Your data is encrypted. So what? Are you using SSL, AES, 3DES, or something else? Can your data be compromised with a cryptographic attack? What key length are you using? This paper attempts to shed a bit of light on the myths and misconceptions when dealing with encryption.
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Â
128 BIT WHAT?
1. Author:
Dr. Kent D. Boklan
Director, Security Research
Razorpoint Security Technologies, Inc.
Version:
1.1
Date of current version:
2007â05/18
Date of original version:
2007â01/10
Copyright Š 2007 Razorpoint Security Technologies, Inc.
All Rights Reserved.
128 bit what?
[ WHITE PAPER ]
â˘
2. Table of Contents:
Introduction. ................................................................................................................................................. i
The Strongest Available. ............................................................................................................................. 1
Modern Cryptography. ................................................................................................................................. 1
Real World Use. ............................................................................................................................................ 2
Block Cipher Encryption Diagram. ............................................................................................................ 2
Itâs Encrypted. Isnât It? .............................................................................................................................. 3
Some Common Cryptography Terms. ...................................................................................................... 3
About Razorpoint Security. ......................................................................................................................... 4
â˘
May 18, 2007 128 Bit What? [v1.1]
31 east 32nd street, sixth floor | new york city, new york 10016â5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpoint.com | secure.now@razorpoint.com
Copyright Š 2007 Razorpoint Security Technologies, Inc. All Rights Reserved.
3. Introduction.
Your data is encrypted. So what?
Is the encryption you used a block cipher or a symmetric cipher? Maybe SSL, AES, or 3DES? Can your data be
compromised with known cryptographic attacks? What key length are you using with your encryption? And, what
does that mean? Is 56 bits enough? What about 128 or 256?
Buzzwords abound when it comes to security, and encryption is an area with a set all its own. This paper attempts
to shed a bit of light on the myths and misconceptions when dealing with encryption, and hopefully helps focus on
what matters through all the noise.
Gary C. Morse, CISSP, CISM
President / Founder
Razorpoint Security Technologies, Inc.
â˘
May 18, 2007 128 Bit What? [v1.1] Page i of i
31 east 32nd street, sixth floor | new york city, new york 10016â5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpoint.com | secure.now@razorpoint.com
Copyright Š 2007 Razorpoint Security Technologies, Inc. All Rights Reserved.
4. 128 bit what?
The Strongest Available.
When I moved to Manhattan in the summer of 2002, I opened a checking account at a major bank. I was asked by the financial
manager if I wished to set up the account for online access. I replied by asking about the security mechanisms that were in place for
online banking. The woman with whom I was speaking tried to assure me with waives of her hands that the bank used âreally good
methodsâ but I asked for a more detailed assessment. She telephoned one of the bankâs experts in such matters (so she told me)
and, after a few minutes on hold and small talk about my move to New York, she got through to the person that I can only suppose
was a lead in the bankâs IT department. He told her â and she relayed to me â that they used âreally strong encryption.â I asked for
more details and he told her that he would connect her to the person who really knew what they used. A few embarrassing minutes
later, she got the answer, they used, â128 bit encryption.â I directly inquired, â128 bit what?â and she repeated this question into the
telephone receiver. The person on the other end was silent for a few moments and then admitted they did not know more than that
â but it was 128 bit encryption â âthe strongest available.â
Today, we are inundated with media pronouncements of âstrong securityâ with such ubiquitous buzz phrases as â128 bit encryption.â
The cipher mechanisms and associated data security technologies almost always come directly out of the black boxes of commercial
software. To maintain the confidentiality of data, the encrypting (and the decrypting) is performed invisibly to the user who must go
on faith that best practices are employed, and that strongest means best. Unfortunately, the security of encrypted data is not simply
a matter of the number of bits, 128 or otherwise.
The answer is not simple because the question is illâposed. Itâs not the strength of the algorithms that should be the concern, itâs how
they are implemented, how the cryptographic keys are generated, how the keys are managed and how they are stored. And thatâs
not all.
Modern Cryptography.
