2

How to do you decide that a particular key is a weak key? In the case of WEP, the weak keys seem to be those whose initialization vectors are in the form of (B + 3,255,x).

Does the condition for weak keys depend on the type of encryption function we use? For example in WEP we are XORing the plaintext and the key sequence to get the ciphertext.

Maarten Bodewes
  • 4,562
  • 15
  • 29
Pankaj Kumar
  • 41
  • 1
  • 5
  • It's a key *stream* not a key *sequence*. A key stream is calculated using the key, the IV and the stream cipher. It is determined by those three elements, it doesn't *contain* the key or the IV. – Maarten Bodewes May 17 '16 at 23:34

2 Answers2

2

Q: How to do you decide that a particular key is a weak key?

That depends on the cipher (the algorithm itself). According to Wikipedia:

In cryptography, a weak key is a key, which, used with a specific cipher, makes the cipher behave in some undesirable way.

Q: I got some things like in case of WEP , the weak keys are those whose initialization vectors are in the form of ( B + 3,255,x).

WEP uses RC4 which, again according to Wikipedia:

Unlike a modern stream cipher (such as those in eSTREAM), RC4 does not take a separate nonce alongside the key. This means that if a single long-term key is to be used to securely encrypt multiple streams, the protocol must specify how to combine the nonce and the long-term key to generate the stream key for RC4.

So, unlike most ciphers, the weak keys include the IV. Unfortunately the key schedule of RC4 is weak, the IV of WEP too short and the construction of combining (concatenating) the key and IV too simplistic, leading to an attack.

Q:and does the condition for weak keys depend on the type of encryption function we use . ex - in wep , finally we are XORing the plaintext and the key sequence to get the ciphertext

Again, it depends on the cipher.

What you describe above is the general construction that a stream cipher uses to encrypt data. There are stream ciphers that have weak keys or are otherwise vulnerable. But there are certainly stream ciphers that do not have weak keys and are considered secure.

The XOR of the key stream with the plaintext is not the issue here.

Other (block) ciphers with weak keys are IDEA, Blowfish. DES is probably the best known cipher with weak keys though:

Since all the subkeys are identical, and DES is a Feistel network, the encryption function is self-inverting; that is, despite encrypting once giving a secure-looking cipher text, encrypting twice produces the original plaintext.

This means that if an attacker was to send back you the ciphertext as plaintext for you to encrypt (i.e. using you as an encryption oracle) that the attacker would retrieve the plaintext in the special case that weak keys were used.

Needless to say, modern ciphers try to avoid weak keys; each key should be as secure as any other key.

Maarten Bodewes
  • 4,562
  • 15
  • 29
0

There are different methods and standards, but here are the "common human-readable guidelines" :

  • The algorithm. If it is weak - a 1Mbit long key is a weak key, i.e. it can't protect the data properly
  • The key size. If the algorithm is strong(=it is a way too laborious to brute-force it or repeat it), the key size comes into a play: for example, AES is a strong algo, but it is about rounds, so AES-32 or AES-64 are weak ones : they can be bruted or just pre-calculated for a dictionary tab and broken almost instantly nowadays. But AES-256 is a strong one. The algo is exactly the same in all three cases, but the length decides : 256bit is OK, 32 or 64 bit are weak
  • The key distribution problem. It's a philosopher stone of the security : the strongest algo + 1024bit key are weak if the key can be wiretapped/stolen/obtained-by-a-third-party easily

After this "quick" evaluation if you need a further/deeper classification - you must select a standard(s) to dig deeper and to check a compliance to.

SilverlightFox
  • 33,408
  • 6
  • 67
  • 178
Alexey Vesnin
  • 1,565
  • 1
  • 8
  • 11
  • Exactly ,what do u mean by selecting a standard in the last line ? – Pankaj Kumar May 17 '16 at 17:41
  • @PankajKumar I mean that after a quick-check by the common criterias you may *possibly want* to check the crypto/keys for compliance with some standard – Alexey Vesnin May 17 '16 at 23:07
  • You've described a lot of ways in which a key can be *secure* or not. But funny enough you fail to explain the concept of a weak key with regards to the cipher (algorithm). – Maarten Bodewes May 17 '16 at 23:16
  • @MaartenBodewes as far as I see the question asker's skill/knowledge level is not so high, so I tried my best to explain it all on the acceptable level. Of course, I can start exploding in special terms and very strict definitions - but I think that he came here not to be brain-exploded. Yes, a rough approximation I've made here is VERY rough, but I hope it's *understandable* for the person who asked the question. – Alexey Vesnin May 17 '16 at 23:25
  • Of course you should always try and explain things at the right level. But if you forget to describe weak keys because of that, then what's the point? – Maarten Bodewes May 17 '16 at 23:29
  • @MaartenBodewes actually the information given seems to fit the question author. Yes, I was not about to write a full-page description, and yes - it is a bit simplified. – Alexey Vesnin May 17 '16 at 23:32
  • OK, let me try one last time: weak key != insecure key. Your explanation is wrong, not just simplified. – Maarten Bodewes May 18 '16 at 00:03
  • OK, it seems to be a matter of "insecurity" definition: in my opinion insecurity is inability to provide reliability in a form of strong security **and** confidentiality. If it's crackable, or it's uncrackable(nowdays in a reasonable time) but it can be hijacked/obtained-by-a-third-party like piece of cake - it is insecure, i.e. it's usage makes the whole deal of enciphering useless because the confidential data can be easily accessed by uninvited third party – Alexey Vesnin May 18 '16 at 00:43
  • Yes, but the question was about a *weak key*. A *weak key* is a specific concept in cryptography. The - in this case excellent - Wikipedia article specifies it as "In cryptography, a weak key is a key, which, used with a specific cipher, makes the cipher behave in some undesirable way." You list a few ways in which a key is insecure - and those are accurate enough - *but the fact that the key is insecure does not make it a weak key*. DES can be brute forced easily, but that doesn't make all DES keys weak keys. – Maarten Bodewes May 18 '16 at 11:31
  • @MaartenBodewes I think I start to understand your point. And by the way - isn't DES upgraded a **long** time ago to three pipes in EDE pipeline? An upgraded DES is referred as 3DES as far as I know. And it is pretty good – Alexey Vesnin May 18 '16 at 14:44
  • DES-EDE still has weak keys, which do **not** cause insecurity in most protocols (the chance that you randomly generate or derive a weak key is negligible). – Maarten Bodewes May 18 '16 at 14:50