Chapter 3 Cryptography 91
Security Considerations
already in place, or where a hardware developer wants to be able to provide a
platform that supports both RSA and elliptic curve encryption.
For the even characteristic finite field, F
2
m, there is also a choice of representation. For
these fields, elements can be represented using a polynomial basis, a normal basis, or
some other basis. For some values of m, elements can also be represented in an
optimal normal basis, which is generally more efficient than an ordinary normal basis.
In order for systems that use different bases to communicate, they need to convert
from one representation to another. Each representation has advantages and
disadvantages, including efficiency and potential patent coverage, so in current
elliptic curve standards the choice is typically left to the implementation.
Elliptic Curve Standards
The elliptic curve algorithms in Crypto-C are compliant with the ANSI X9.62
standard. The elliptic curve implementation is also based on the IEEE P1363 draft
standard.
Security Considerations
This section discusses security considerations when using public-key cryptography.
The following issues are discussed: handling private keys, temporary buffers,
pseudo-random numbers and seed generation, choosing passwords, initialization
vectors and salts, DES weak keys, stream ciphers, timing attacks and blinding, and
choosing key sizes.
Handling Private Keys
In public-key cryptography, only the owner of a private key can create a digital
signature or open digital envelopes. However, if someone other than the owner is able
to obtain the private key, the security fails. To ensure that no one other than the owner
has access to a private key, it should be stored encrypted, generally with a password-
based encryption method. An application will decrypt the private key when it is
needed. Always overwrite the memory that held a private key with zeroes or random
bytes immediately after the key has performed its function.
Operating systems will frequently use the hard disk space as virtual memory, so an
unencrypted private key may, through no intention of a user, end up on a hard disk.
Hence, for key buffers, an application should use the operating system’s mechanisms
