T 4.35 Insecure cryptographic algorithms
The extent to which cryptographic processes increase security basically depends on two parameters: secure cryptographic algorithms must be used and the secret keys must be treated confidentially (for the compromising of cryptographic codes see T 5.83 Compromising cryptographic keys).
Insecure cryptographic algorithms are characterised by the fact that a potential attacker would be able to break the cryptographic procedure used with a reasonable amount of resources. In terms of encryption algorithms, this means that an attacker would be able to determine the original plain text from the encrypted text without having any additional information. The corresponding resources required by an attacker such as the available computing power, aids such as analysis tools, current level of knowledge, amount of time available, knowledge of vulnerabilities, etc., can be considered relevant. If insecure cryptographic algorithms are used, then the attacker has the opportunity to bypass the cryptographic protection.
Every cryptographic algorithm used must be examined to determine whether or not it is insecure. There are a few criteria, though, that indicate the possible existence of security gaps:
- If secret keys whose effective length is less than 60 bits are used for a symmetric encryption method, then it is already possible today to crack every key with moderate computing power by trying out all possible keys. As the performance of computers increases, it can be assumed that this limit will rise to over 100 bits in the future.
- If algorithms whose security is based on the problem of factoring large numbers are used for asymmetric encryption and signature methods, then it is assumed today that key lengths of less than 1024 bits should be considered insecure. This is due to the progress in the development of efficient factorisation algorithms, which can factor numbers approximately 500 bits long nowadays using massive computing power. In addition, the potential for the development of optoelectronic accelerators to perform the most important steps in the calculations used in these algorithms, which would speed up the algorithms considerably, also needs to be taken into account.
- Hash functions that convert a character string of any length to a hash value with a constant bit length can be considered insecure if the constant length of the hash value is lower than 128 bits because otherwise it is possible to find two different character strings that produce the same hash value.
- Cryptographic algorithms that have been designed by inexperienced developers and have not been examined by the scientific community should be considered potentially insecure because many years of experience are required to develop secure cryptographic algorithms.
- Unpublished cryptographic algorithms whose software runs unusually fast should be considered potentially insecure algorithms. Experience has shown that secure algorithms usually need to be based on complex mathematical functions.
Random numbers are often needed when applying cryptographic methods. Poorly designed random number generators can return values that are predictable. This would make the cryptographic checksums used to ensure the integrity of messages completely worthless, for example.
An example of an algorithm fitting these criteria is the DES algorithm for symmetric encryption used frequently around the world. This algorithm has an effective key length of 56 bits. The triple-DES algorithm, which executes the algorithm three times in a row using two different keys has an effective key length of 112 bits and can still be considered adequately secure at the present time. Another example is the RSA algorithm, which is an asymmetric procedure based on the factorisation problem. If RSA is operated with a key length of less than 768 bits, then it must be assumed that it will not offer adequate security. A key length of at least 1024 bits can still be considered sufficiently secure, at least for the next few years.
The MD5 hash algorithm is outdated and has known weaknesses that can be demonstrated today based on practical examples. Even the SHA-1 hash algorithm is not suitable any more for all applications or purposes.
A common example of an insecure but extremely fast algorithm is the use of the XOR function, which can easily be used to link the constant values to the original plain text. This is a high performance algorithm, but it can be cracked very quickly. On the other hand, the XOR function is used in the most secure encryption algorithm that exists by XORing unpredictable, random values with the data to be encrypted (one-time pad).
It is practically impossible for a non-expert to determine if a given cryptographic algorithm is sufficiently secure. For this reason, only those algorithms that have been developed by experts or that have been subjected to years of examination by the scientific community should be used.