Types of Encryption Keys
Used in Cryptosystem ME6
Whenever Cryptosystem ME6 is used to encrypt or decrypt a file (or set of files) an encryption key must be supplied (the decryption key is the same as the encryption key). The key can be up to 64 characters long and must be at least 16 characters long. There are four ways to specify an encryption key:
In brief these are:
(a) type the key and see it as you type
(b) type the key but suppress the display (then retype to confirm)
(c) get the key from a file (called a "keyfile") and
(d) create a 64-byte random key (which is saved in a keyfile).
ME6 takes the key as entered at the keyboard, converts all lower case letters to upper case and removes all spaces. Thus you don't have to be concerned about whether some letters in the key are in upper or in lower case, or whether you have accidentally typed an extra space. (The checksum is a number in the range 1 through 9999 which is calculated from the key and will be different for different keys.)
There is a slight problem connected with using a key that you type in at the keyboard, namely, that for such a key to be easily remembered by most people it must either be short or else consist of a natural language phrase. A short key is vulnerable to a brute force attack, and a key which consists solely of natural language words plus punctuation marks is vulnerable to discovery by means of a dictionary attack.
Cryptosystem ME6 provides a way to foil a dictionary attack by using a long key consisting of apparently random characters, such as:
Such a key eludes a dictionary attack but since it cannot be remembered (by people with normal memory) it must be stored in a file so that the program can access it. Such a file is called a "keyfile".
A keyfile need not have been created to hold a key. Any file, text or binary, can be specified as a keyfile. Most, but not all files, are suitable for use as keyfiles. A keyfile can contain ordinary text or binary data.
If you instruct Cryptosystem ME6 to get the key from a keyfile it will check to see whether the file exists already. If it does not (or if ME6 can't find the file) it will ask if you wish to create a random keyfile. (You can also request that ME6 create a new random keyfile by clicking on Create random key.)
A random key is created on the basis of random movements of the mouse (this takes about half a minute):
After the random key has been created you can inspect the bytes of which it is composed:
There are (256-32)64 = 22464 possible keyfiles which can be generated in this way, and each of these sets of 64 bytes is a possible ME6 encryption key. Thus the size of the ME6 key space is 22464, which is approximately 10150 or about 2500. In other words, ME6 uses a 500-bit key.
Cryptosystem ME6 Product Information Cryptography Hermetic Systems Home Page