Keys - PowerPoint PPT Presentation

1 / 14
About This Presentation
Title:

Keys

Description:

Keys & Key Management Chapters 7, 8 Keys Symmetric Length Public Key Length Key Management Generating, Using, Storing Keys Backup Keys Destroying Keys – PowerPoint PPT presentation

Number of Views:66
Avg rating:3.0/5.0
Slides: 15
Provided by: souEdu
Learn more at: http://webpages.sou.edu
Category:
Tags: issuer | keys

less

Transcript and Presenter's Notes

Title: Keys


1
Keys Key ManagementChapters 7, 8
  • Keys
  • Symmetric Length
  • Public Key Length
  • Key Management
  • Generating, Using, Storing Keys
  • Backup Keys
  • Destroying Keys

2
Symmetric Key Length
  • Keys
  • Symmetric Length
  • Depends on algorithm
  • DES 56 bits or 112 bits
  • AES 128, 196, or 256
  • Key space of possible keys
  • DES key space 256
  • AES key space 2256

3
Public Key Length
  • Keys
  • Depend on the product of two very large primes
  • Easy to multiply
  • Hard to factor
  • Cracking Public key crypto depends on factoring
    very large numbers

4
Current Recommendations
  • For confidentiality beyond 2030 use 3072 bit keys
    for both RSA and D-H.
  • 3072 bit keys for RSA is equivalent to 128 bit
    AES keys
  • For more secure asymmetric encryption you have to
    use Elliptic Curve Cryptography
  • ECC Keys should be twice the length of the AES
    key length

5
Factoring Methods
  • General number sieve
  • 2048 bit numbers 31020 mip-years
  • Special number field sieve
  • 2048 bit numbers 41014 mip-years

6
Generating Keys
  • Bad/weak keys
  • Some keys are very weak, some are poor choices
  • Some are prone to dictionary attacks
  • Random symmetric keys
  • Must test for know weak keys for an algorithm

7
Generating Keys
  • Key generation
  • Hash of passwords
  • Hash of pass phrases
  • Information theory
  • English 1.3 bits of info per 8 bit character
  • 10 words 49 characters 64 bit key

8
Distributing Keys
  • Large networks have large problems
  • 6 person networks require 15 key exchanges
  • 1000 person network networks require 500,000 key
    exchanges
  • A very good random number generator is required

9
Using Keys
  • Key storage
  • Sits on disk subject to forensic exam, nosey
    co-worker, etc.
  • Who uses the key

10
Storing Keys
  • Magnetic card stripes
  • Smart cards
  • RFIDs
  • Some key host
  • Key escrow server

11
Backup Keys
  • What if
  • The key owner forgets
  • The key owner quits
  • The key owner dies
  • The computer is stolen/destroyed

12
Destroying Keys
  • Keys have a limited lifetime
  • Validation that the key is destroyed
  • Ket storage medium must be completely destroyed

13
Key Management
  • PKI Public Key Infrastructure
  • X.509 is the generally accepted standard for PKI
    held by ITU
  • IETF X.509 working group pkix
  • MIL uses it.

14
Certificate Data Version 1 (0x0) Serial
Number 7829 (0x1e95) Signature Algorithm
md5WithRSAEncryption Issuer CZA, STWestern
Cape, LCape Town, OThawte Consulting cc,
OUCertification Services Division, CNThawte
Server CA/emailAddressserver-certs_at_thawte.com
Validity Not Before Jul 9 160402 1998 GMT Not
After Jul 9 160402 1999 GMT Subject CUS,
STMaryland, LPasadena, OBrent Baccala,
OUFreeSoft, CNwww.freesoft.org/emailAddressbacc
ala_at_freesoft.org Subject Public Key Info Public
Key Algorithm rsaEncryption RSA Public Key
(1024 bit) Modulus (1024 bit) 00b431980ac4b
c62c188aadcb0c8bb 333519d50c64b93d
41b296fcf331e1 6636d08e561244ba75
ebe81c9c5b66 70335214c9ec4f9151703
9de538517 16946eeef4d56fd5cab3475e
1b0c7b c5cc2b6bc190c316310dbf7ac7
4777 8fa021c74cd0166500c10fd7b880e
3 d2756bc1ea9e5c5cea7dc1a110bcb8
e8351c9e27527e418f Exponent 65537
(0x10001) Signature Algorithm md5WithRSAEncryptio
n 935f8f5fc5afbf0aaba56dfb245fb659
5d9d 922e4a1b8bac7d99175dcd19f6ade
f632f92 ab2f4bcf0a1390ee2c0e4303be
f6ea8e9c67 d0a24003f7ef6a150979a9
46edb7161b4172 0d19aaaddd9adfab975
065f55e85a6ef19d1 5ade9dea63cdcbcc
6d5d0185b56dc8f3d9f7
8f0efcba1f34e9966e6ccff2ef9bbfdeb5
22 689f To
Write a Comment
User Comments (0)
About PowerShow.com