Cryptography Reference
In-Depth Information
of reducing associated risks. However, it is not uncommon for cryptographic
applications to use well-respected encryption algorithms but employ 'home-
made' deterministic generators to produce keys. This may arise because some
system designers are wise enough not to attempt to build their own encryption
algorithms, but fail to appreciate that designing secure deterministic generators
is just as complex.
Seed management
. If the same seed is used twice with the same input data
then the same pseudorandom output will be generated. Thus seeds need to
be regularly updated and managed. The management of seeds brings with it
most of the same challenges as managing keys, and presents a likely target for
an attacker of a deterministic generator. Thus most of the issues concerning
key management discussed in Chapter 10 are also relevant to the management
of seeds.
We end this brief discussion of generating randomness by summarising
the different properties of non-deterministic and deterministic generators in
Table 8.1.
Before we discuss entity authentication mechanisms, there is one important set of
mechanisms that we need to add to our cryptographic toolkit. These are not really
cryptographic 'primitives' because, on their own, they do not achieve any security
goals.
Freshness mechanisms
are techniques that can be used to provide assurance
that a given message is 'new', in the sense that it is not a
replay
of a message
sent at a previous time. The main threat that such mechanisms are deployed
against is the capture of a message by an adversary, who then later replays it at
some advantageous time. Freshness mechanisms are particularly important in the
provision of security services that are time-relevant, of which one of the most
important is entity authentication.
Table 8.1:
Properties of non-deterministic and deterministic generators
Non-deterministic generators
Deterministic generators
Close to truly randomly generated output
Pseudorandom output
Randomness from physical source
Randomness from a (short) random seed
Random source hard to replicate
Random source easy to replicate
Security depends on protection of source
Security depends on protection of seed
Relatively expensive
Relatively cheap
