Cryptography in AccessKeys:
By default, AccessKeys ships with two limitations on cryptographic strength, only 56 bit encryption keys are allowed and only the DES algorithm is enabled. This means that your information is safe from the average sneaker but a determined hacker with either:
 |
time and computor power at hand or |
|---|---|
|
a good knowledg of cryptography |
will be able to break your key and read your information relatively easily.
The reason we ship AccessKeys with a 56 bit key size limit is that Sun Microsystems (the maker of the Java language used to write AccessKeys) are bound by export restrictions on cryptography and hence, according to the Java license, we are not allowed to ship AccessKeys with unlimited strength cryptography. On the other hand if you, as a user, can accept the license with Sun Microsystems, you can download other Policy Files from Sun Microsystems and very easily upgrade AccessKeys (using a built in Wizard) to support unlimited strength cryptography.
How does cryptography work in AccessKeys:
The very basic principle of (secret key) cryptography is to take an algorithm and a secret (known only by you) key and apply these to a piece of non-encrypted data to obtain the encrypted data. To get the original data back the same algorithm and the same key must be applied on the encrypted data to decrypt it. According to current cryptographic principles the strength of cryptography must not depend on the algorithm but rather only on the key (known as the Kerckhoffs' Principle). That is, everyone, including the hacker, knows the algorithm but providing that the key is strong enough, he or she will never be able to find it.
In AccessKeys we use Password Based Encryption to encrypt a special kind of file called a Key Store, which are used to store the key used to encrypt the data. The key is (providing you have unlimited strength encryption enabled) very strong and in practice impossible to guess, so the weak point here is the password. In the figure below we illustrate this principle and you can also see where the master key that can be optionally saved comes into play.
The picture also illustrates one more concept. If the password is forgotten, the Key can never be retrieved from the Key Store. Then, if no "Master Key" was saved, the data is lost forever. AccessKeys contains no "back doors" or no other means of retrieving the encrypted information without breaking the key.
How to break the AccessKeys Key:
Expressed very simply, there are two ways:
|
Try every possible password until you find the right one and open the Key Store to retrive the encryption key |
|---|---|
|
Try every possible encryption key directly |
This illustrates one more concept, the system is as secure as the weakest link out of the password and the secret key. Therfore it makes no sense to use a 256 bit encryption if you use a five letter password, or the opposit of using 56 bit encryption and a 20 letter password.
One point here worth mentioning is that, perhaps you store your database containing your passwords and credit card numbers in a less secure locatin, or perhaps you are distributin it by e.mail or through any other non-secure media. Then, a really large key could make sense, no matter what your password for the Key Store is, as the chance of someone getting their hands on your database is relativly high.
So, to break into an AccessKeys database you need a lot of time and a lot of computer power to try all possible keys or passwords (known as a brute force attack). Therefore, when we claim that your information is secure what we really mean is that it can not be retreaved in a reasonable time by trying all possible keys. With a strong enough key, the information will be either outdated once it has been retrieved or it will be too expensive to retrieve. There are several sites on the web that discuss the time it takes to find a key of a given length (for example this one) but in general a 256 bit key is considered very safe.
