How do we best prepare for changes in cryptographic algorithms and standards? What are the best practices to enable cryptographic agility? What challenges do we face? How are we thinking about what comes next?
These were some of the questions discussed during our Peer2Peer session at RSA Conference 2017. In our 45-minute session, the twenty-five attendees addressed a variety of issues around crypto agility. Here are some of the most common, interesting or surprising themes:
Develop Systems for Agility
When discussing best practices for agility, data structures were a popular approach. One participant talked about making sure that the data structures in their products allowed for growth. Another recommended creating a data structure that covered every algorithm in the NIST standard; this allowed the team to easily move between algorithms in the standard. This can certainly help ensure cryptographic agility; keep in mind, though, that such data structures may need to be updated as new algorithms are added to the NIST standard.
Another recommendation for agility came up at the very end of the session. In talking about certificate issuance, one participant recommended moving to Enrollment over Secure Transport (EST). EST runs over TLS and is not tied to a particular algorithm (unlike its predecessor, SCEP). By not tying the enrollment protocol to the crypto, you greatly enhance flexibility. While this discussion was about EST and certificate issuance, the principal certainly applies to other protocols.
Hardcoding and Legacy Remain Challenges
It’s not news that hardcoding is problematic, but the extent of the problem became apparent during the SHA-1 to SHA-256 migration. One suggested lesson learned from that migration was to use external hardware for cryptographic functions, rather than hardcoding algorithm choices in software. The external components helped make the migration from one algorithm to another much simpler. However, that only addresses system components that the organization controls development of. Participants noted the prevalence of hardcoded algorithms in other software and in payment devices.
Session participants also agreed that managing and maintaining their legacy products was a challenge. Unsurprisingly, most would prefer to migrate their customers to newer products rather than attempt to migrate to new algorithms in legacy products. In some cases, though, customers are paying to maintain those legacy products because it’s easier to pay than to change.
Whither Post Quantum?
When I proposed this session, I envisioned that a good chunk of the discussion would center on how organizations were thinking about and preparing for post quantum cryptography. The reality was a little different. In fact, most participants were not yet thinking about or planning for post quantum. They were aware of it certainly, but there was a great deal of uncertainty about when post quantum would be real. One participant compared the post quantum discussions to the hype that surrounded the “Y2K bug” two decades ago (an interesting analogy that I will probably refer to in the future!).
There were a few pro-active suggestions around post quantum. One participant mentioned shortening key rotation timeframes (an approach that was also helping with their RSA 2048 -> 4096 migrations). Another participant talked about skunkworks projects and “innovation days”, where folks on his team might experiment with new technologies (including post quantum) in order to be better prepared. At the same time, participants wondered about regulations and standards that would force a reactive response: if there are no regulations that enforce post quantum use, will most organizations do anything? (Spoiler: probably not.)
Regardless of when post quantum becomes a reality, participants agreed that the migration would be difficult and could take ten years.
Communicate, Communicate, Communicate!
Soft skills are sometimes underappreciated in cybersecurity, but this session’s participants definitely appreciated the importance of communication. The importance of communication came up throughout the session, from educating product teams about algorithms and agility options to communicating with customers about the cryptographic realities of legacy products.
Let’s face it: cryptography can have a lot of nuance. Without clear communication and good education, some of those distinctions can get lost. In Keeping Up With the Crypto, participants assumed that whatever algorithms they are using today will be broken, so communication and planning are part of the job.
Thank you to all who attended this session and contributed their insights and experiences. Please feel free to reach out – I look forward to continuing the discussion!