[Cryptography] Is storing a hash of a private key a security risk?
Ralf Senderek
crypto at senderek.ie
Tue Apr 12 14:31:04 EDT 2016
On Tue, 12 Apr 2016, Peter Gutmann wrote:
> For private keys stored in a secure enclave in an embedded environment,
> there's some concern that over long periods of time the key components may be
> subject to bit rot/corruption. One possible solution is to store a truncated
> hash of the private key components outside the enclave and use that to verify
> that nothing has changed, by asking the enclave whether the stored key
> corresponds to the given hash value.
> Can anyone see any problems with this? Or suggest an alternative approach
> that doesn't violate the constraints imposed by the hardware?
>
> Peter.
In order to keep the key material secure the truncated hash would be
calculated inside the enclave. You give the stored truncated hash value
from outside and get a yes/no from the enclave code I suppose.
I wouldn't be concerned about oracle attacks unless the hash function
has any indication not to be one-way, but I would be concerned about
the reliability of the integrity check if the truncation has to be
substantial. The full hash value would clearly allow to decide whether
or not the key material is kosher. But if random key bit rot occurs
a substantially truncated hash value might not catch the first
of these bit flips reliably. So I think it depends on how catastrophic
an unlikely miss of a key change turns out to be.
--ralf
More information about the cryptography
mailing list