Shared secret
Encyclopedia
In cryptography
, a shared secret is a piece of data, known only to the parties involved, in a secure communication. The shared secret can be a password
, a passphrase
, a big number or an array of randomly chosen bytes.
The shared secret is either shared beforehand between the communicating parties, in which case it can also be called a pre-shared key
. Or it is created at the start of the communication session by using a key-agreement protocol
, for-instance using public-key cryptography
such as Diffie-Hellman
or using symmetric-key cryptography
such as Kerberos.
The shared secret can be used for authentication (for instance when logging in to a remote system) using methods such as challenge-response
or it can be fed to a key derivation function
to produce one or more keys
to use for encryption and/or MACing
of messages.
To make unique session and message keys
the shared secret is usually combined with an initialization vector
(IV). An example of this is the derived unique key per transaction method.
It is also often used as an authentication measure in APIs.
Cryptography
Cryptography is the practice and study of techniques for secure communication in the presence of third parties...
, a shared secret is a piece of data, known only to the parties involved, in a secure communication. The shared secret can be a password
Password
A password is a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource . The password should be kept secret from those not allowed access....
, a passphrase
Passphrase
A passphrase is a sequence of words or other text used to control access to a computer system, program or data. A passphrase is similar to a password in usage, but is generally longer for added security. Passphrases are often used to control both access to, and operation of, cryptographic programs...
, a big number or an array of randomly chosen bytes.
The shared secret is either shared beforehand between the communicating parties, in which case it can also be called a pre-shared key
Pre-shared key
In cryptography, a pre-shared key or PSK is a shared secret which was previously shared between the two parties using some secure channel before it needs to be used. To build a key from shared secret, the key derivation function should be used. Such systems almost always use symmetric key...
. Or it is created at the start of the communication session by using a key-agreement protocol
Key-agreement protocol
In cryptography, a key-agreement protocol is a protocol whereby two or more parties can agree on a key in such a way that both influence the outcome. If properly done, this precludes undesired third-parties from forcing a key choice on the agreeing parties...
, for-instance using public-key cryptography
Public-key cryptography
Public-key cryptography refers to a cryptographic system requiring two separate keys, one to lock or encrypt the plaintext, and one to unlock or decrypt the cyphertext. Neither key will do both functions. One of these keys is published or public and the other is kept private...
such as Diffie-Hellman
Diffie-Hellman key exchange
Diffie–Hellman key exchange Synonyms of Diffie–Hellman key exchange include:*Diffie–Hellman key agreement*Diffie–Hellman key establishment*Diffie–Hellman key negotiation...
or using symmetric-key cryptography
Symmetric-key algorithm
Symmetric-key algorithms are a class of algorithms for cryptography that use trivially related, often identical, cryptographic keys for both encryption of plaintext and decryption of ciphertext. The encryption key is trivially related to the decryption key, in that they may be identical or there is...
such as Kerberos.
The shared secret can be used for authentication (for instance when logging in to a remote system) using methods such as challenge-response
Challenge-response authentication
In computer security, challenge-response authentication is a family of protocols in which one party presents a question and another party must provide a valid answer to be authenticated....
or it can be fed to a key derivation function
Key derivation function
In cryptography, a key derivation function derives one or more secret keys from a secret value such as a master key or other known information such as a password or passphrase using a pseudo-random function...
to produce one or more keys
Key (cryptography)
In cryptography, a key is a piece of information that determines the functional output of a cryptographic algorithm or cipher. Without a key, the algorithm would produce no useful result. In encryption, a key specifies the particular transformation of plaintext into ciphertext, or vice versa...
to use for encryption and/or MACing
Message authentication code
In cryptography, a message authentication code is a short piece of information used to authenticate a message.A MAC algorithm, sometimes called a keyed hash function, accepts as input a secret key and an arbitrary-length message to be authenticated, and outputs a MAC...
of messages.
To make unique session and message keys
Session key
A session key is a single-use symmetric key used for encrypting all messages in one communication session. A closely related term is traffic encryption key or TEK, which refers to any key used to encrypt messages, as opposed to other uses, like encrypting other keys .Session keys can introduce...
the shared secret is usually combined with an initialization vector
Initialization vector
In cryptography, an initialization vector is a fixed-size input to a cryptographic primitive that is typically required to be random or pseudorandom...
(IV). An example of this is the derived unique key per transaction method.
It is also often used as an authentication measure in APIs.
See also
- Key stretching - A method to create a stronger key from a weak key or a weak shared secret.
- Security questionSecurity questionA security question is used as an authenticator by banks, cable companies and wireless providers as an extra security layer. They are a form of shared secret....
- implementation method