Editing Key generation (section)

==Generation in cryptography==
Modern cryptographic systems include [[symmetric-key algorithm]]s (such as [[Data Encryption Standard|DES]] and [[Advanced Encryption Standard|AES]]) and [[Public-key cryptography|public-key algorithms]] (such as [[RSA (algorithm)|RSA]]). Symmetric-key algorithms use a single shared key; keeping data secret requires keeping this key secret. Public-key algorithms use a [[public key]] and a [[private key]]. The public key is made available to anyone (often by means of a [[digital certificate]]). A sender encrypts data with the receiver's public key; only the holder of the private key can decrypt this data.

Since public-key algorithms tend to be much slower than symmetric-key algorithms, modern systems such as [[Transport Layer Security|TLS]] and [[Secure Shell|SSH]] use a combination of the two: one party receives the other's public key, and encrypts a small piece of data (either a symmetric key or some data used to generate it). The remainder of the conversation uses a (typically faster) symmetric-key algorithm for encryption.

Computer cryptography uses [[integer]]s for keys. In some cases, keys are randomly generated using a ''[[random number generator]] (RNG)'' or ''[[pseudorandom number generator]] (PRNG)''. A PRNG is a [[computer]] [[algorithm]] that produces data that appears random under analysis. PRNGs that use system entropy to [[Random seed|seed]] data generally produce better results, since this makes the initial conditions of the PRNG much more difficult for an attacker to guess. Another way to generate randomness is to utilize information outside the system. [[Veracrypt]] (a disk encryption software) utilizes user mouse movements to generate unique seeds, in which users are encouraged to move their mouse sporadically.<ref>{{Cite web |title=VeraCrypt - Random Number Generator |url=https://veracrypt.eu/en/Random%20Number%20Generator.html |access-date=2025-05-14 |website=veracrypt.eu}}</ref> In other situations, the key is derived deterministically using a [[passphrase]] and a [[key derivation function]].

Many modern protocols are designed to have [[forward secrecy]], which requires generating a fresh new shared key for each session.

Classic cryptosystems invariably generate two identical keys at one end of the communication link and somehow transport one of the keys to the other end of the link. However, it simplifies [[key management]] to use [[Diffie–Hellman key exchange]] instead.

The simplest method to read encrypted data without actually decrypting it is a [[brute-force attack]]&mdash;simply attempting every number, up to the maximum length of the key. Therefore, it is important to use a sufficiently long [[key length]]; longer keys take exponentially longer to attack, rendering a brute-force attack impractical. Currently, key lengths of [[128-bit|128 bit]]s (for symmetric key algorithms) and 2048 bits (for public-key algorithms) are common.