Security Considerations

=(r-1)(r)(md)

=(1)(md) mod n

Crypto-C offers both blinding and non-blinding RSA private operations through separate algorithm methods. It currently offers no blinding technique in Diffie- Hellman or DSA operations.

Crypto-C uses MD5 random number generation to produce the random value r. The seed is the following digest:

MD5(p padP MD5(q padQ m))

where p and q are the two primes, padP and padQ are paddings of zeros to make sure the length is a multiple of 64 bytes, and the symbol means concatenation. An attacker will not know what r is without knowing what the seed is, and will not know what the seed is without knowing what p and q are. An attacker who knows p and q is not going to implement a timing attack to determine the private key, because knowledge of p and q is equivalent to knowledge of the private key already.

Choosing Key Sizes

In cryptography, security is measured in key size: the bigger the key, the greater the security. Key size, in turn, is measured in bits. However, that bit number might not describe the entire key.

For instance, a DES key is 56 bits. However, that size refers to its cryptographic size, not its “physical” size. To build a DES key, you need 64 bits, but because eight of those bits are “parity bits,” that is, bits that are known, out of the 64, you really only get 56 secret bits. Hence, a DES key, while consisting of 64 bits of data, is only 56 cryptographic bits large.

An RSA key pair measurement describes the modulus length. When cryptographers talk about a “768-bit RSA key pair,” what they really mean is that the modulus is 768 bits long. The security of an RSA key pair is tied up in how big the modulus is; hence, the measurement used is the bit size of the modulus. The actual keys themselves will contain more information than the modulus, so the “physical” size will be much larger.

In choosing a key size, if larger keys offer greater security, why not simply always choose the largest possible key? Larger RSA, Diffie-Hellman, DSA, and elliptic curve keys can slow down cryptographic operations.

For the RC2, RC4, and RC5 ciphers, larger keys generally do not significantly degrade performance. However, larger keys do require more management.

C h a p t e r 3 C r y p t o g r a p h y

9 7

Page 118 Page 120
Page 119
Image 119
RSA Security 5.2.2 manual Choosing Key Sizes, MD5p padP MD5q padQ m
Page 118 Page 120
Top Page Image Contents