Modern cryptography is founded upon two essentially different types of schema: public key methods and private key methods.
Public key cryptography is relatively new. Whereas private key methods date back centuries, public key techniques were âinventedâ in
the public sector in the 1970s and, recently disclosed, at the UKâs Government Communications Headquarters (GCHQ) a decade earlier
(but they had been classified). In a public key system, the sender of a message looks up some public information for the person to
whom they wish to send a message. That person â and hopefully only that person â is in possession of some private key that allows
them to read any message that is encrypted with the public information. For this reason, public key cryptography is also known as
asymmetric cryptography.
As a simple example of the public key concept, imagine an open lock and an open box. These represent the public information for
a particular person. To send a message securely to this person, put the message into the box and lock the box with the lock. Only
the person with the key to that lock can read the message. (This means that once you lock the box, you canât get to the message
either.) Public key algorithms are rarely used for encryption â they are almost exclusively employed to create digital signatures and
to send very short pieces of data â like keys to be used in private key methods and personal identifiers for use with e-commerce sites.
Roughly, the major public key systems run at about 10,000 times slower than private key algorithms. Public key methods are usually
based upon mathematical operations and, as such, are very slow.
In private key cryptography (also called symmetric key cryptography), a key â a string of zeros and ones â is shared exclusively amongst
those who employ the secret key to encrypt and decrypt their communications. The technique to do the encrypting (and decrypting)
is some chosen algorithm that is used in conjunction with that secret key. Following the example in the previous paragraph, in private
key systems we have the concept of a box and a lock which those involved in the secret communications all have a key to open. Most
often, this key is a session key, generated for a single session of communication between two users. The key is then discarded and
the next time (for example, the next time you bank online), a new session key is created. The protocol for key establishment and key
exchange is a cryptographic procedure that is usually performed inside the link that is established between the entities involved (like
you and your bankâs website). Many symmetric encryption algorithms have been proposed over the years and are out there, but only
a few have gained acceptance by experts, governments and industry as âsecureâ and of these, fewer still are widely used.
Symmetric algorithms come in two varieties: block ciphers and stream ciphers. Stream ciphers are used when you need to encrypt
in real time. Itâs done one bit at a time â telephone communication is a good example. Stream ciphers are very infrequently used on
the Internet. Block ciphers, on the other hand, are used for essentially all bulk data encryption. They do almost all of the work in the
digital world today. When you download a file through secure means or when you bank online, itâs a block cipher that encrypts and
protects the confidentiality of your data. Itâs a block cipher in which you trust.
Block ciphers encrypt blocks of bits at a time, the number of which depends on the algorithm. Some act on 64 bits, and some take
128 bits at a time; but this is not the 128 bits in â128 bit encryption.â
May 18, 2007 128 Bit What? [v1.1] Page 1 of 5
31 east 32nd street, sixth floor | new york city, new york 10016â5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpoint.com | secure.now@razorpoint.com
Copyright Š 2007 Razorpoint Security Technologies, Inc. All Rights Reserved.
â˘
5. Real World Use.
Perhaps the most famous example of a symmetric key cipher is the Data Encryption Standard, DES, which served as a global workhorse
for twenty years since itâs adoption by the U.S. Government as a standard in the mid 1970s. Itâs a block cipher, and the key in DES is
56 bits long. DES performs, one could say, â56 bit encryption.â
A key size of k bits is equivalent to having 2k
possible keys. A good block cipher design does not yield to any attack other than what
is called brute force1
. This means, essentially, that all 2k
possible (encryption) keys are tried and whichever provides recognizable
language output is the right one. With computers growing increasingly powerful, DES has been rendered vulnerable. 256
is just not as
big as it once was. To compensate, a good (secure) alternative is to employ 3DES (read, âtriple-DESâ) which uses a much larger key
size2
. Multiple encryption applications, such as 3DES, can be made secure but one must be careful. 3DES is just DES 3 times, with
2 or 3 different keys. 2DES (âdouble DESâ), however, is no more secure than DES because it falls to an attack called a âmeet in the
middle.â There are other options for block ciphers aside from multiple encryption approaches, of course.
