Key Doubt in Symmetric Encryption

Asked

Viewed 729 times

3

Hello, researching on cryptography li on symmetric cryptography, asymmetric, digital signature...

But I have a question, when we use a software like Truecrypt, Keepass or others of the genre the encryption key is the password we choose? Or the key and the password are two separate things?

If they are different things the conclusion is valid that no matter if the encryption uses 8-bit keys or 4096-bit keys if the password is weak the encrypted file will be vulnerable?

Are these keys files on hard drive or other storage devices? Is it possible for me to have direct access to them?

2 answers

1

I’m not an expert on cryptography, but I read a lot about it and I’m very interested. Your question is a little broad and so is the subject. If we talk in cryptography there are several standards like: AES, RSA, Openpgp... There are also Hash patterns of a pathway like MD5, SHA-1, SHA-2, SHA-256...

But taking the example of Keepass (which I use). It uses the AES standard, according to the official website:

Keepass Supports the Advanced Encryption Standard (AES, Rijndael) and the Twofish Algorithm to Encrypt its password Databases. Both of These Ciphers are regarded as being very Secure. AES e.g. became effective as a U.S. Federal Government standard and is Approved by the National Security Agency (NSA) for top secret information.

What does that tell us?

This tells us that Keepass uses the AES standard to encrypt the password base and other fields you store in the kdbx files. But if you use Keepass, you must have noticed that you can copy the passwords, right? So they need to be encrypted and decrypted back. AES allows this.

With a key (I believe Keepass that sets the key by default and are 256-bit keys) it encrypts and decrypts the password database.

About Hash

Now let’s go to the next part. Keepass also asks for a master password, the so-called Master Password. About this Master Password the official website tells us:

SHA-256 is used as password hash. SHA-256 is a 256-bit cryptographically Secure one-way hash Function. Your master password is hashed using this Algorithm and its output is used as key for the Encryption Algorithms. In Contrast to Many other hashing Algorithms, no Attacks are known yet Against SHA-256.

Here is already a more common situation that we find almost all over the internet. We set a password to access the content, in this case the kdbx file. If the password is correct, access, otherwise deny access. But this password is not saved in a "full text" way because this would be a serious security breach. Then a password hash is created using the SHA-256 algorithm and then saved.

Once the hash is created, there is no return. That is, there is no recovery. So when you lose your password, most websites will create a new password. If the site sends your password in the email, rest assured, that site is unsafe.

About weak and strong passwords

The issue of weak or strong passwords is for protection against brute force attacks, dictionaries, raibow Tables... 'Cause it gets easier to guess easy passwords.

See more about brute force attacks here.

About the keys

They are simple strings of bytes. If they are bytes they can be stored anywhere: HD, Database, memory, USB sticks... It does matter if the key is 8-bit or 4096-bit. The higher the key, the more security (the hacker will spend much more time trying to guess a larger key), but more processing time will be spent on encrypting/decrypting information.

Practical example with Java

Although I gave an example of Java code on the web, I gave an adapted and simplified one. It’s working. It encrypts and decrypts a phrase using AES. Take a look. I think it’s easy to understand.

import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;

public class Crypt {

    // Chave
    private static byte[] key = { 0x74, 0x68, 0x69, 0x73, 0x49, 0x73, 0x41,
            0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x4b, 0x65, 0x79 };

    public static void main(String[] args) {
        String info = "Frase a ser criptografada";
        
        // Criptografa
        byte[] fraseCriptografada = Crypt.encrypt(info);
        
        for(byte b : fraseCriptografada) {
            System.out.print(b);
        }
        System.out.println();
        
        // Decriptografa a Frase
        String fraseDecript = Crypt.decrypt(fraseCriptografada);
        System.out.println(fraseDecript);

    }

    public static byte[] encrypt(String strToEncrypt) {
        byte[] encryptedString = null;
        
        try {
            Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
            SecretKeySpec secretKey = new SecretKeySpec(key, "AES");
            cipher.init(Cipher.ENCRYPT_MODE, secretKey);
            encryptedString = cipher.doFinal(strToEncrypt.getBytes());
            
        } catch (Exception e) {
            e.printStackTrace();
        }
        return encryptedString;

    }

    public static String decrypt(byte[] byteToDecrypt) {
        String decryptedString = null;
        
        try {
            Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5PADDING");
            SecretKeySpec secretKey = new SecretKeySpec(key, "AES");
            cipher.init(Cipher.DECRYPT_MODE, secretKey);
            decryptedString = new String(cipher.doFinal(byteToDecrypt));
            
        } catch (Exception e) {
            e.printStackTrace();

        }
        
        return decryptedString;
    }
}

Console output from the above example:

-82-704594-7111794-17-59262-52-9734-27110-1143353-74-8794-8710211643-16-1111178741103
Frase a ser criptografada
  • Thanks for the answer. I understood that a 256bit hash is created with the Master Password and this hash is used with key for the AES256 algorithm. But is this key (the result of the hash) stored somewhere or generated each time you enter the Master Password? If stored, it would be a security breach?

