Passcodes: Keys, Passphases, PIN and Passwords
🔓Unlock …
15 min readJun 14, 2023
Passcodes refers to PINs, secret nonces, keys, passwords, passphases etc.
Key Usage Caveats
Key generation must come from a random source
Each key obtained from a reliable random source to ensure that the keys generated are independent from each other. If the key is to be generated from a software or PRNG, the PRNG must be a PRF acceptable by NIST.
Recommended:
- It is recommended to generate the keys from a certified RNG within a hardware tampered device such as a HSM or smartcard, etc.
- Run randomness test suites to assure high entropy of key generation.Caveat: Strong keys are not easy to be produced. e.g. Though GPG has been around for almost 20 years, there are only ~50,000 keys in the “strong set, and less than 4 million keys have ever been published to the SKS keyserver pool. In perspective, the strong set makes up only ~ 1.25% of the published keys.
Ensure sufficient key length.
Refer to guidelines establishing rough equivalences between symmetric- and public-key key sizes.
* FIPS 200, Minimum Security Requirements for Federal Information and Information Systems requires…