Thoughts on Key Management

Posted by Robert Freeman on January 05, 2007 at 3:51 PM EST.

In response to Tom Cross’ posting on Crypto Morsels, I wanted to reflect a bit about key management—a critical aspect of security. Controlling access to keys, passphrases that symmetrically decrypt an asymmetric private key, and access-control passwords secured by cryptographic hash is paramount but not insignificant considering the number of systems we use on a daily basis. Since we have access to so much that requires access control, the volume of secrets (passphrases, key files, etc.) is high and unlikely to decrease in time. To an individual though, this can be daunting to keep track of, especially if there are requirements that the secrets are changed regularly.

This forces the question: how does one best protect these secrets? Remember that some people still put their passphrases on Post-It-Notes and attach them to their monitor or computer. It is not practical for everyone to remember all the secrets mentally along with successfully physically hiding media containing keyfiles. Is the solution to have a single passphrase that provides access to all other passphrases and keyfiles in a secured database? Or, is it better to have a single passphrase and keyfile for all activities? There are potentially other ways to keep the secrets, but it is unlikely that there is any greater security afforded. So returning to the question of what is best, the answer is more likely the secrets database solution. Here’s why. If an entity is attacked and exposes your secret, then that secret is portable to other places, so since you have multiple places that know your single secret, it is more dangerous than having a single secret protecting multiple secrets from a single place. Most importantly, this secrets database can be further improved by exclusion from networking and additional physical security if necessary.