Shared secret: Difference between revisions

{{redirect|sharedShared secrets|the album by George Cables|Shared Secrets (album)}}

In [[cryptography]], a '''shared secret''' is a piece of data, known only to the parties involved, in a [[secure communication]]. This usually refers to the [[Key (cryptography)|key]] of a [[Symmetric-key algorithm|symmetric cryptosystem]]. The shared secret can be a [[personal identification number|PIN code]], a [[password]], a [[passphrase]], a big number, or an array of randomly chosen bytes.

The shared secret is either shared beforehand between the communicating parties, in which case it can also be called a [[pre-shared key]], or it is created at the start of the communication session by using a [[key-agreement protocol]], for instance using [[public-key cryptography]] such as [[Diffie–Hellman key exchange|Diffie-HellmanDiffie–Hellman]] or using [[symmetric-key algorithm|symmetric-key cryptography]] such as [[Kerberos (protocol)|Kerberos]].

The shared secret can be used for authentication (for instance when logging intoin to a remote system) using methods such as [[Challenge-responsechallenge–response authentication|challenge-responsechallenge–response]] or it can be fed to a [[key derivation function]] to produce one or more [[key (cryptography)|keys]] to use for encryption and/or [[Messagemessage authentication code|MACing]] of messages.

To make unique [[Sessionsession key|session and message keys]] the shared secret is usually combined with an [[initialization vector]] (IV). An example of this is the [[derived unique key per transaction]] method.

It is also often used as an authentication measure in [[web API]]s.{{Citation needed|reason=Original citation did not lead to a webpage.|date=May 2017}}