Enterprise, rolling keys, multi keys, and sub key?

Projects
1

Can some one explain these things and what they’re used for? Thanks!

2

rolling keys

two options

  1. basically a string is written to the chip, and every time it is rolled, it’s simply changed. sometimes that’s each time it’s scanned, and sometimes it’s just once ever few times… whatever the policy is. that way if an attacker reads the string off the chip they have a limited window in order to use that data in an attack. basically it’s a cheap not very secure at all way to make a crap chip with no actual security perform a kind of simple protection… like locking the door of your car with the window already down.

  2. the chip has the ability to provide a new code based on an algorithm that is known to the system, and it typically an encoding of a counter value. that way the system can keep track of the last counter value used and if an attacker pulls a read from the chip, they will have a limited window in order to use that data in an attack. basically it’s a different not very secure way to make a chip with some security perform a very simple kind of protection… like locking the door of your car with the window down about 2/3rds the way.

multi-keys

as far as I’m aware this is kind of like the way physical metal keys can work in a business where one key is a “master key” and has access to all or a large number of doors and another key is only allowed to access specific things… when you multi-key a chip you are basically adding roles to the chip… but this seems pretty dumb to me so i’m almost 92.349813% sure i just don’t know what i’m talking about here… so i will quit while i’m ahead and not even bother to talk about sub-keys… but i think they are basically a way to derive keys from a master key without giving up the master key… and that’s a whole lot to talk about so i’ll only bother if i’m right about it in the enterprise context… which i’m probably not :wink:

2 Likes
3

Rolling keys see wikipedia. They stop replay attacks, but that is about it.

Multi-key encryption is a technique which uses multiple keys to encrypt a secret such that any one key can decrypt it. There are some variations that require k out of n keys to decrypt.

Sub-keys are keys that are associated with your main key. So you might have a main pgp key, a sub key that you use for encryption, a different one you use for signing,… You can revoke the sub keys independently of the main key.