  • Bigown Vi what you wrote, you can erase if you want...

  • @Yuricastilhowermelinger, I don’t believe that the password (hash) is used as a key for encryption. Now, if the AES key is generated every time you open kdbx and closes and recreates everything, just look at the code itself and see how it works. But that would be possible yes.

  • I understood that the hash is the key to encryption because in your reply there is a mention of a text from the official website that says "Your master password is hashed using this Algorithm and its output is used as key for the Encryption Algorithms."

  • @Yuricastilhowermelinger, you are correct. Keepass uses the Master Password hash as the AES key. I searched a little further and confirmed. "In order to generate the 256-bit key for the block Ciphers, the Secure Hash Algorithm SHA-256 is used. This Algorithm compresses the user key provided by the user (consisting of password and/or key file) to a Fixed-size key of 256 bits. This Transformation is one-way, i.e. it is computationally infeasible to invert the hash Function or find a Second message that compresses to the same hash." http://keepass.info/help/base/security.html

1


One password is something to be memorized by the user, and possibly also chosen by the user. In general, passwords have low entropy, that is, although the potential number of password candidates (i.e. all strings) is from very large to infinite, "real" passwords - those that people tend to choose, or even think about - are much smaller. For this reason, it is estimated that users' passwords will have an X bit "security", and work according to this assumption - although individual users can choose stronger or weaker passwords.

One key is a bit sequence used in a cryptographic procedure. Since each algorithm requires a key of predetermined size, a key of that exact size is required to use that algorithm. For this reason, one cannot use passwords directly as keys, it is necessary transform them according to any process, so that the resulting key has the correct size.

So answering your first question, password and key are different things.

The process that turns passwords into keys can vary quite a bit, but one thing is for sure: if the input is the same password, the output will be the same key. Thus, if there are N distinct passwords that can be used, there will only be at most N distinct keys (may be less, as two distinct passwords may derive the same key). And if of these N, only M are "reasonable" passwords (i.e. that have some chance of being chosen by a user), then one can expect that there were distinct M keys, at least in 99% of cases.

Then answering your second question, in fact if the password is weak the file is vulnerable. It should be noted, however, that using overly small keys (type 8 bits) leaves the file vulnerable even when the password is strong, while using a larger key at least gives you the chance to use a strong password and have reasonable protection. The choice of key size should therefore be given by the characteristics of the chosen algorithm (e.g.: a 256-bit key for ECC has roughly the same security as a 3072-bit key for RSA).

As for your last question, programs like Truecrypt and Keepass do not store the generated key anywhere - even if your computer was compromised, the attacker would only have to find the file with the key to decrypt your files... Instead, the encryption key is derived from the password, and this is done again and again each time you want to gain access to its content. While you’re wearing it, however, the key remains in memory, being discarded only when you finish using (ex.: you mounted a Truecrypt volume, it derived the key from your password, and stored the key in memory; you use this volume for a while and when you decide to disassemble it, the key is erased from memory). That may or may not be a risk, depending on how it has been implemented (e.g., whether the system has paid, or whether it has BSOD and a core dump has been stopped in file, the key may be present on your hard drive without you even realizing).

Finally a note about the key derivation process: it is known that the passwords chosen by the user are usually weak, and little can be done about it (the Moore’s Law says computers get faster and faster with time - allowing them to test more and more passwords in a short amount of time - but our brains do not become better to remember passwords but strong, so it is inevitable that the relative strength of passwords becomes worse and worse as time passes). To combat this, we seek to use key derivation processes that are purposefully slow, that is, it takes several seconds (or even minutes) to generate the key from the password even in a hardware specialized. This ensures that even if the number of password candidates to be tested remains small, the time needed to test all of them is quite large. This defense may not be enough to "save" a rather bad password, but is considered sufficient for "normal" passwords to still be viable in practice.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.