Cryptography Overview

Normally, the mixing is a message digest. This makes the task of getting from password to key very time-consuming for an attacker. Digesting a password with a salt helps thwart dictionary attacks. An attacker could put together a “dictionary” of keys generated from likely passwords, and try out each key on encrypted data. This would greatly reduce the amount of work necessary to find the key and may make it feasible to recover encrypted material. With a salt, the attacker would have to create a dictionary of keys generated from each password, but each password would then have to have a dictionary of each possible salt.

Crypto-C uses the methods described in PKCS v1.5 to implement password-based encryption. The methods use a message digest algorithm with a specific means of padding to increase the search space for dictionary attacks against the key. The applicable Algorithm Information Types (AIs) are: AI_MD2WithDES_*, AI_MD2WithRC2_*, AI_MD5WithDES_*, AI_MD5WithRC2_*, and AI_SHA1WithDES_*.

Password

Pseudo-random

Salt

bytes

 

Key

Message digest

I V

8 bytes

8 bytes

Figure 3-8DES Key and IV Generation for Password Based Encryption

Public-Key Cryptography

In 1976, Stanford graduate student Whitfield Diffie and Stanford professor Martin Hellman invented public-key cryptography. In this system, each person owns a pair of keys, called the public key and the private key. The owner of each key pair publishes the public key and keeps the private key secret.

Suppose Alice wants to send a message to Bob. She finds his public key and encrypts

5 0

R S A B S A F E C r y p t o - C D e v e l o p e r ’s G u i d e

Page 72
Image 72
RSA Security 5.2.2 manual Public-Key Cryptography, 8DES Key and IV Generation for Password Based Encryption