T 4.35 Insecure cryptographic algorithms

The extent to which cryptographic processes increase security basically depends on two parameters: secure cryptographic algorithms must be used and the secret codes must be treated confidentially (for the compromising of cryptographic codes see G 5.83).

Insecure cryptographic algorithms are characterised by the fact that a potential perpetrator with justifiable resources is able to discover how the cryptographic process works. In the case of encoding algorithms, this means that it is possible to ascertain the original plain text from the encoded text without any additional information. Here, you must take into account that relevant resources for the perpetrator include available performance, aids such as analysis tools, prior knowledge, time available, knowledge concerning weaknesses, etc. Therefore, if you use insecure cryptographic algorithms, perpetrators may be able to get round the cryptographic protection.

However, you need to examine each case separately in order to determine whether a cryptographic algorithm is insecure. Nevertheless, there are several criteria which indicate insecurities:

• If secret codes with actual lengths of less than 60 bits are used in symmetric cryptographic techniques, then they can be cracked using a huge number of computers to try out every possible code. With the increasing performance of computers, it is to be expected that this limit will increase to 80 bits in the future.

• If algorithms whose security is based on the problem of factorising large numbers are used in asymmetric cryptographic techniques and signature procedures, it is now thought that code lengths of less than 768 bits should be considered insecure. This is founded on the progress in the development of efficient factorisation algorithms which currently make it possible to factorise numbers with approximately 500 bits using huge numbers of computers. At the same time, it must be taken into account that opto-electronic accelerators may be developed to perform a considerable proportion of the calculations in these processes, which would speed things up considerably.

• Hash functions which convert character strings of any length into a hash value with a constant bit length can be considered insecure if the constant length of the hash value is less than 128 bits, as it would otherwise be possible to calculate two character strings which produce the same hash value.

• Cryptographic algorithms developed by inexperienced developers that have not been investigated scientifically should be considered potentially insecure, as many years of experience are needed to develop secure cryptographic algorithms.

• Unpublished cryptographic algorithms which run remarkably quickly in software should also be considered potentially insecure. Experience shows that secure algorithms are usually based on complex mathematical functions.

• In the application of cryptographic processes, random numbers are often required. Poor generators of random numbers could cause the values produced to be predictable. This could, for example, cause cryptographic check sums, which are supposed to guarantee the integrity of a message, to become worthless.

For example, these criteria affect the DES algorithm for symmetric coding, which is used frequently world-wide. This uses an effective code length of 56 bits. The so-called triple DES algorithm, carried out three times in a row with two codes, has an effective code length of 112 bits and can be considered sufficiently secure at the moment. The RSA algorithm, an asymmetric procedure based on the factorisation problem, is also affected. If this is operated with a code length of under 512 bits, potential insecurities are to be expected. For the next few years, a code length of over 1024 bits is seen to be sufficiently secure.

A common example of an insecure but extremely fast algorithm is what is known as the XOR function, which uses a simple method of linking constant values to the original plain text. This is a high-performance algorithm which, however, can be cracked extremely quickly. The XOR function can, on the other hand, be the most secure coding algorithm there is, if the data to be encoded are XOR-ed with unpredictable random values (One-Time-Pad).

For inexperienced users it is practically impossible to determine whether a cryptographic algorithm is sufficiently secure. Therefore, you should only use algorithms that are known to have been developed by experts or have undergone years of scientific investigations.