Over the Internet today, most encryption is accomplished in a manner in which the user is passive. The only notification the user
may receive may be a picture of a lock on a browser screen suggesting a secure channel or âsecure page.â Is this a sign that you are
using 128 bit encryption? 128 isnât a magical number of bits. It doesnât mean anything about how something is encrypted. 128 bit
encryption is almost certainly a statement about the key size in the block cipher thatâs being used. The block cipher itself could be
the new Advanced Encryption Standard (AES), formerly known as Rijndael3
. The Rijndael cipher comes in three flavors: 128, 196 and
256 bit key versions. IDEA is another block cipher that has a key size of 128 bits and so is CAST. IDEA is used in PGP, Pretty Good
Privacy, the popular email encryption program. CAST is a Canadian design thatâs widely employed. There are quite a few other block
ciphers that have passed muster in the cryptoanalytic community that can use a 128 bit key but thatâs not really the point. What 128
bit encryption is not is a key size for a public key algorithm. RSA4
is an example of a well-known public key cryptosystem and if your
data was being encrypted by 128 bit RSA, you should be very concerned. 128 bit RSA is not even close to being secure. Youâd want
at least 1,024 bits today.
Public key sizes (for the secret key) are invariably much larger than symmetric key sizes. Classically, there are better than brute force
attacks against public key algorithms due to their highly mathematical nature. My bank was using, quite probably, the AES scheme.
That wasnât my security concern, however.
Block Cipher Encryption Diagram.
The following diagram illustrates the basic process of block cipher encryption. Notice how the original plain text message is broken
into separate blocks. The encryption algorithm, with the use of the encryption key, then encrypts the blocks. Finally, the encrypted
blocks are reassembled into the cipher (encrypted) text.
May 18, 2007 128 Bit What? [v1.1] Page 2 of 5
31 east 32nd street, sixth floor | new york city, new york 10016â5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpoint.com | secure.now@razorpoint.com
Copyright Š 2007 Razorpoint Security Technologies, Inc. All Rights Reserved.
1. This is not to say that new attacks can not or will not be found, but the theory of attacks is quite well-developed and it is unlikely that any shocking breakthroughs in attacking
a block cipher directly will be made.
2. 3DES uses a key size of either 112 or 168 bits, depending on the variant.
3. The U.S. government selected Rijndael after a three-year international search for a new encryption standard. It was developed by two Belgian computer scientists.
4. RSA stands for Rivest Shimar Adleman. The company is now owned by EMC.
128 bit
Encryption Key
Plain Text Blocks
Cipher Text Blocks
Encryption
Algorithm
(AES,3DES,IDEA,DES)
Plain
Text
Cipher
Text
6. May 18, 2007 128 Bit What? [v1.1] Page 3 of 5
31 east 32nd street, sixth floor | new york city, new york 10016â5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpoint.com | secure.now@razorpoint.com
Copyright Š 2007 Razorpoint Security Technologies, Inc. All Rights Reserved.
Itâs Encrypted. Isnât It?
The widespread use of Secure Socket Layer (SSL) technology to protect data confidentiality, to secure data transmissions over
unsecured networks, like the Internet, only goes to reinforce the rhetoric that the future of encryption is through automated software.
From a cryptographic standpoint, the concern is not the block cipher or the key length options one may have, itâs how the key bits are
generated and if they are based on your password â and if so, the password length and entropy1
.
Some questions to consider: Can your key be found? Is your block cipher being used in the proper mode? (And what is a block cipher
mode?) Default settings arenât always best and appropriate for oneâs needs and applications. Are issues of data integrity addressed?
Is the data signed so you can trust its origin? Is 128 bits right for you? If you use the AES method with a 256 bit key, is that 128 bits
more secure than with a 128 bit key? These are all important questions and only some of the issues that really need to be addressed.
Itâs just not as simple as using something called strong encryption.
