5

To preface, I'm not an IT security person, just a layman intrigued by the logic. I had this question while reading about Ladar Levison turning a key to his email service on paper to the government. That means that he has this key on a storage device somewhere. Then that storage device must be encrypted somehow. Then the key to open that storage device must be stored somehow. And so on and so forth.

Thus my question is: is it true that ultimately someone like Ladar Levison must hold the "final key" in his head?

Heisenberg
  • 153
  • 4

3 Answers3

8

In human terms, this "final key" often takes the form of a password. The password is used to gain access to the place where the "real key" is stored.

In the computer security world, we use cryptographic algorithms to perform the security operations. But some of these algorithms can't just use passwords as keys, because they require specialized large numbers to make the math work. Since we humans aren't typically capable of remembering 256 digit cryptographic keys, we need to use storage devices to hold them. And because we don't want just anyone who gets ahold of that storage device to have a copy of the keys, we usually protect these secret keys by encrypting them.

But now we're back to the same problem: how do we encrypt these secret keys if we still can't remember a key? Instead of remembering a key, we remember a password, and use an algorithm called a Key Derivation Function to turn our password into a cryptographic key. This key is then used to decrypt the actual secret key needed to access the sensitive data.

In the physical world, this is similar to placing your car keys in a safe. You'd have to know the combination to the safe in order to get the car keys, the combination lock turns your combination (your password) into mechanical position of pins and disks (the physical manifestation of the key required to throw the bolt,) then you could open the safe and get the car keys. Once you have the car keys, you can unlock the car and drive away.

And for very high security keys, such as the master keys for a debit card network, or the root certificate keys for a Certificate Authority, it is not uncommon to keep the keys or a password printed on a piece of paper and locked in a safe. Only the data owner knows the combination. Another choice with cryptography is to split the key into three or more parts, requiring three people to get together to reassemble the key.

John Deters
  • 34,205
  • 3
  • 61
  • 113
  • Very insightful answer, thank you! A follow-up question: Is the Key Derivation Function also a secret? i.e. the attacker has to torture me to extract both the password and what kind of Key Derivation Function I used? Can an attacker "guess" the Function somehow? – Heisenberg Feb 18 '14 at 19:12
  • No, the KDF is often publicly known. A common one in use is called PBKDF2. – John Deters Feb 18 '14 at 19:21
  • Ah, so if the attacker knows the password he'll gain access to everything. The KDF does not add another layer of security, but simply serves as a bridge between human-rememberable password to the multiple-digit key, yes? – Heisenberg Feb 18 '14 at 19:25
  • Exactly! You might want to read up on Kerchkoff's Principle which states that a cryptosystem should be secure even if everything about the system, except the key, is public knowledge. https://en.wikipedia.org/wiki/Kerckhoffs%27_principle – John Deters Feb 18 '14 at 19:31
  • 3
    @Anh Not exactly. Depending on the KDF configurations (If configurable. PBKDF2 is), you can make it much more computationally exhausting to brute force a strong password. Practically speaking, the difficulty in brute forcing the password translates into extra security. Some KDFs can turn a password into a key in less than 0.001ms. But if your KDF takes 5-10 seconds (not that high in a one-user, one-use offline environment) to turn a password into a key, imagine how long it will take an attacker to brute force it. Of course, the attacker always has much much much better hardware than you. – Adi Feb 18 '14 at 19:43
0

The answer is "no", you don't ultimately have to remember something in your head.

Authentication really boils down to these choices:

  • Something you know (passwords, passphrases, picture identification, swipe pattern, ...)
  • Something you have (a key, a synchronized number generator, a printed code, ...)
  • Something you are (fingerprint, retina scan, hand geometry, face recognition, ...)

Or you can use a combination of these, i.e. multi-factor authentication. (We are seeing more of that available today than a decade ago, and should embrace it.)

broc.seib
  • 141
  • 4
0

No, you do not ultimately have to hold a key in your head, and neither does Ladar Levison. In fact, many security researchers recommend that people use pass phrases that are too complicated to memorize, write the pass phrases down on paper, and keep them in a wallet or other secure location. Bruce Schneier; Jesper Johansson; Rick Smith; Jianxin Yan, Ross Anderson; Arnold G. Reinhold; etc.

It sounds like you have a good understanding of the rest of the process:

Yes, many (most?) computers store secret keys and private keys in encrypted form. (often using a "keyring").

Yes, the key to decrypt those other secret keys is usually derived(*) from a pass phrase that a human can remember for a minute or so, long enough to read from paper and type in.

Yes, it is possible that Ladar Levison might have his pass phrase memorized, but it is not necessary.

(*) using a key derivation function.

David Cary
  • 2,740
  • 4
  • 21
  • 20