Root Causes 119: What Is Crypto Agility?
Security industry insiders sometimes use the phrase "crypto agility." In this episode our hosts define crypto agility - or cryptographic agility. They explain why crypto agility is more important than ever, why the pace of cryptographic change is going up, and what certificate subscribers can do to improve their crypto agility.
- Original Broadcast Date: September 14, 2020
Episode Transcript
Lightly edited for flow and brevity.
-
Tim Callan
There is a topic we mention a lot and we say this word a lot and we talk about it, but I don’t think we’ve ever really taken it as a topic and described it wall to wall and that is the idea of crypto agility.
-
Jason Soroko
Crypto agility, cryptographic agility, it means one thing but a few things really. You know, Tim, there is one topic that we talk about quite often which is the quantum apocalypse.
-
Tim Callan
Yes.
-
Jason Soroko
And that’s a perfect example of why you need to be thinking about cryptographic agility. That’s a topic that will affect everyone. But that’s in the future tense, right? But we’ve already seen deprecated cryptographic primitives. One of them being SHA-1.
-
Tim Callan
SHA-1, MD5. There have been others, yes.
-
Jason Soroko
And, Tim, another topic we’ve also had isn’t just the deprecation of algorithms or other primitives, we’ve also seen the need for revocation and difficulties in responding to revocation. So that’s a whole other topic related to cryptographic agility. So really what we are trying to talk about here, what the topic really means is, the ability to respond to change.
-
Tim Callan
Yeah. Yeah. Yeah. I’d say it’s the ability for the ecosystem to make sure that it’s fundamental cryptographic primitives are current or reliable and robust. That we’re using the ones that are known to work and are using the best ones for the circumstances and that’s a moving target and will always be a moving target. Thus, the agility part of the term.
-
Jason Soroko
It will always be a moving target. There have been devices in the past. I’m thinking of devices that measure electrical usage, for example. And quite often there might have been a key pair or certificate that was embedded in those devices with no intention of ever changing them, right. We might call those fire and forget certificates. They have an unlimited lifespan, and those kinds of devices have no form of cryptographic agility. And that’s just the way that they were built. The risks were known, and the risks were accepted at the point at which those devices were implemented.
-
Tim Callan
Yeah. And maybe at that time they did not feel like there was another choice. Or the choice was not to have the devices.
-
Jason Soroko
That’s exactly right. That was very early on. Most PKI systems at that point in time were really based off of passport systems, various forms of human authentication and were implemented in large enterprise IT environments where the PKI setup was just simply assumed that there were big chunky capable servers that everything was running on. Well, obviously, we are not dealing with that world anymore where that’s the case. We are dealing with sometimes extremely light nimble DevOps environments that are in hostile public clouds. We might be dealing with IoT devices that are all over the place and extremely limited in their capacity. We might be dealing with goodness knows what. It could even be simply a web server, Tim, in the public trust realm where that web server was manually updated with an SSL certificate and therefore it was kind of a fragile system in the sense that if that needed to be replaced it again had to be done manually and that SSL certificate may have had a long service life. More than two years, etc.
-
Tim Callan
Yeah. I think they got up to about ten years at one point.
-
Jason Soroko
Right.
-
Tim Callan
Yes.
-
Jason Soroko
And you can see the changes coming around us. We now have one-year certificate limitation within the SSL public trust world. We see increasingly shorter and shorter certificate lifespans within IoT and incredibly short lifespans within DevOps. The shorter the lifespan the more the need for that form of you can’t be manually updating or renewing those certificates. It has to rely on an automated system.
So thankfully, the trend towards forms of cryptographic agility have been put into place. I’m thinking of the ACME protocol, Tim, in the public trust world. And in fact, the protocol has even entered the private trust and world.
