Timothy
Parker Consulting Incorporated
|
|
|
|
Public-Private Encryption and Digital Signature Methods Last time we looked at straightforward encryption algorithms. In the first column of this series, I discussed public-private key systems as being a better alternative for those who want to send material over public networks and don’t want to share a private password. Public-private key systems use two passwords, one public and the other (surprise!) private. When sending something to you, others use your public key. Your private key then decrypts the message. No one else can decrypt the message using the public key. The primary public-private key encryption system is RSA, named after the inventors (Rivest, Shamir and Adleman, for those wanting to impress others with trivia). A close competitor is Phil Zimmermann’s PGP (Pretty Good Privacy). Both RSA and PGP were discussed in the first column, so we won’t bother with them again except to look at their potential for break-in. Both RSA and PGP can use very long keys, often 100 bits or more. The longer the key the more time required to encrypt and decrypt, and the tougher the message is to decrypt without a key. It’s not unusual to have 1024-bit keys. The RSA Web site http://www.rsa.com/rsalabs/newfaq/ discusses the strength of the encryption based on key length. A 512-bit key can be broken with a fair bit of computing power, but it can be done. Longer keys (768-bit or 1024-bit) require more horsepower than most hackers will have access to. In theory, any key system can be broken either through brute force analysis or some lucky guesses based on the encrypted text, but for all intents both RSA and PGP are secure as long as long keys are used. The Diffie-Hellman system is a Key Exchange Algorithm (KEA) which used to control and generate keys for public key distribution. Diffie-Hellman doesn’t encrypt or descrypt messages: it’s only use is to generate secure keys. The process is easy, but does require both ends of a communication (sender and receiver) to work together to generate the keys based on prime numbers. Besides encrypting data, there’s another important security issue. That is being able to confirm the identity of the person who sent (or who receives) a message. After all, encrypted misinformation is just as secure as encrypted valuable information. To help authenticate both senders and receivers, a system known as digital signatures is used. Digital signatures use public-private encryption, relying on the public key to allow anyone to verify the sender’s identity, as the message is coded with their private key. The US government developed and adopted a system called Digital Signature Standard (DSS) which, as the name suggests, offers digital signature authentication. DSS has a major flaw, though, in that it is easy to accidentally reveal your keys if the same random encryption number is chosen twice and a hacker has both messages using that random number. Even worse, the contents of the message are sometimes easy to decrypt. The Secure Hash Algorithm (SHS) and Secure Hash Standard (SHS) were developed by the US government also, but are more secure than DSS. SHS uses a hashing algorithm that involves 160-bit keys. Unfortunately, SHS is somewhat slow. Given the speed with which RSA and PGP work, it’s hard to understand why anyone would adopt SHS. Another approach to digital signatures is the message digest algorithm, of which at least three are in general circulation (called MD2, MD4, and MD5). The MD series of algorithms generate a digital fingerprint based on the input. The fingerprint is a 128-bit code, called a message digest. No two messages will ever have the same message digest (in theory). MD5 is the most secure of the set, developed by RSA to use a special hashing algorithm. Microsoft uses MD4 in its Windows NT user files to encrypt password entries. MD4 has been cracked many times. There are several utilities available on the Web for doing just this to Windows NT’s password file (such as http://www.masteringcomputers.com/util/nt/pwdump.htm and ntcrack.htm on the same page). To close off digital signatures, we reach the subject of certificate servers. Certificate Servers manage public-private keys for companies or organizations and usually are readily accessible to the Internet. There are several commercial certificate servers available for Windows and UNIX platforms. One of the best, at least in my opinion, is Netscape’s. Netscape also makes a FAQ available that describes why you would want to use a certificate server and the features of its own product. Access the FAQ at http://www.netscape.com/comprod/server_central/support/faq/certificate_faq.html#1. Finally, we end up with Kerberos. If you’ve been on the Web or installed servers before, you’ve run into the Kerberos name several times. Kerberos is a way of providing network security by controlling access to network services on a user level. A Kerberos server is located somewhere on the network (usually on a secure machine). Kerberos servers are sometimes called Key Distribution Centers (KDCs). Whenever a user makes a request for some network service, the Kerberos server authenticates that the user is who they claim to be and that the service is on the proper machine. The security of the Kerberos system is based on the use of a pricate key encryption system based on DES. Every client and server on the network has a private key that is checked with every Kerberos-controlled action. Kerberos requires a dedicate server and so appears usually on larger networks and those that need tight security controls. |
|
Send mail to
tparker@tpci.com with
questions or comments about this web site.
|