The Grand Key system is a method of using a single encryption
key for multipal files while retaining the ability to quickly change the
passphrase protecting those files.
One drawback of using plain pass phrase fill encryption is
the problem of changing the pass phrase. Once files are encrypted
based on a pass phrase, they have to be deciphered and then reencrypted
using the new pass phrase. This can be a problem for regulear pass
phrase changes, especialy with large files.
A solution for this problem is to use a master key, generated
at random, to encrypt files. This master key is then protected with
a pass phrase. Now, if many encrypted files need to have the pass
phrase changed, it can simply be changed by modifying the pass phrase that
protects the master key.
In the grand key system, sevral grand keys are stored in a
single file, a unit is provided retreive key from this file and a brute
forcing program to demonstrate the strength of varuous key lengths.
The grand key main program is an interface for adding, modifying and removing
master keys. The grand key unit provides functions for requesting,
verifying and retriving the master key for the purpose of encryption.
The inner workings of the grand key system center around message
digest algorithm. For the example, MD5 has been chosen, although any
message digest would work. When a new master key is created, it is
assigned a name and given a pass phrase to protect it. The master
key itself is chosen at random. The size of the master key is that
of the message digest algorithm. The size relationship isn't necessary,
but makes the example easyer to follow.
Each master key is saved to a grand key file with a record format as
follows:
Key name
Key salt
Master key
Confermation salt
Confermation hash
The 'master key' is saved encrypted by expanding the passphrase
and XORing the hash output with the master key. That is:
Encrypted key = ( KeySalt
+ Passphrase -> MessageDigest -> HashOutput ) xor MasterKey
By using a key size equal to the size of the message digest,
we can simply encrypt the master key by XORing it with the expanded pass
phrase.
Sence the acualy master key is random, it is imposibal to
tell if a passphrase is collectly deciphering the key or not. The
confermation hash is the solution. When the master key is generated,
a second salt value is chosen. This system is used to generate the
confermation hash and check a passphrase:
ConfermationSalt + Passphrase -> MessageDegest
-> ConvermationHash
If used to check a passphrase, the output of the message
digest should match the convermation hash. In the event this isn't
ture, the passphrase is not the one used to do encryption.
Some things to note with this system:
It is very important to have a good, sucure random number.
The master keys generated should be compleatly unpredictibal or all data
encrypted with the master key will suffer from it's weakness. Great
care should be taken to cover the tracks of the random number generator
to be sure an atacker can not ever reproduce the random number stream
of the generator. Otherwise, it may be posibal to reproduce the
master key without having to bruteforce anything.
The random data is equaly important for the two salt values.
It is important that the convermation salt be diffrent from the key salt.
If not, the convermation hash would be the XOR stream used to protect
the master key-- and that would cercomvent the entire system.
Care should be taken that the master key is never kept in an unencrypted
state. Don't view it, write it down or even keep backups.
It's best the master key be kept in one place so if the passphrase protecting
it ever needs to be changed, that can take place without the risk of an
old passphrase working on an old copy. It's a toss up of safty vs
sucirity, but such pratices are up to the owner of the data.
This system takes into account any other system that will
use a master key will also salt and expand the key. This is especialy
important for stream ciphers (such as with file encryption) as the result
of using the same encryption key will lead to generating the same random
stream-- a very bad thing.
Again, although this is a fully working system, it is intended to be
an example, not a solution.
The brute forcing system included in the archive is ment
to demonstrate how a brute force atack can be launched agenst this system.
It isn't the fastest system, but it can crack small keys relitively quickly.
|
