Key doubts in symmetric cryptography

3

Hello, searching for li encryption on symmetric, asymmetric encryption, digital signature ...

But I have a question, when we use software like TrueCrypt, KeePass or the like, is the encryption key the password we choose? Or is the key and password different?

If things are different, is it worthwhile to conclude that it matters little whether encryption uses 8-bit or 4096-bit keys if the password is weak, the encrypted file will be vulnerable?

Are these keys files on HD or other storage devices? Is it possible for me to have direct access to them?

    
asked by anonymous 26.02.2015 / 16:59

2 answers

1

A password is something to be memorized by the user, and possibly also chosen by the user. In general, passwords have low entropy . >, that is, although the potential number of password candidates (ie all strings) is very large to infinity, "real" passwords - those that people tend to choose, or even think about - are much smaller . For this reason, it is estimated that users' passwords will have a "security" of X bits, and work under this assumption - even if individual users can choose stronger or weaker passwords.

A key is a sequence of bits used in a cryptographic procedure. Since each algorithm requires a key of predetermined size, a key of that exact size is required for use in that algorithm. For this reason, you can not use passwords directly as keys, you need to transform them according to any process, so that the resulting key is the correct size.

So answering your first question, password and key are different things.

The process that turns passwords into keys can vary widely, but one thing is certain: if the entry is the same password, the output will be the same key. Thus, if there are N distinct passwords that can be used, there will only be at most N distinct keys (may be less, since two different passwords may derive the same key). And if these N's, only M are "reasonable" passwords (i.e. that have any chance of being chosen by a user), then one can expect that there were M distinct keys, at least in 99% of cases.

In response to your second question, in fact, if the password is weak, the file becomes vulnerable. It should be noted, however, that using overly small (8-bit type) keys leaves the file vulnerable even when the password is strong, while using a larger key at least gives you the chance to use a password and have reasonable protection. The choice of key size should therefore be given by the characteristics of the chosen algorithm (eg a 256-bit ECC key has about the same security as a 3072-bit key for RSA).

As for your last question, programs like TrueCrypt and KeePass do not store the generated key anywhere - even if your computer was compromised, the attacker would only have to find the file with the key to decrypt your files ... Instead, the encryption key is derived from the password, and this is done again and again each time you want to gain access to your content. While you are using , however, the key is left in memory, being discarded only when you finish using it (eg you set up a TrueCrypt volume, it derived the key from your password, and saved the key in memory, you use this volume for a certain time, and when you decide to unmount it, the key is erased from memory). This may or may not be a risk, depending on how it was implemented (eg, whether the system has paged, or has given BSOD and a core dump was put on file, the key may be present on your hard drive without you even realizing it.)

Finally a note about the key derivation process: it is known that the passwords chosen by the user are usually weak, and little can be done about it (a # says that computers are getting faster and faster over time - allowing them to test more and more passwords in a short time - but our brains strong> are no better at remembering strong passwords, so it is inevitable that the relative strength of passwords will become worse and worse as time passes.) To counter this, we try to use key derivation processes that are purposely slow , that is, it takes several seconds (or even minutes) to generate the key from the same password in hardware . This ensures that even if the number of password candidates to be tested remains small, the time required to test all of them is quite large. This defense may not be enough to "save" a bad password, but is considered sufficient for "normal" passwords to still be viable in practice.

    
04.03.2015 / 00:38
1

I am not an expert in cryptography, but I read a lot about it and am very interested. Your question is a bit broad and the subject too. If we talk about cryptography there are several standards like: AES , RSA , OpenPGP ... There are also one-way hash patterns like

, SHA-2 , SHA-256 ...

But taking the KeePass example (which I use). It uses the AES standard, according to the official website:

  

KeePass supports the Advanced Encryption Standard (AES, Rijndael) and   the Twofish algorithm to encrypt its password databases. Both of these   ciphers are considered to be very secure. AES e.g. became effective   as a Federal government standard and is approved by the National   Security Agency (NSA) for top secret information.

What does this tell us?

This tells us that KeePass uses the AES standard to encrypt the base of passwords and other fields that you keep in kdbx files. But if you use KeePass, you may have noticed that you can copy the passwords, right? So they need to be encrypted and decrypted back. AES allows this.

With a key (I believe the KeePass that defines the key by default and are 256-bit keys) it encrypts and decrypts the password database.

About Hash

Now let's go to the next part. KeePass also asks for a master password, called Master Password . About this Master Password the official website tells us:

  

SHA-256 is used as password hash. SHA-256 is a 256-bit   cryptographically secure one-way hash function. Your master password   is hashed using this algorithm and its output is used as key for the   encryption algorithms. In contrast to many other hashing algorithms,   no attacks are known yet against SHA-256.

Here it is already a more common situation that we found by almost all the internet. We have defined a password to access the content, in this case the kdbx file. If the password is correct, access it, otherwise deny access. However, this password is not saved in the "full text" form as this would be a serious security flaw. Then a password hash is created using the SHA-256 algorithm and then saved.

Once the hash has been created, there is no turning back. That is, there is no recovery. So when you lose your password, most sites will make you create a new password. If the site sends your password in the email, make sure that site is insecure.

About weak and strong passwords

The issue of weak or strong passwords is for protection against brute-force attacks, dictionaries, raibow tables ... It's easier to guess easy passwords.

See more about brute-force attacks here .

About the keys

They are simple sequences of bytes. If they are bytes they can be stored anywhere: HD, Database, memory, pendrives ... It imports yes if the key is 8 bits or 4096 bits. The higher the key, the more security (the hacker will spend a lot more time trying to guess a larger key), but more processing time will be spent encrypting / decrypting information.

Practical Java example

I got an example of Java code on the web, I adapted it and simplified it. It's working. It encrypts and decrypts a sentence using AES. Take a look. I think it's easy to understand.

import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;

public class Crypt {

    // Chave
    private static byte[] key = { 0x74, 0x68, 0x69, 0x73, 0x49, 0x73, 0x41,
            0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x4b, 0x65, 0x79 };

    public static void main(String[] args) {
        String info = "Frase a ser criptografada";

        // Criptografa
        byte[] fraseCriptografada = Crypt.encrypt(info);

        for(byte b : fraseCriptografada) {
            System.out.print(b);
        }
        System.out.println();

        // Decriptografa a Frase
        String fraseDecript = Crypt.decrypt(fraseCriptografada);
        System.out.println(fraseDecript);

    }

    public static byte[] encrypt(String strToEncrypt) {
        byte[] encryptedString = null;

        try {
            Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
            SecretKeySpec secretKey = new SecretKeySpec(key, "AES");
            cipher.init(Cipher.ENCRYPT_MODE, secretKey);
            encryptedString = cipher.doFinal(strToEncrypt.getBytes());

        } catch (Exception e) {
            e.printStackTrace();
        }
        return encryptedString;

    }

    public static String decrypt(byte[] byteToDecrypt) {
        String decryptedString = null;

        try {
            Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5PADDING");
            SecretKeySpec secretKey = new SecretKeySpec(key, "AES");
            cipher.init(Cipher.DECRYPT_MODE, secretKey);
            decryptedString = new String(cipher.doFinal(byteToDecrypt));

        } catch (Exception e) {
            e.printStackTrace();

        }

        return decryptedString;
    }
}

Example console output above:

-82-704594-7111794-17-59262-52-9734-27110-1143353-74-8794-8710211643-16-1111178741103
Frase a ser criptografada
    
27.02.2015 / 03:58