3 - 4: Key Management

Question 1

Out-of-band key exchange

Answer 1

Exchanging keys (within a symmetric system) in a mutually trusted way

Question 2

The Diffie-Hellman key exchange

Answer 2

In-band key exchange for symmetric key systems (great visual example @1:42)

1) Start with two numbers, one is prime. 2) Choose a secret number 3) calculate secret number = non-prime number to the secret number mod prime number 4) send the resulting number 5) the other party does the same calculation but with a different secret number 6) calculate the shared number

Question 3

Key Escrow

Answer 3

Holding keys for law enforcement to use in the event of a crime

Question 4

Clipper chip

Answer 4

A proposed 1993 solution providing a Law Enforcement Field, allowing the government computer access if necessary, however it was discovered to have flaws

Question 5

Recovery agents

Answer 5

A master key that can decrypt any encrypted data in an organization

Question 6

Key stretching

Answer 6

Take a password and use math to make it harder to crack using 1) a salt value and 2) hashing the resulting value

Question 7

Password-based Key Derivation Function v2

Answer 7

Uses salting and hashing to stretch a key. Should use at least 4,000 times

Question 8

bCrypt

Answer 8

Key stretching using the blowfish algorithm

Question 9

Hardware Security Modules

Answer 9

Special hardware designed to manage encryption keys and perform cryptographic operations.

Question 10

FIPS 140-2

Answer 10

Government guidelines on HSMs.

Sec level 1: Standard operating systems, no physical security
Sec level 2: EAL2 software and firmware, tamper-evident seals
Sec level 3: EAL3 software and firmware, tamper-resistant controls
Sec level 4: EAL4 software and firmware, strict physical security