Wednesday, December 07, 2005

How much is enough crypto?

Twice in the past two weeks I've had requests for too much crypto from very large companies. What's "too much"? In one case, the customer complained that my product wouldn't support RSA keys larger than 4096 bits (in particular, they wanted 6144 bit keys). In the other, the customer is demanding 256 bit symmetric keys for SSL (i.e., AES). This is too much because the strength of the crypto (at 4096 bit RSA keys and 128 bit RC4/3DES) is almost certainly greater than the software that's using the crypto. That is, an attacker will find and exploit a vulnerability in the non-crypto software long before they'll be able to crack the crypto.

We need to better educate the non-experts that when it comes to crypto, more is not the same as better.

What both cases have in common is that the customers aren't asking for these to satisfy their own requirements, but rather because they want to exchange business information with other companies that demand the extra-strong crypto. In some cases, businesses pushing other businesses can be a good thing - if Amazon refused to do business with anyone who didn't train their programmers in the OWASP Top 10 (for example), it would quickly improve the security of many web sites. But in this case, it's inflicting pain on the businesses, and the software vendors who supply them, for no particularly good reason.

There's also a lesson learned for those who would like to see regulation or legislation for improved security - be careful of what you wish for! I wouldn't want to see silly rules getting encoded, especially to the detriment of meaningful methods of improving security.