In
cryptography
Cryptography, or cryptology (from "hidden, secret"; and ''graphein'', "to write", or ''-logy, -logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of Adversary (cryptography), ...
, a shared secret is a piece of data, known only to the parties involved, in a
secure communication. This usually refers to the
key of a
symmetric cryptosystem. The shared secret can be a
PIN code, a
password
A password, sometimes called a passcode, is secret data, typically a string of characters, usually used to confirm a user's identity. Traditionally, passwords were expected to be memorized, but the large number of password-protected services t ...
, a
passphrase
A passphrase is a sequence of words or other text used to control access to a computer system, program or data. It is similar to a password in usage, but a passphrase is generally longer for added security. Passphrases are often used to control ...
, a big number, or an array of randomly chosen bytes.
The shared secret is either shared beforehand between the communicating parties, in which case it can also be called a
pre-shared key, or it is created at the start of the communication session by using a
key-agreement protocol
In cryptography, a key-agreement protocol is a protocol whereby two (or more) parties generate a cryptographic Key (cryptography), key as a function of information provided by each honest party so that no party can predetermine the resulting value ...
, for instance using
public-key cryptography
Public-key cryptography, or asymmetric cryptography, is the field of cryptographic systems that use pairs of related keys. Each key pair consists of a public key and a corresponding private key. Key pairs are generated with cryptographic alg ...
such as
Diffie–Hellman or using
symmetric-key cryptography such as
Kerberos.
The shared secret can be used for authentication (for instance when logging in to a remote system) using methods such as
challenge–response or it can be fed to a
key derivation function
In cryptography, a key derivation function (KDF) is a cryptographic algorithm that derives one or more secret keys from a secret value such as a master key, a password, or a passphrase using a pseudorandom function (which typically uses a cr ...
to produce one or more
keys to use for encryption and/or
MACing of messages.
To make unique
session and message keys the shared secret is usually combined with an
initialization vector
In cryptography, an initialization vector (IV) or starting variable is an input to a cryptographic primitive being used to provide the initial state. The IV is typically required to be random or pseudorandom, but sometimes an IV only needs to be un ...
(IV). An example of this is the
derived unique key per transaction method.
It is also often used as an authentication measure in
web API
A web API is an application programming interface (API) for either a web server or a web browser.
As a web development concept, it can be related to a web application's client side (including any web frameworks being used).
A server-side web AP ...
s.
See also
*
Key stretching – a method to create a stronger key from a weak key or a weak shared secret
*
Security question – implementation method
References
*
Handbook of Applied Cryptography' by Menezes, van Oorschot and Vanstone (2001), chapter 10 and 12.
{{Cryptography navbox
Key management