Security Considerations

that ensure allocation of core memory, and not of virtual memory.

It is a good idea to generate new public/private key pairs every so often to thwart long-term factoring attacks. Material encrypted using the old key pair should be re- encrypted with the new. However, an application may not have access to all material protected by an old key pair, so it may be necessary to retain old key pairs in a secure environment.

Temporary Buffers

Even though a temporary buffer may not contain a private key, it still may hold sensitive data, such as a message to be encrypted or a symmetric key. Such temporary buffers require the same security as private-key buffers. After using the data, overwrite the buffer with zeroes or random bytes. Make sure the operating system uses core memory and not hard disk virtual memory.

Pseudo-Random Numbers and Seed Generation

Crypto-C uses pseudo-random number algorithms for generating both symmetric keys and public/private key pairs. The random number generation algorithms are the same as the message digest algorithms, and are verified to have very high degree of randomness.

Any method that is employed to generate random values begins with a random seed. The security issue then becomes one of making sure that an attacker cannot determine the seed. Generally, any random number generator will produce pseudo-random numbers, given any seed. Therefore, to generate a random number, you do not need to start with a seed that is itself random. However, the seed should be “unrepeatable.” That is, no one should be able to apply some sort of algorithm that can “guess” the seed in a reasonable amount of time.

For instance, suppose that a message was encrypted using the RC2 cipher with 80 effective key bits from 10 bytes of key data, but that the key data was generated using an MD5 random byte-generating algorithm with a 4-byte seed. An attacker could try every possible 10-byte key combination to crack the message, or could try every 4- byte seed combination to generate 10 bytes of key data. Further, suppose that 4-byte seed was the time of day. Now the attacker has an even smaller range of possible seeds to test before finding the right one.

The seed should contain at least as many unrepeatable bits as the key. If the seed is based on a user’s typing a series of letters and characters on the keyboard, then an

9 2

R S A B S A F E C r y p t o - C D e v e l o p e r ’s G u i d e

Page 114
Image 114
RSA Security 5.2.2 manual Temporary Buffers, Pseudo-Random Numbers and Seed Generation