Encryption Keys: Basic Concepts
Encryption and decryption require the use of some secret information, referred to as a key. There are two types of encryption: secret key and public key. In secret-key encryption, also referred to as symmetric encryption, the same key is used for both encryption and decryption. In the public-key encryption, also referred as asymmetric encryption, each user has a public key and a private key. Encryption is performed with the public key while decryption is done with the private key. This topic covers the issues related to the secret key encryption.
A secret key is, in essence, a sequence of numbers each of which has value from 0 to 255 (such numbers are called bytes). The required length of secret key is determined by the algorithm which is used for encryption. The required length of key for algorithms used in this program varies from 16 bytes (IDEA algorithm) to 255 bytes (RC-6 algorithm).
Secret keys are almost impossible to memorize (imagine that in order to encrypt some data you need to learn by heart the sequence of 255 numbers), and it takes several minutes to input them from the keyboard. Therefore, secret keys usually stored on floppy disks or other removable media, and these media in turn are stored in safe place.
It’s a common practice in everyday life not to deal directly with secret keys, but generate them when they are needed for encryption or decryption from passwords. But here, the tradeoff is in terms of security: in order to perform secure encryption with a password, it must include a great variety of different symbols and it must be as long as possible. For example, a very secure password may look like this:
A$1)s38.G\R^ [email protected]*h]-(k#;2%k”Q
In other words, a very secure password is not much easier to memorize than a secret key is. That is why users usually choose less complex passwords that are consequently not so secure. This program allows you to choose for encryption between a password that is easy to remember and the user’s secret key which is more secure.
The necessity of storing encryption keys on a floppy disk or other removable medium is often considered as an inconvenience. But this necessity must be rather considered as an advantage. Because storing encryption keys on the floppy disk eliminates intrinsic drawbacks which encryption with password has:
|Encryption with key||Encryption with password|
|1. Every file can be encrypted with its own key. One of the main rules of cryptography is that an encryption key can be used for encryption only once. Several hundreds keys may be stored on one floppy disk;||1. If user “stores” passwords in his memory, he scarcely would memorizing many passwords;|
|2. If user uses key management features, there is no need to track what file with what key has been encrypted. For decryption he only need to indicate directory where he store encryption keys and the appropriate key will be found automatically;||2. Even if user does not memorize his passwords, but writes down them on a paper, he also must keep information about which password has been used for encryption of which file.|
|3. Encryption key can be entered for encryption or decryption with just two or three mouse clicks;||3. For providing an acceptable level of security, passwords must be as long as possible and contain great variety of symbols. Procedure of entering of such passwords often takes several minutes (taking into account possible faults and retyping).|
And the main drawback of passwords is, of course, their vulnerability to various kinds of attacks. Passwords, in the difference from keys, typically contain less than 20% out of all possible byte values (symbols). And this fact greatly simplifies the task of breaking the encrypted data.
As a conclusion one can say that if you need the maximal level of security of your confidential information, then the only alternative for you is to use encryption with key.