Re: Secret key encryption
Hal Finney <hal <at> finney.org>
2005-08-03 16:24:09 GMT
> I need to encrypt secret data of the keypair to prevent attackers from
> misusing the keypair. I am using 3DES symmetric algorithm in encrypting
> and decrypting the secret key. As a s2k specifier I use Iterated and
> Salted S2K, so in the encryption process I need the secret passphrase,
> the Coded count, an 8-octet salt value and an 8-octet Initial Vector. My
> question is: is the Initial vector some arbitrary data like salt values
> are? In this case it would be some 64-bit random number. And what about
> the coded count value? What affects to the value? I have generated my keys
> so far with gnu privacy guard software and the count has always been 96
> (65536) in every key. I didn`t find solution to this from the RFC2440. Can
> someone clarify this?
Yes, the IV should be a 64 bit random number.
The purpose of the coded count is to slow down dictionary attacks. In a
dictionary attack, someone who gets access to the secret key ring tries
all possible pass phrases. By slowing down the operation of turning a
passphrase into the 3DES key that unlocks the secret key, it makes the
dictionary attacker's job harder.
Choosing a value for the coded count is a tradeoff. Larger values will
help defend against dictionary attacks, but they will also slow down
the process of unlocking the key for legitimate users. If keys in your
application will be unlocked by human users typing in their passphrases,
then larger coded counts would be acceptable, providing for delays of 1/10
or even 1/2 second or more. If your application must expose the secret
key data structure, again larger coded counts would be appropriate.
On the other hand, if your application involves an automated system
which must frequently unlock keys, and/or if you are confident that