Hello Voronkov,
On Thu, 2003-09-11 at 03:50, Voronkov Konstantin wrote:
> Hello again,
>
> I'm going to use following algorithm:
>
> key_size=0
> string=pass-phrase
> key_from_string=""
> while(key_size < key_required_size)
> {
> key_from_string+=SHA1(string)
> string+=key_from_string
> key_size += 20 bytes
> }
> The obtained key_from_string is key for encryption.
>
> Is it secure to use following algorithm?
> Does CryptoPP suggests something better?
I think it depends on what you mean by secure but, basically, if you are
reducing the keyspace you may be hurting your security... I'm definitely
not a crypto-expert, so feel free to correct or ignore me :)
Here's a pseudo-analysis that may help you make your own conclusions.
We assume there is no inherent vulnerability in the cryptographic
algorithm, so the only way to go is brute force (trying each possible
key until sensible plaintext is recovered).
The question is, "how does your use affect the number of operations
required to break the encryption?".
Here's how I would look at it. Define:
N => Number of bits in normal algo key (key_required_size)
Nr => Number of bits in the reduced key (size of the pass-phrase, in
bits)
Ops => Number of CPU cycles required to try a key and check if it is
*the* key we are looking for
Gen => Number of CPU cycles required to generate a key from a
pass-phrase
1) How many operations to brute force the algo with a key of required
size?
On average, you'll go through half the keyspace to find the key, so this
should take
Ops * ( 2^N )/2
2) How many operations to brute force the same algorithm, with your
reduced keyspace and key generation
(Ops + Gen) * (2^Nr)/2
You can see that if
(Ops + Gen) * (2^Nr)/2 << Ops * ( 2^N )/2
you've made it easier to break - and note the Nr (number of bits in
reduced key) really has a more determinant role than the added Gen
operations do (since it is a power, and not a simple linear
multiplication).
On the plus side, your pass-phrase is a string and can in theory contain
any number of characters - this means more degrees of freedom, so more
keys to check. On the down side, people use short pass-phrases, hardly
use anything but alphanumeric characters and, in any case, only have
access to a subset of possible chars (through their keyboard). A good
cryptanalyst would probably use this type of information to remove large
chunks of keys and greatly simplify a brute force attack.
HTH
Regards,
--
Pat Deegan
http://www.psychogenic.com/
PGP Key: http://www.keyserver.net 0x03F86A50
signature.asc
Description: This is a digitally signed message part
