2009-04-29

Encryption Technologies to Avoid

This is intended to be a supplementary information resource on cryptographic best practices. In this article I will cover some cryptographic algorithms with known flaws and some alternatives.

=== ToC =============

1. Introduction

2. Known insecure encryption technologies

3. Alternatives

4. Informative resources

====================

1. Introduction

Security is not the black box on your desktop or network. It it isn't a graphic you put on your website saying that the site is secure because you have a firewall. Security is the constant dialog between you and the other people in your organization on how to best secure the information which you have been entrusted with.


To that end I would like to bring up some technologies which we should avoid or migrate away from at our earliest opportunity.

2. Known insecure encryption technologies.

  • DES - DES has been broken for quite a while.
  • MD5
  • SHA1
DES stands for Digital Encryption Standard, it was developed by IBM in 1972. Originally the team at IBM was said to have specified a 128 bit algorithm but was later asked by the NSA to reduce it to 64bit and later 56. This is refuted by government probes, then the insecurity was verified by cryptanalysis and later interviews with the people involved in the project and in de-classified documents.

MD5 is a hashing algorithm designed by Professor Ronald Rivest of MIT. There was research which theorized collisions in the algorithm in 1993, more collisions in 1996 and finally an algorithm was created to generate collisions in 2005 using a large cluster and in 2006 the algorithm was perfected only requiring a single computer.

The SHA cryptographic functions were written by the NSA in 1992. In 2005 flaws were found in the SHA-1 algorithm, although these flaws are yet to be exploited it was decided to move on to a different algorithm.

Things that were never a good idea to begin with:
  • Character replacement ex. ROT13, Caesar Cipher
  • XOR encryption against a trivial key
  • base64 encoding (or any other encoding)
Character replacement, encoding and XOR are trivial to decrypt/decode. In the case of encoding or replacement, these are easily detected because the structure of the message itself isn't changed. XOR is computationally simple so brute forcing, frequency analysis and other methods can be used to decipher it. Using XOR against a very complex non-repeating one-time pad can offer quite a bit of security as long as strict protocol is followed in handling cleartext and the pad itself.

3. Alternatives
DES users should consider using AES, preferably one of the versions with larger key sizes 256 or 512. MD5 and SHA1 users should consider using the SHA-2 algorithm which are considered to be safe for now. There is an on-going contest to decide what algorithm to use for the new SHA-3 standard.

Many SSL certificates are signed using a MD5 algorithm. This creates the possibility of forging ssl certificates. In addition there was a bad patch to the OpenSSH package in Debian Linux in 2008 which made certificates generated by the affected server insecure. There is a firefox extension which will warn you if the certificate is vulnerable.

4. Informative resources

Wikipedia.org (Accessed April 26, 2009)
  • http://en.wikipedia.org/wiki/Advanced_Encryption_Standard
  • http://en.wikipedia.org/wiki/Data_Encryption_Standard
  • http://en.wikipedia.org/wiki/MD5
  • http://en.wikipedia.org/wiki/SHA1
Anka, Márton. "SSL Black List." (Accessed April 26, 2009)
http://www.codefromthe70s.org/sslblacklist.aspx

See also:

blog comments powered by Disqus