-
Tim Callan
And let me connect a dot here that I think we want to make sure that this is understood and not assumed, is that the shorter that your certificate lifespans become that brings crypto agility with it because one of the big problems is an entrenched certificate that is painful to remove. So, an unforeseen event happens, you know, it turns out that there is a flaw and some form of Linux, I’m using a real-world example happens to be Debian, and the key pairs are predictable, right. And you can consider it reliable information that every single certificate that is created, that has a SCR that is created on this particular OS is going to have 1 of 20,000 key pairs, at which point it is pretty easy to figure out what it is, right. And the whole system becomes very vulnerable. And so, under these circumstances, these certs want to change or you want to be changing these certs and this turns out to be difficult and painful for a lot of people. And if we remember back to the Debian thing, there were still Debian certs, what we called Debian certs, floating around three years later, right. Like just took forever to get those things out of the ecosystem. So now you turn around and you say, all right, guess what? 398-day term limit on any public TLS certificate. That means even if the most disastrous problem occurs, even the most stubborn, recidivist, luddite users will still be solved 399 days later. Right? Or sooner. And that becomes a strong aspect of crypto agility. So one of the ways that crypto agility is accomplished, not the only way, but one of the ways is shorter certificate lifespan.
-
Jason Soroko
You know, Tim, it wasn’t that long ago you and I were talking about certificate pinning.
-
Tim Callan
Yeah.
-
Jason Soroko
And certificate pinning almost in itself is anathema to cryptographic agility.
-
Tim Callan
Yeah. It’s anti-agile.
-
Jason Soroko
Exactly.
-
Tim Callan
Whatever that is.
-
Jason Soroko
It’s fragile in the sense that because you have a hardcoded public key, you know, within your code, that means that you’re making the big assumption that that key will last at least long enough so that by the time you do a code update, you know, that key will at least persist until that time. So cryptographic agility really is the whole idea of you’re not making that assumption. You’re not making the assumption that this cryptographic material has to persist for a longer length of time than other systems. It’s not going to be a ten-year certificate anymore in any system, hopefully, right. So that’s the world of shorter lifespans of certificates gain us the benefit of assuming that you’ve put in some form of automated management to be able to renew those certificates so that worst-case scenario is the lifespan of the certificate itself is short enough to reduce risk. And that’s a great idea that we’re already seeing in the world.
-
Tim Callan
Yeah. Cause everything is breaking and dying because I can’t keep up with my certificates. All right, maybe I don’t have a crypto agility problem, but I have an uptime problem. Right. So, I still have a problem and part of the, you know, a lot of what you are saying, if I can offer a pithy version of it is that a big part of the success of a crypto agile strategy is the ability to maintain a much shorter certificate lifespan in a big complex environment without those outages.
-
Jason Soroko
Yeah. Right on, Tim. That is it. That’s the other side of the coin that has to be in place. So therefore, in IoT and in DevOps, thankfully we are not dealing with manual renewals anyway. Those systems were never designed with that in place but unfortunately, there still are use cases in the world such as the manual updating and renewal of SSL certificates on web servers. There still is a population in the world that will be doing that manually. Unfortunately, at the risk of down time to important web properties.
-
Tim Callan
Yeah. And another point about crypto agility and we’ve brought this up in the past, is the pace of change increases, right? So, um, it used to be that you could assume if you are an IT professional, you’d put your cryptography in place, and it would be a long time before anything would have to be done to that and there’s a very good chance that by the time anything had to be done to that you wouldn’t even be in that job. So it was easy for people to take kind of a set and forget attitude and as I mentioned, RSA was invented in the 1970s right and we are still using that fundamental algorithm today and so that says a lot and yet, at the same time, you know, we are seeing that it seems to be shorter and shorter spans of time before we have to do something to the crypto in place. We are not happy with our hashing. We are not happy with our encryption. We are not happy with our key sizes and the pace of that increases and to some degree you would expect that because of Moore’s Law and to some degree you would expect that because of more attention to cryptography. For a lot of years, it was deemed very esoteric, and a lot of people didn’t even look at like PKI and now suddenly there’s much more focus on that. If you are a University Security Researcher and you want to guarantee that you are gonna get on stage at a conference, figure out a problem with popular digital certificates and you are on stage, right? So, all of that has led to this pace increasing and so that in tandem with many more certificates, many more types of certificates and those certificates being fundamentally more tied to the success of the business has put pressure on this idea of crypto agility that just wasn’t there a decade ago.
-
Jason Soroko
Well, Tim, let’s make it real. How many people on this podcast are going, who are listening to this podcast, will be employed within this industry between 2026-2030.
-
Tim Callan
Yeah.
-
Jason Soroko
I’m betting it’s a fair number.
-
Tim Callan
Yeah. I bet it’s most of them.
