NIST defines the term “cryptoperiod” as the time span during which a specific ke

Question

NIST defines the term “cryptoperiod” as the time span during which a specific key is authorized for use or in which the keys for a given system or application may remain in effect. One document on key management uses the following time diagram for a shared security key.

Explain the overlap by giving an example application in which the originator’s usage period for the shared secret key begins before the recipient’s usage period and also ends before the recipient’s usage period.

Explanation / Answer

A Symmetric Encryption Algorithm is one in which there is a shared secret key used both for Encryption and Decryption. Examples - AES, RC4, HMAC etc.

In RC4 - A stream of bits is generated. With any stream cipher, these are used for encyrption combined with plain text using bitwise excusive-or and the decryption is performed the same way.

A secret key is securely created, then hash function (sha1) of the previous key will be used to generate the key, for every message sent. Same with the diagram, a secret key is generated first, then for the every message sent the hash function of the previous key will be used. So, the originator will start and the receiver will also know since the key will be the hash function of the previous key.

Related Questions

Navigate

• Browse (All)
• Browse N
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.