2

While building web applications I'm wondering how long of a secret I need (how many bits) for serving as the key in encryption - and whether I can just mash out a random sequence of characters on my keyboard or if I need some special software to generate something for me?

(i.e. stealing the private RSA from something like ssh-keygen)

Update: I manly will be using this key with PHP's mcrypt library but am also interested in c++ options (both on linux).

Xeoncross
  • 55,620
  • 80
  • 262
  • 364

3 Answers3

9

Most crypto libraries have a facility to generate a session key. Don't for heaven's sake try to roll your own.

user207421
  • 305,947
  • 44
  • 307
  • 483
  • To my knowledge, mycrypt doesn't - though it has a IV generator. – Xeoncross Nov 01 '10 at 02:56
  • So use one that does. This is far too important a matter to be left to uninformed application programmers or inadequate libraries. – user207421 Nov 01 '10 at 03:10
  • haha, That's why I'm posting this question! I need to know where I can find something to create a secret key. – Xeoncross Nov 01 '10 at 15:09
  • Erm... use [random.org](http://www.random.org/integer-sets/) for your one time random key. If you want an ASCII readable key simply generate n ints from 33-126, where n is the keylength in Bytes(chars). Convert each int into ASCII chars manually or online, and copy your new string into your script or preferred place of storage. If you need random salts and IV's, follow the above advice as PHP's myrcypt create IV simply calls /dev/[u]rand or win32-crypt if called correctly. – DrPerdix Nov 01 '10 at 19:05
2

If possible you should use /dev/urandom. This is a entropy pool that is populated with something very close to a real random number generator. Here is more information on entropy pools and sources of entropy.

Community
  • 1
  • 1
rook
  • 66,304
  • 38
  • 162
  • 239
  • 1
    To be technical, /dev/urandom is pseudo-random, and isn't strictly an entropy pool. It draws from the entropy pool, but it will keep generating output even if that pool is dry. /dev/random is the entropy pool, and you can empty it pretty easily. – Slartibartfast Nov 06 '10 at 04:20
  • @Slartibartfast I have read random.c in the Linux kernel and you are mostly correct. /dev/urandom will only fall back on a prng if it cannot fill the request. In most cases /dev/urandom is more favorable because otherwise your application will have to wait for the entropy pool to fill. Speed Vs Security is a common trade off. – rook Nov 06 '10 at 04:30
  • I didn't mean that one shouldn't use /dev/urandom, I was just correcting a slight technical inaccuracy. – Slartibartfast Nov 06 '10 at 18:48
1

You're not quite comparing apples to apples here. Most programs I know of openssl, gpg, pgp don't take input just from characters you type. They may take some timing from the time between key strokes (pgp did this) but they also take randomness from other sources collected from your OS: disk access time, inter-packet arrival times, and other sources. These are combined to generate "random" numbers for cryptographic use.

Key length is somewhat different. NIST puts out recommendations for key length, you may want to look into that. That being said, key length is almost never the weakest link in your security chain.

Choose a reasonable key size, but don't forget to put effort in all the other areas of security engineering. That book, whose first edition is on the web, is a tremendous resource.

Paul Rubel
  • 26,632
  • 7
  • 60
  • 80