T 4.47 Obsolescence of cryptomethods

The reliability of cryptographic systems is linked directly to the ever-increasing computing power of IT systems, the development of new algorithms and the research in the field of cryptographic analysis. Due to the increasing performance of IT systems cryptographic algorithms and key lengths considered secure can possibly be compromised in the future.

Therefore, in the event that cryptomethods or cryptographic keys are compromised, there is a danger that

• encrypted data can be decrypted by unauthorised persons,
• documents can be provided with technically valid signatures by unauthorised persons so that
• authentic, signed documents can no longer be distinguished from faked documents.

Example:

Hospitals must securely store the files of their patients for a long period of time, even after completion of the treatment. Accordingly, a German hospital started to encrypt the electronically stored patient data in 1980. The procedure used for this was based on DES with 40-bit keys. Since no one in the hospital was versed in encryption, this method was still used in 2001, even though programs to read such encrypted data were already available on the internet. This was not noticed until a data protection check was carried out.