The security of electronic data is of major concern to both individuals and organisations. There are many circumstances in which the disclosure of electronic data to an unauthorised third party can result in considerable damage or loss to the owner of the data. Apart of course from normal physical security measures, the most common way to protect data is to encrypt the data and or to “lock” access to the data using a passphrase (or password). A typical security system (for example F-Secure's Filecrypto™) might, upon installation, require a user to create a passphrase. A cryptographic hash function and/or message authentication code algorithm is applied to the passphrase to derive a cryptographic key. Alternatively, a cryptographic key may be generated separately and protected by encrypting it with the key derived from the passphrase (this makes it possible for the user to change the passphrase without requiring all of the data to be re-encrypted). When it is subsequently required to encrypt data (e.g. a data file), the cryptographic key is applied to the data using an encryption function. In order to decrypt previously encrypted data, the user must enter the passphrase. The cryptographic key is again derived from the passphrase or used to access the passphrase, and the data decrypted by applying the key to the data using an inverse transformation. As a back-up, a user may store a copy of the cryptographic key on some external storage medium (typically a floppy disk). Neither the key nor the passphrase are stored permanently on the protected computer system.
The value of a passphrase as a source for a symmetric cipher key can be measured as the amount of entropy that the password contains. For example, words constructed using the Latin alphabet have an entropy of approximately 1 bit per letter, whilst a totally random string of lowercase letters and numbers has an entropy of approximately 5 bits per letter. The following table shows that a proper password should be quite long in order to provide adequate protection against a brute force attack, i.e. an exhaustive search of all possible key values.
Symmetric key lengthTime required to break56 bits5 minutes80 bits50 years96 bits3 million years128 bits 1016 years
The times shown in the table correspond with computing performance of equipment worth of $10 million USD. In the light of ever increasing computing power and new processing techniques, a key of around 90 bits would appear to provide an adequate level of security.
The strength of the encryption process is dependent on the length and randomness of the password. To achieve the required level of security, a passphrase comprising a totally random string of lowercase letters and numbers should have a length of 18 characters. It will be apparent that the process of entering such a passphrase into a computing device is relatively laborious. As such, currently implemented systems tend to require the entry of the passphrase only when a user first turns on the device (typically once per day). At this time, the cryptographic key is generated and stored in a memory of the device. For as long as the device remains on, the key is maintained. Only when the machine is turned off or re-booted is the key deleted. All stored encrypted data may be decrypted when the machine is turned on and the password entered, and subsequently re-encrypted when the machine is turned off, or data may be decrypted and encrypted only on demand.
This mechanism works well for personal computers and the like which tend to have fixed locations and are relatively unportable. The chance of a machine being stolen during working hours is low. However, for portable computing devices, implementing the described mechanism may represent an unacceptable security risk as there is a distinct possibility that the devices may be lost or stolen when they are carried out of the office environment (or even stolen from the office given their small size) when they are in an on state. Examples of portable devices are laptop and palmtop computers, as well as PDAs and mobile telephones.