1. Field of the Invention
The present invention relates generally to cryptographic systems, and more particularly, to securing private keys in a public key cryptographic system.
2. Description of Related Art
The increasing accessibility of public networks, such as the Internet, allow a wide variety of data to be quickly and cost effectively accessed from virtually anywhere. The Internet, for example, allows users to access databases such as web page servers from any computer connected to the Internet.
One disadvantage with using a public network or an insecure private network to access information is the possibility that sensitive or private information may be accessed, modified, or intercepted by an unauthorized party. These problems can be mitigated, however, by using public key cryptographic systems. In these systems, an authorized person can digitally sign messages to verify their source and information can be encrypted before it is transmitted over the insecure network. The receiver of the signed message will be assured that the message originated from the authorized person. The encrypted information, even if unlawfully intercepted, is not intelligible. In this manner, an insecure network may act functionally like a private and secure network.
The basic components of a public key cryptographic system include a cryptographic algorithm and two numerical codes called keys, one of which is referred to as the public key and the other the private key. To encrypt information, a user inputs a public key to the cryptographic algorithm along with the information to be encrypted. The resultant information, encrypted with the public key, can only be decrypted with the corresponding private key. For example, if a first user encrypts a message with the public key, only the holder of the private key can recover the original message. Even the first user, absent the private key, cannot decrypt the message.
Parties wishing to securely communicate with one another over an insecure network using a public key cryptographic system begin by exchanging their public keys. The sending party then encrypts its information using the second party's public key. The second party decrypts the received information using its private key. Similarly, when digitally signing a document using public key cryptographic systems, the signing party signs the document using its private key. Correctly decrypting the signature with the signing party's public key verifies the identity of the signing party.
For a public key cryptographic system to be reliable, the communicating parties must keep their respective private keys secure. A user's private key is typically stored at the user's computer. To guard against someone stealing the private key, either by unauthorized physical or logical (i.e., programmatical) access to the user's computer, conventional public key encryption systems encrypt the user's private key using a symmetric encryption algorithm that uses a single key based on a password entered by the user. The encrypted version of the private key is only secure, however, if the user uses a “strong” password. Weak passwords—passwords that are short or based on real words—are vulnerable to brute force cracking algorithms that discover a private key by decrypting the stolen but encrypted version of the private key by methodically trying a large number of possible passwords.
Strong passwords are passwords that are long enough so that a brute force attack is not likely to be able to guess the correct password. Strong passwords, although desirable from a security standpoint, are not particularly user friendly. Users do not like to type in long phrases every time they begin a secure session. Additionally, strong passwords can be difficult to remember.
Accordingly, there is a need in the art to improve the user friendliness of passwords used to protect a private key without compromising the security offered by strong passwords.