Network Computingwww.networkcomputing.com

At first, much of the security community was skeptical. With the paper having many new proposals, it was tough to determine with which theories the various supporters agreed. But those involved in the security industry have found far too often that actual problems are often preceded by such rumors.

Bernstein's paper discusses implementing specialized hardware to be used in number field sieve factoring, a method used to factor encryption keys based on large prime numbers (such as RSA and DH). The reality of implementing the hardware in a typical commercial environment is limited, if at all possible -- predicted costs can range upward of $1 billion. Yet, such limitations don't apply to large government organizations (local and foreign) that have both the desire to crack keys and the resources necessary to fabricate the specialized computer chips.

While it sounds good, the reality is that this scenario may be a little further off than people thought. RSA Laboratories went on record this past week and stated that the world is no worse off than before the paper surfaced. This begs the question: Just how bad off were things, anyway?

Too Weak for Comfort

Some cryptographic experts feel that already 1024-bit keys are too weak for certain kinds of sensitive data, like root certificates of an organization's certificate authority or PKI infrastructure. Consider the leaps and bounds with which technology is progressing. Moore's law states that processing speed will double every 18 months. If this law continues to hold true, it won't be long before we see Pentium VI 8-GHz machines on the market, thereby increasing the odds of implementing high-speed number crunchers -- perhaps within three to four years.

At the Financial Cryptography conference this year, Nicko van Someren announced that his team had been able to factor 512-bit keys in a mere six weeks, using conventional office PCs. In cryptography terms, six weeks is a small fraction of time. Even six months is still considered small.

But the exact risk it poses depends on the lifespan of your data. If your data will remain sensitive for the next 20 years (such as a trade secret or patented information), then being able to find the encryption key within six months is a big problem. But if your data is no longer sensitive after 30 minutes (like VPN session keys), then a six-month factoring time is not a large risk.

All this talk about keys and number of bits can be confusing as well, because there are actually two different sets of cryptosystems. There's symmetrical encryption, such as DES, which use smaller 56-, 64- and 128-bit keys. And there's asymmetrical encryption, known as public/private key systems like RSA and DH, which use keys on the order of 512, 1024, and 2048 bits. Knowing which cryptosystem you're using will help you decide upon an adequate key length.

Strategies: Anticipate Your Needs Now

Exactly how does all of this factor (pun intended) into your organization? Well, you should start figuring out what your key sizes, encryption needs and current practices are, and begin planning for eventual migration now, rather than waiting until the bomb completely drops and the keys are crackable. Be proactive instead of reactive.

The first step is to figure out what data you have, how sensitive it is, and how it's being protected -- what encryption system, what size keys, etc. Then you need to determine the lifespan of the data's sensitivity -- will it still be sensitive in one, five, ten, even 100 years? Those answers will give you an indicator as to the key size you will need to protect your data.

For instance, you should definitely consider using something stronger than a 1024-bit key if you want your data to be protected beyond the year 2010. Today's standards also deem 56-bit symmetric keys (a la DES) and 512-bit RSA keys weak as well, if your data's lifespan is larger than a day or two.