Shared secret
In this article we present all the information you need about Shared secret. Whether you're looking for tips, fun facts, recommendations, or simply want to learn more about this topic, you're in the right place. Shared secret is a topic that has captured the attention of many people in recent years, and that is why we have set out to compile all the relevant information and present it in a clear and concise manner. So get ready to immerse yourself in the fascinating world of Shared secret and discover everything this theme has to offer.
In cryptography, a shared secret is a piece of data, known only to the parties involved, in a secure communication. This usually refers to the key of a symmetric cryptosystem. The shared secret can be a PIN code, a password, a passphrase, a big number, or an array of randomly chosen bytes.
The shared secret is either shared beforehand between the communicating parties, in which case it can also be called a pre-shared key, or it is created at the start of the communication session by using a key-agreement protocol, for instance using public-key cryptography such as Diffie–Hellman or using symmetric-key cryptography such as Kerberos.
The shared secret can be used for authentication (for instance when logging in to a remote system) using methods such as challenge–response or it can be fed to a key derivation function to produce one or more keys to use for encryption and/or MACing of messages.
To make unique session and message keys the shared secret is usually combined with an initialization vector (IV). An example of this is the derived unique key per transaction method.
It is also often used as an authentication measure in web APIs.[citation needed]
See also
- Key stretching – a method to create a stronger key from a weak key or a weak shared secret
- Security question – implementation method
References
- Handbook of Applied Cryptography by Menezes, van Oorschot and Vanstone (2001), chapter 10 and 12.
