In cryptography, a shared secret is a piece of data only known to the parties involved in a secure communication. The shared secret can be a password, a passphrase, a big number or an array of randomly chosen bytes.
The shared secret is either shared before parties start to communicate; in this case it can also be called a pre-shared key. Or it is created at the start of the communication session by using a key-agreement protocol, for-instance using public-key cryptography such as Diffie-Hellman or using symmetric-key cryptography such as Kerberos.
The shared secret can be used for authentication (for instance when logging in to a remote system) using methods such as challenge-response or it can be fed to a key derivation function to produce one or more keys to use for encryption and/or MACing of messages.
References[change | edit source]
- Handbook of Applied Cryptography by Menezes, van Oorschot and Vanstone (2001), chapter 10 and 12.