Re: CABForum place in the world

Thu, 08 Jan 2009 17:42:24 -0800 





the longer a key is used the better the chances of getting
compromised, isn't it?


It doesn't make a difference whether you have one key for two years on a
system or two keys for one year each, one after the other.



The longer a key is on a system, the chances are higher for compromise 
I think.



yes, this is in fact the case. Particularly if the key is used in any 
sort of volume site. The assumption that one key for 2 years is as 
secure as 2 keys for one year each does not bare out in real world 
cryptography. Here's why:



1) An attacker has more time to 'attack' the first key. Cryptographic 
attacks only get better, never worse. These attacks can come from the 
following:
       a. mathematical attacks on the key itself (e.i. factoring than 
RSA modulus) - usually the minor of the possible attacks assuming the 
security of the key is large enough with respect to the validity period, 
though becoming a consideration with 1024 RSA. Keys with longer lives 
*SHOULD* be more cryptographically secure (I'm worried about the number 
of 1024 bit CA certs floating around right now).
       b. oracle attacks. Attacks in which the attacker learns 
information by asking a the owner of the key to perform private key 
operations (Blechenbaucher I against symmetric keys are one example).
       c. accidental or intentional compromise from someone inside, 
particularly if it goes undetected.
       d. possible compromise through a hardware glitch. RSA is 
particularly prone to compromise if a mistake is made in one stage of 
the operation. Such mistakes are exceedingly rare, but on a high traffic 
site, the risk increases the longer the key is in use (NSS actually 
protects against this case by never releasing data the doesn't 'invert' 
with the public key).



2) The world changes. New attacks are discovered. Weak keys are 
identified. The new key generated 1 year later can take these new events 
into account. Revocation is good for the onesy-twosy type key 
compromised. All the revocation schemes fall over in the massive 
revocation case.



Not changing out the key periodically leads to a more brittle solution 
than changing it. If your system is over designed, you can get away with 
it, but then you could simply have started using longer expiration times.


bob
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto





























					Reply via email to