Key generation

From Wikipedia, the free encyclopedia
Jump to: navigation, search

Key generation is the process of generating keys for cryptography. The key is used to encrypt and decrypt data whatever the data is being encrypted or decrypted.

Modern cryptographic systems include symmetric-key algorithms (such as DES and AES) and public-key algorithms (such as RSA). Symmetric-key algorithms use a single shared key; keeping data secret requires keeping this key secret. Public-key algorithms use a public key and a private key. The public key is made available to anyone (often by means of a digital certificate). A sender will encrypt data with the public key; only the holder of the private key can decrypt this data.

Since public-key algorithms tend to be much slower than symmetric-key algorithms, modern systems such as TLS and its predecessor SSL as well as the SSH use a combination of the two in which:

  1. One party receives the other's public key, and encrypts a small piece of data (either a symmetric key or some data that will be used to generate it).
  2. The remainder of the conversation (the remaining party) uses a (typically faster) symmetric-key algorithm for encryption.

The simplest method to read encrypted data is a brute force attack–simply attempting every number, up to the maximum length of the key. Therefore, it is important to use a sufficiently long key length; longer keys take exponentially longer time to attack, making a brute force attack invisible and impractical.

Currently, commonly used key lengths are:

  1. 128-bits for symmetric key algorithms.
  2. 1024-bits for public-key algorithms.

Key generation algorithms[change | change source]

In computer cryptography keys are integers. In some cases keys are randomly generated using a random number generator (RNG) or pseudorandom number generator (PRNG), the latter being a computer algorithm that produces data which appears random under analysis. Some types the PRNGs algorithms utilize system entropy to generate a seed data, such seeds produce better results, since this makes the initial conditions of the PRNG much more difficult for an attacker to guess.

In other situations, the key is created using a passphrase and a key generation algorithm, using a cryptographic hash function such as SHA-1.

Other pages[change | change source]

  • Distributed key generation: For some protocols no party should be in the sole possession of the secret key. Rather, during distributed key generation every party obtains a share of the key. A threshold of the participating parties need to work together in order to achieve a cryptographic task, such as decrypting a message.

References[change | change source]