The strength of data security is not all in the key and itâs not about breaking the crypto, itâs about exploiting the system. Bigger (keys)
doesnât necessarily mean better; just donât use single DES. If your key size for your symmetric method, for your block cipher, is at least
100 bits long, youâre secure for quite a long time, a few decades. Predicting secure key sizes far into the future is a divinerâs art and
itâs difficult to do with any sense of surety. (How strong are the methods that are never announced publicly? Why would anyone who
has a good attack disclose it?) Mooreâs Law, which has held up very well for decades, suggests that processing power doubles every
18 months. If we accept this â and that large-scale quantum computers do not exist2
- a block cipher thatâs secure with a margin of
20 bits should be good for at least another 30 years. That means that, if done correctly, 128 bit encryption, using a respectable and
vetted block cipher, should withstand attack for about 70 years. And 3DES is good for at least another 50.
Secure key sizes for public key algorithms (like RSA) are a whole other matter. Roughly speaking, an 80 bit key length for a block cipher
is about equivalent in strength to a 1,024 bit RSA key, and a 128 bit key length for a block cipher to about a 3,000 bit RSA key3
.
A strong algorithm poorly implemented is susceptible to compromise and attack. For a given secure key, even one 128 bits long, every
time you encrypt your bank account number it looks the same. Every time you withdraw one hundred dollars, the encrypted version
of your transaction is identical. This kind of âleakageâ of confidential information â even though no one can tell itâs $100 youâre taking
out â is unacceptable. Recognizable patterns like this can be exploited. There are means and best practices to block these weaknesses,
but these are topics for another paper.
Some Common Cryptography Terms.
Key: The secret that, in combination with an encryption algorithm, allows you to encrypt data.
Key Length: The number of bits in the key. The key length is a measure of the strength of your encryption.
Block Cipher: An algorithm that encrypts data, one block of data at a time. The size of the block varies
algorithm to algorithm, but is usually 64 or 128 bits.
Stream Cipher: A block cipher with a block length of 1. These algorithms are used for speedy, real-time
encryption (e.g., cellular phone calls).
128 Bit Encryption: Block cipher encryption with a key length of 128 bits.
1. In this situation, we may consider the entropy to be a measure of the amount of randomness.
2. And even if they do, symmetric methods do not fall as easily as the asymmetric do.
3. The primary reason for this disparity is that, roughly, public key methods are more sensitive to advances in Mathematics.
7. The Network Security Challenge
The number of companies relying on the Internet for mission-critical business
has skyrocketed. And, while this growth has intensified the need for network
hardware, software and personnel, it has also increased the need for dynamic,
effective network security. New security vulnerabilities are released daily,
and maintaining a secure operating environment is a complex and costly
process. Some analysts claim 3 of every 4 business web sites are vulnerable
to attack, and by the end of 2006 Internet fraud could surpass credit card
fraud. Cyberattacks are now routine in todayâs electronic landscape, and
cybercrime is no longer a future threat; it is here, now.
Public, Private & Proprietary
We categorize security vulnerabilities into three areas: public, private, and
proprietary. Public vulnerabilities are those reported in the mass media
and are usually the most easily corrected. These include viruses, worms,
misconfiguration notices, and other general security issues. Private
vulnerabilities are lesser known and usually held more closely within
the underground hacker community. Private vulnerabilities are almost
always more lethal, much less publicized and can cause more damage
to online networks. Proprietary vulnerabilities are those uncovered and
developed at Razorpoint Security. We utilize all of these during our security
engagements to ensure that our clients get the most comprehensive
assessments possible.
A Process, Not A Product
While many installations employ similar hardware and software products, not
all networks are alike. All too often misconfigured machines are put behind
firewalls (âa productâ) giving a false sense of security. Hackers use their
unlimited time resources to find small idiosyncrasies in perimeter security
(e.g. firewalls) to obtain minimal access to internal machines (e.g. mail server,
web server, etc.) usually undetected. Once limited access is established,
hackers simply exploit vulnerabilities on the internal, misconfigured machines
to obtain Superuser (root) access. Thatâs it. Thatâs all it takes. Your entire
network is compromised. This simplistic scenario illustrates how someone,
with enough time and skill, can bypass a product-based security solution and
wreak havoc on a live network. Security needs to be monitored, maintained,
and updated constantly to meet the ever-changing security landscape (a.k.a.
