Tag: Advanced Encryption Standard

The strength is in the keys


The main objective of cryptography is to provide a mechanism for two (or more) entities to communicate without any other entity being able to read or change the message. Along with this it can provide other services, such as:

  • Integrity check. This  makes sure that the message has not been tampered with by non-legitimate sources.
  • Providing authentication. This verifies the sender identity. Unfortunately most of the current Internet infrastructure has been build on a fairly open system, where users and devices can be easily spoofed, thus authentication is now a major factor in verifying users and devices.
Key-based encryption
Figure 1: Key-based encryption

One of the main problems with using a secret algorithm for encryption is that it is difficult to determine if Eve has found-out the algorithm used, thus most encryption methods use a key-based approach where an electronic key is applied to a well-known algorithm. Another problem with using different algorithms for the encryption is that it is often difficult to keep devising new algorithms and also to tell the receiving party that the text is being encrypted with the new algorithm. Thus, using electronic keys, there are no problems with everyone having the encryption/decryption algorithm, because without the key it should be computationally difficult to decrypt the message (Figure 1).

The three main methods of encryption are (Figure 2):

  • Encryption methods
    Figure 2: Encryption methods

    Symmetric key-based encryption. This involves the same key being applied to the encrypted data, in order that the original data is recovered. Typical methods are DES, 3DES, RC2, RC4, AES, and so on.

  • Asymmetric key-based encryption. This involves using a different key to decrypt the encrypted data, in order that the original data is recovered. A typical method is RSA, DSA and El Gamal.
  • One-way hash functions. With this it is not possible to recover the original source information, but the mapping between the value and the hashed value is known. The one-way hash function is typically used in authentication applications, such as generating a hash value for a message. The two main methods are MD5 and SHA-1, and it is also used in password hashing applications, where a password is hashed with a one-way function, and the result is stored. This is the case in Windows and UNIX login, where the password is stored as a hash value. Unfortunately, if the password is not a strong one, the hash value is often prone to a dictionary-type attack, where an intruder tries many different passwords and hashes them, and then compares it with the stored one.

Generate your own keys

In order for you to see what keys look like, I’ve created a Web page where you can generate your own keys:


For example, we I use “fred” as the pass phrase and for aes-128-cbc (128-bit AES with CBC – Chained Block Cipher), I get:

iv =6D55F343E0D60985564D2D51D44C40D0

but when I try it again I get:

iv =247BF2166C1672CA935829B75F814EA4

In this way the salt, the key and the IV value all change, so that they cannot be easily guessed. The salt value allows us to create a difficult to crack hash value, and the IV value allows for the ciphertext to change with the same message. The trick is to add randomness into the generation, so that Eve cannot guess what the generated values are.

Obviously the size of the key will vary with the number of bits in the key, so if we use AES-256 CBC we get:

iv =8CE70C8998BB237997BFA9ED4B75A587

which shows that the encryption key is twice as long (but the salt and the IV values stay the same).

I’ll cover computational difficulty in the next article….