Security Considerations
92 RSA BSAFE Crypto-C Developers Guide
that ensure allocation of core memory, and not of virtual memory.
It is a good idea to generate new public/private key pairs every so often to thwart
long-term factoring attacks. Material encrypted using the old key pair should be re-
encrypted with the new. However, an application may not have access to all material
protected by an old key pair, so it may be necessary to retain old key pairs in a secure
environment.
Temporary Buffers
Even though a temporary buffer may not contain a private key, it still may hold
sensitive data, such as a message to be encrypted or a symmetric key. Such temporary
buffers require the same security as private-key buffers. After using the data,
overwrite the buffer with zeroes or random bytes. Make sure the operating system
uses core memory and not hard disk virtual memory.
Pseudo-Random Numbers and Seed Generation
Crypto-C uses pseudo-random number algorithms for generating both symmetric
keys and public/private key pairs. The random number generation algorithms are the
same as the message digest algorithms, and are verified to have very high degree of
randomness.
Any method that is employed to generate random values begins with a random seed.
The security issue then becomes one of making sure that an attacker cannot determine
the seed. Generally, any random number generator will produce pseudo-random
numbers, given any seed. Therefore, to generate a random number, you do not need
to start with a seed that is itself random. However, the seed should be unrepeatable.
That is, no one should be able to apply some sort of algorithm that can guess the
seed in a reasonable amount of time.
For instance, suppose that a message was encrypted using the RC2 cipher with 80
effective key bits from 10 bytes of key data, but that the key data was generated using
an MD5 random byte-generating algorithm with a 4-byte seed. An attacker could try
every possible 10-byte key combination to crack the message, or could try every 4-
byte seed combination to generate 10 bytes of key data. Further, suppose that 4-byte
seed was the time of day. Now the attacker has an even smaller range of possible
seeds to test before finding the right one.
The seed should contain at least as many unrepeatable bits as the key. If the seed is
based on a users typing a series of letters and characters on the keyboard, then an