[ Pobierz całość w formacie PDF ]
.RSA is a public key encryption algorithm, whichmeans that a public key is used to encrypt the data and a different but neces-sarily related private key is used to decrypt them later.The advantage of thismodel is that public keys can be distributed more broadly without risk ofcompromising the data, which cannot be decrypted without the private key.Be careful Depending on the implementation, the performance of RSA(or any other public key algorithm) is likely to be hundreds or thousandsof times slower than AES; thus, you should not use RSA to encrypt largeamounts of data.Instead, use RSA as part of a key exchange protocol forinstance, use it to distribute an AES key.Both the security and performanceof the algorithm are tied to the key length used.Longer keys yield better secu-rity and worse performance.Current guidelines suggest that RSA keys shouldbe at least 1024 bits, with 2048 bits providing a longer window of security.The SHA-2 variants (SHA-224, SHA-256, SHA-384, and SHA-512) ofthe Secure Hash Algorithm (SHA) family should be used whenever crypto-graphic hash values are required.The most common application of SHA-2that we encounter is storing hashed passwords, but secure hash values can 11.4 Cryptography 409also be used to compute secure checksums and as part of digital signatureand message authentication systems.Although SHA-2 offers better securitybecause it produces larger hash values, the SHA-1 algorithm providesadequate security for many applications today.Plan to migrate code thatuses SHA-1 to SHA-2 as soon as it s feasible, but proceed to the exit in anorderly manner; as of this writing, the use of SHA-1 need not constitute acrisis.Static Analysis: Avoid Bad AlgorithmsUse static analysis to identify code that uses cryptographic algorithms that are not approved.Write rules to identify the use of functions from cryptography libraries that implementalgorithms other than AES, RSA, and SHA-2.For example, the following rule flags usesof the RC2, RC4, and RC5 algorithms from the Java Cryptography Extension (JCE):Structural rule:FunctionCall fc:(fc.function is [name == "getInstance" andenclosingClass.supers contains[Class: name == "javax.crypto.KeyGenerator"]]) and(fc.arguments[0].constantValue matches "RC(2|4|5)")Moving forward, pay particular attention to algorithms that have recently beenbroken and are now classified as insecure; it s unlikely that every developer is up-to-dateon cryptography research.Don t Roll Your OwnIf you need encryption, a digital signature, key exchange, secure hash, oranything else that requires cryptography, use a publicly vetted algorithm andimplementation.In other words, you should not do any of the following:" Invent your own cryptography algorithm" Create your own implementation of a cryptography algorithm" Concoct your own cryptographic key exchange protocolSecurity through obscurity is a mirage.It is much easier to create asecure system using modern, well-known, and widely accepted crypto-graphic algorithms than it is using an algorithm you have created yourself. 410 Chapter 11 Privacy and SecretsHome-grown cryptography can go wrong in many subtle ways, both in thedesign of the algorithm and in its implementation.Publicly studied algo-rithms are stronger because they have been vetted by the cryptographycommunity.Widely used implementations that have been certified by oneor more organizations are less likely to contain subtle implementationserrors that negate the security of the algorithm design.Finally, even themost secure algorithms and implementations can be misused in ways thatundermine their effectiveness.Use the algorithms you choose in the waythey were intended.Don t take shortcuts, and don t try to be inventive.Depending on the languages and platforms you need to support, youmight already have access to all the cryptography you need.Java includesimplementations of most common algorithms in the Java CryptographyArchitecture (JCA)9 and Java Cryptography Extension (JCE),10 includingAES, RSA, and SHA-2.(The division between JCA and JCE was originallydue to the U.S.export laws on cryptography [DOC, 2000]; when theselaws were relaxed in 1996 the JCE was integrated into the JDK with theJCA.) As with much of Java platform, JCA and JCE are provider based,which means they provide both a framework for implementing algorithmsand several specific implementations in the form of providers.A notableadvantage of this architecture is that, in many cases, a program can transi-tion from one algorithm to another with only minor code changes.Thisway, when a better alternative becomes available, the transition can bemade easily and with a minimal risk of introducing errors.Example 11.12demonstrates encrypting and decrypting a string using the AES implemen-tation in JCE.Example 11.12 Code that encrypts and decrypts a string using the AES implementationin JCE.When it completes, cleartext and cleartext1 will contain the same value.byte[] cleartext = "This is a message to test AES".getBytes();// generate a secret keyKeyGenerator keygen = KeyGenerator.getInstance("AES");SecretKey aesKey = keygen.generateKey();// get an AES instance and initialize it to encrypt with the secret keyCipher aesCipher = Cipher.getInstance("AES/ECB/PKCS5Padding");aesCipher.init(Cipher.ENCRYPT_MODE, aesKey);9.http://java.sun.com/j2se/1.4.2/docs/guide/security/CryptoSpec.html10.http://java.sun.com/products/jce/ 11.4 Cryptography 411// encrypt the messagebyte[] ciphertext = aesCipher.doFinal(cleartext);// initialize the AES instance to decrypt with the same secret keyaesCipher.init(Cipher.DECRYPT_MODE, aesKey);// decrypt the messagebyte[] decryptedCiphertext = aesCipher.doFinal(ciphertext);On Microsoft platforms, the situation is much the same for C and C++.The Microsoft CryptoAPI11 includes implementations of most common cryp-tography algorithms.Because of U.S.export restrictions on strong cryptogra-phy, users of Windows 2000 and earlier must download more advancedalgorithms and those that accept longer key lengths separately as part of theInternet Explorer High Encryption Pack12 and Windows 2000 High Encryp-tion Pack.The specific implementation details of the Microsoft frameworkmake it difficult to include a concise example in print, but we encourage youto refer to MSDN for examples of using the Microsoft CryptoAPI to encryptand decrypt messages [Microsoft, 2007].On other platforms or for cross-platform support in C and C++, a varietyof other cryptography libraries that implement the algorithms we recommendare available under flexible licenses, such as Crypto++13 (public domain),Nettle14 (GPL), and XySSL15 (LGPL).NIST maintains lists of open sourceand commercial implementations of AES,16 RSA,17 and SHA-1/SHA-218 thathave been certified for federal use.RSA Security (the division of EMC, notthe algorithm) provides a commercial cryptography library for Java andC/C++19 that is widely used and comes with the additional benefit ofsupport.11.http://msdn2.microsoft.com/en-us/library/aa380256.aspx12.http://www.microsoft.com/windows/ie/ie6/downloads/recommended/128bit/default.mspx13.http://www.cryptopp.com14.http://www.lysator.liu.se/~nisse/nettle/15.http://xyssl.org/code/16.http://csrc.nist.gov/cryptval/aes/aesval.html17.http://csrc.nist.gov/cryptval/dss/rsaval.html18.http://csrc.nist [ Pobierz całość w formacie PDF ]
  • zanotowane.pl
  • doc.pisz.pl
  • pdf.pisz.pl
  • centka.pev.pl
  •