# Protecting the Keys to the Kingdom

• October 10th, 2004, 04:34 AM
Relyt
Protecting the Keys to the Kingdom
Protecting the Keys to the Kingdom

Cryptography has been around for eons. In fact countries, businesses, spies, and so forth, employ it today and it’s no secret Julius Caesar practiced it as well. In his particular crypto, in a predetermined pattern, he would simply exchange one character for another in a message and thus it was encrypted. That pattern of movement or similar exchanges would be considered a “Key”. A simplistic example would be: the letter “a” would become the letter “e”, the letter “b” would become the letter “f”, etc. Then utilizing the “Key” to reverse the pattern, the message could be deciphered. For as long as encryption has been around, protecting the “Key” was and is paramount! If Caesar’s enemies were able to get their hands on his “Key”, it would have been mere child’s play to decrypt his messages and endanger his empire (sooner). In our time, the quest to obtain an enemy’s “Keys” continues. With the weapons of war becoming more lethal and accurate in their deployment, imagine a foreign enemy acquiring the “Keys” to your military’s encryption!

There are still some that will shout, “The secrecy of the algorithm is more important!” That statement is simply not true. An Algorithm that is kept hidden and not tried by the fire of analysts and crackers will not be as strong as one that is. So if you develop algorithms obviously you will want to publish them so everyone can take a poke at them. Then as one flaw is discovered, you can fix it and as successive patches are needed and applied, it will become stronger and stronger. So in the long run if you want to make it tougher on the deviants then turn them loose and let everyone bang away at you work. Thus the strength of the algorithm not its secrecy is more of a factor in how long it takes to crack the “Key”.

A few abbreviated definitions related to “Keys”, that you should be aware of:

Hash – a one-way encryption that cannot be decrypted. Commonly used with passwords (i.e. when the password passes through the “Hash”, it is stored in that state. When the password is required again for access to the account, computer, or whatever, the person enters the password. It is also encrypted using the “Hash”. Once that takes place, the two hashes are compared. If they match then access is granted.) On a security standpoint, the “Hash” provides a reasonable manner in which to store passwords.

Symmetric – a single key is utilized to encrypt and decrypt. If you are employing “Symmetric Encryption”, you must make absolutely sure that any transmission of the key is completed in the most secure means!

Asymmetric: a key pair – one private and one public. To employ this key pair, you would transmit your public key to a person that needed to send you an encrypted message. When that person was ready, they would use your public key to encrypt the message. Once in encrypted in that manner, the only way the message can be decrypted is by use of your private key. Protect that private key!

Other items you may want to study up on if you are considering transmitting your “Keys to the Kingdom”:

Secure versus Trusted Mediums, the Diffie-Hellman Key Exchange or similar procedures, MD5, Triple-DES, etc.

As discussed, crypto is based on “Keys”. As such it is reasonable to assume that given sufficient time, all crypto can be cracked by “Brute Force” (trying every possible key combination). A very simple example is found here: where clusters were employed to expedite password cracking. To expedite a “Key” compromise, clusters could also be employed in a Brute Force Attack.

With that in mind, the answer to keeping your secrets rests with the strength of the algorithm and how well you keep secret, the “Keys to Your Kingdom”. You should bear in mind that if your nemesis is able to acquire even a small part of the “Key”, then some of the message could be deciphered. And then as she progresses with her attacks it won’t be long and the whole “Key” will be discovered along with your message. So what do we do?