrastructure Policy Activities Group.
Read the Article
|
Cryptography 2000 10
Cryptography is both a fascinating mathematical science and a key technology for the emerging information society, with theory and applications being closely related. This article reviews some highlights of the past ten years of research in cryptography and its applications and discusses some of the main challenges for future research.
Read the Article
|
Security Implications of Hardware vs. Software Cryptographic Modules
Cryptographic modules can be implemented either by hardware or by software. Whereas software implementations are known for being easier to develop and to maintain, when it comes to cryptographic modules or security-related applications in general, software implementations are significantly less secure than their hardware equivalents. The reason for this is due mostly to the fact that software solutions make use of shared memory space, are running on top of an operating system and are more fluid in terms of ease of modification.
Read the Article
|
Key Iterations & Cryptographic Salts
One of the most powerful attacks one can mount on encrypted data is a Dictionary Attack. A dictionary attack is a form of a brute force attack, which simply tries every single combination of a key against encrypted data. However, in most cases, this is not needed. User passphrases are unfortunately sometimes based on real words, dates, names, etc. We can eliminate most of the pass-phrase combinations by simply testing for most probable 30,000 words. An English dictionary is a good place to start, hence the term Dictionary Attack. This means that a key with a 128 bit key space, which has 3.4 x 1038 possible combinations, has just been reduced to just over 30,000 (somewhere between 11 and 12 bits). A computer that can process just 1 pass-phrase per second can run through the dictionary in just over 8 hours.
Read the Article
|
