Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

how encryption keys being generated?


  • Please log in to reply
9 replies to this topic

#1 amichaipinto

amichaipinto

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:28 AM

Posted 20 February 2018 - 05:59 AM

Hi All,

 

I'm a novice and was unable to understand the correct procedure in regards to how symmetric encryption algorithms (like DES/3DES/AES) generate the encryption key?

 

For example, DES has key size of 56 bits, AES has 128/192/256 bits,

 

When the end user need to use the encryption and select a key, the user select a short key (like password or passphrase), the user don't select manually a 128 bit keys, it must be something understandable for humans, especially if there is a need to provide it to the other party (as it is a symmetric encryption), and all the user need to know is the key,

 

is it correct to say that the encryption algorithm is using a hashing algorithm to convert the password or passphrase the user selected to the encryption key, which will be in the correct size required for the encryption?

 

If yes, what hash algorithm is used in DES and AES ?

 

Thanks in advance for your help



BC AdBot (Login to Remove)

 


#2 axe0

axe0

  • Malware Study Hall Junior
  • 329 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Netherlands
  • Local time:04:28 AM

Posted 25 February 2018 - 08:24 AM

Hi amichaipinto,

 

Welcome to BC.

 

 

No, the encryption algorithm is not using any hash algorithm to convert something. Hashes are not meant to be turned back into strings, using a hash algorithm within an encryption algorithm wouldn't be logical as you wouldn't be able to decrypt the string even with the right key.


Kind regards,
Axe0

#3 gekas

gekas

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 25 February 2018 - 03:44 PM

is it correct to say that the encryption algorithm is using a hashing algorithm to convert the password or passphrase the user selected to the encryption key, which will be in the correct size required for the encryption?

 

Well, it is not quite correct. You are absolutely right that hashing is used to convert a textual password to a fixed-size binary key. But that has nothing to do with encryption algorithms. Ciphers like DES and AES do not accept passwords; they accept fixed-size binary keys, which they don't need to hash. Preparing the key is the responsibility of the program that uses the cipher.



#4 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,705 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:28 AM

Posted 25 February 2018 - 06:25 PM

Simply put, there are 2 main methods used to generate a key for encryption:

 

1) using a key derivation function, that converts a password into a key: https://en.wikipedia.org/wiki/Key_derivation_function

2) generating a key with a cryptographic random number generator, and then protect with another algorithm, like public key crypto.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#5 amichaipinto

amichaipinto
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:28 AM

Posted 26 February 2018 - 03:11 AM

Thank you for your answers,

 

I'm unable to understand what is the difference between a key derivation function and a hash function,

 

Why hashing can't be used as a key derivation function?

If both parties know the input, both parties can use a hash function to convert the input to the same cryptographic key (and the cryptographic key will perform the encryption/decryption),

 

Can someone please elaborate what is the difference ?

 

Thanks,



#6 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,705 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:28 AM

Posted 26 February 2018 - 11:32 AM

Hashing can be used as a key derivation function. If you look into the Wikipedia article I linked too, you will read:

 

 

Keyed cryptographic hash functions are popular examples of pseudorandom functions used for key derivation.

 

 

However, one common trait of hashing functions, is that they are fast. That implies that password cracking (dictionary or brute-force) is a viable attack.

 

There are key derivation functions that are much slower, and thus make password cracking no longer a viable option.

 

 

Modern password-based key derivation functions, such as PBKDF2 (specified in RFC 2898), use a cryptographic hash, such as SHA-2, more salt (e.g. 64 bits and greater) and a high iteration count (often tens or hundreds of thousands).


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:28 PM

Posted 07 March 2018 - 07:33 AM

Here are some resources to read:

Symmetric key algorithm encryption
Symmetric key cryptography
Asymmetric public-key encryption algorithm
Public-key encryption cryptography

What is SHA-1
What is MD5
Cryptographic hash function

What is the Difference between Encryption and Cryptography?
Encryption Algorithms Description & Glossary
Encryption Algorithms
Cryptographic Algorithms
What's The Difference Between Hashing and Encrypting?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 rachana

rachana

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:58 AM

Posted 28 March 2018 - 12:37 AM

Encryption keys are generated using 2 techniques, symmetric and asymmetric.

Symmetric, or secret key encryption, uses a single key for both encryption and decryption. Symmetric key encryption is used for encrypting large amounts of data efficiently.

Asymmetric, or public/private encryption, uses a pair of keys. Data encrypted with one key are decrypted only with the other key in the public/private key pair. When an asymmetric key pair is generated, the public key is typically used to encrypt, and the private key is typically used to decrypt.

 

Rest Of Article...

Mod Edit:  Posted rest of quoted article - Hamluis.


Edited by hamluis, 28 March 2018 - 10:52 AM.


#9 FelisaLDore

FelisaLDore

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:58 AM

Posted 05 August 2018 - 12:05 AM

I get your question, and yes hashing can be used as a derivation function. You can read more here- https://en.wikipedia.org/wiki/Key_derivation_function

 

However, if you are looking for an encryption key generator, you can go for this generator- http://www.allkeysgenerator.com/

 

 

 

Mod edit :-  Suffix removed from URL as it appears to serve no useful purpose.


Edited by Chris Cosgrove, 05 August 2018 - 05:24 PM.


#10 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,705 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:28 AM

Posted 11 August 2018 - 05:50 AM

I strongly discourage the use of the web site mentioned in entry #9.

 

The confidentiality and integrity of the generated keys can not be guaranteed because:

1) the web server does not support TLS (HTTPS)

2) the keys are generated on the web server (and then transmitted over HTTP), they are not generated on the client (web browser).


Edited by Didier Stevens, 11 August 2018 - 05:52 AM.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users