âthreatscapeâ). Proper security includes well-designed infrastructures,
firewalls, âhardenedâ operating systems, good passwords, intrusion detection,
and above all, awarenessâââall of which must be continuously updated.
This ongoing âprocessâ is what keeps environments secure and minimizes
unauthorized access by malicious intruders.
There is no magic bullet. There is no shrink-wrapped package. And,
there is no universally applicable product that ensures the security of
a network environment. If there is one concept Razorpoint Security
Technologies stresses to its clients, itâs that ânetwork security is
a process, not a product.â
Razorpoint Security Technologies, Inc. specializes in network security, attackâ/âpenetration
testing and identifying potentially disastrous security vulnerabilities especially as they
relate to Internet solutions and web applications. We offer security services that focus
the view of your network environments and e-business ventures.
Razorpoint Security offers business leaders and corporate clients the
necessary security services and solutions that help keep corporate networks
secure. While many security firms provide singular penetration tests with
limited documentation, Razorpoint offers a year-round assessment schedule
and customized documentation deliverables that help keep clients up to date.
Our assessments go well beyond the average âport scanâ or âvulnerability
scanâ exercises. We look at your network through the eyes of those looking
to do you harm. We know what they know, we know what they see, and
we know what they do.
What is secure?
Products alone do not secure data.
Processes do.
R a z o r p o i n t âs c o m p r e h e n s i v e
security services identify real world
vulnerabilities and help keep data
secure.
www.razorpoint.com
and, how do you know?
8. The RazorBASE
New security vulnerabilities, tools and exploits are released every day. The
task of cataloging, maintaining and applying these to achieve effective
security assessments is nearly an impossible task. That is why we have
created a customized database that enables us to collect, index and retrieve
relevant information easily and effectively. We call it The RazorBASE. You
can think of it as one of the most comprehensive repositories of network
security information ever compiled. It is one way we can ensure our security
assessments are as focused as possible for our varying client environments.
This proprietary resource is tapped for every Razorpoint project and is
constantly updated with new tools, techniques and documentation to help
keep Razorpointâs staff on top of the latest security developments.
annual assessment scheduleattackâ/âpenetration testing
Let us work with you to review an upcoming technology rollout or
an existing infrastructure from the security point-of-view. We
can help you uncover security vulnerabilities before malicious
attackers do.
Whether itâs firewalls, routers, intrusion detection systems,
or modem/PBX systems, security should always be a top concern.
Razorpoint can help you configure, deploy and troubleshoot
your technology to help eliminate security vulnerabilities that go
undetected.
security technology consultingsecurity design review
Why did that hacker get into your network even though youâve got
a firewall? Internally or externally, we offer comprehensive attack/
penetration tests that look at your network through the eyes of those
looking to do you harm.
A 12 month schedule of quarterly attack/penetration tests,
with monthly security advisories. This complete offering
keeps your organization regularly updated on the latest security
vulnerabilities, techniques and countermeasures.
Our Services
Razorpoint Securityâs services are designed to give our clients the
most comprehensive security analysis of their network operating
environments. Our expertise helps identify vulnerabilities, uncover
potentially disastrous security holes, plan for future growth from
a security point of view, and maintain ongoing security with regular
assessments. Below are each of our speciality areas in more detail:
31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | office: 212.744.6900 | fax: 212.744.6344 | www.razorpoint.com | secure.now@razorpoint.com
copyright Š 2001-2007 razorpoint security technologies, inc. all rights reserved.
Razorpoint Security Technologies, Inc.
FEATURED ON
Our expertise makes Razorpoint Security a
prime media source on information security.
We have been featured by CNN, CNBC,
Forbes, The New York Times Magazine,
MSNBC, WiredNews, Crainâs, CBS, Fox5,
ABC/CourtTV and many others.