-
Jason Soroko
Yeah. Exactly. So therefore, I would say every single one of those people who fits into that category are gonna live through the quantum apocalypse.
-
Tim Callan
Yeah.
-
Jason Soroko
And therefore, I think, Tim, it’s time for – - rather than going off and learning all the esoteric lattice mathematics that’s gonna be behind the replacement algorithms for RSA and ECC, I think one of the important things that people should get themselves educated on is the concept of a hybrid certificate. x.509 is not going away. x.509 will live past the quantum apocalypse. But what will fundamentally change is the types of certificates that we use. The new fields that we will be using within x.509 in order to be able to accommodate this bridge period where we will probably be having legacy systems still using RSA, ECC but also whatever the new algorithms will be. This is a really, really important point within - - and any talk on cryptographic agility must now include a talk and a bringing back into the fold the concept of these hybrid certificates which are gonna be one of the most fundamentally important bridges between what we are doing now and what we are going to be doing in 2026.
-
Tim Callan
Yeah. And let me just plug we very recently did a whole podcast with our frequent guest, Alan Grau, on the concept of hybrid certificates. So, go listen to that. It was great. It describes the concept very well and it’s one worth listening to if you are interested in this subject.
-
Jason Soroko
Yeah, Tim. Thanks for that. You almost can’t bring up the topic of cryptographic agility without it. It’s so important.
-
Tim Callan
Yeah.
-
Jason Soroko
And I think, Tim, maybe just one of my final thoughts if I’m scouring my brain for topics around cryptographic agility is, you know, to me, if you want to define what a Next Gen PKI would be, Next Gen PKI really is about having that single pane of glass to be able to govern, to view, to scrutinize, to have inventory of all of your digital identities, including x.509 obviously. If you are not being able to manage the renewals automatically of as many systems that you have as possible that are utilizing digital identities – and I don’t care what that is; whether it’s your web server, your IoT device, your DevOps containers, everything, then you’re not being agile. Cryptographically agile. Right?
-
Tim Callan
Yeah.
-
Jason Soroko
This is what’s gonna be fundamentally important is having that system to be able to manage those certificates and the lower and lower lifespans that we have within those certificates. That’s going to be the trend going forward. The trend is going to be quicker and quicker replacements over time of the cryptographic primitives as well as the shortening of lifespans. We are just gonna have to have systems that can deal with that.
-
Tim Callan
Yeah. And some people may feel maybe that they are in a bind. You and I talk about legacy systems sometimes and, you know, certainly we bring it up in the world of IoT sometimes where you might say look, this is great for a whole lot of what I’m doing but I’ve got certain things that it’s not so easy. Right? It’s got some legacy-built system on my own hardware that nobody wants to touch and it’s not ACME compliant. It’s never going to be. Ok. So that’s important and you’ve got to worry about those things and you gotta find a way to deal with those things, but don’t let that 1% or that .1% of your servers prevent you from doing the right thing with everything else.
-
Jason Soroko
Yeah. Especially within Greenfield topics, absolutely. Any new systems that you are implementing for the purposes of digital transformation, these obviously fall into the category of no-brainer for let’s look at what’s new.
-
Tim Callan
Yeah.
-
Jason Soroko
But thankfully, thankfully, Tim, just about every one of the really good ideas that have come across within the concept of cryptographic agility it has to take into account legacy systems and so therefore, you know, you can start measuring risk as a CSO, CIO, Risk Officer for how you deal with that going forward and how long you want to have these legacy systems last and even if they last into risky territory at least you can define that risk and govern the risk.
-
Tim Callan
Right. At least you do it with your eyes open.
-
Jason Soroko
That’s just such an important point because these things aren’t gonna go away but at least they can be managed.
-
Tim Callan
Yeah. But, of course, the stakes on all of that is gonna go up because if I’ve got legacy systems and I can’t really do what I want to do with the certs, right now I might feel like the risk is relatively low but in the post-quantum era that risk goes up considerably and that might change how you do that arithmetic, right? It might change where you fall down on that equation and then the point behind that being then let’s project back to now because post-quantum era isn’t all that far away and so, if I’ve got real difficult, entrenched, old legacy systems that I’m gonna have to go deal with this spaghetti code and get everything solved and this is a multi-year project, well, you maybe need to get started now because multi-years is about the runway that you have.
-
Jason Soroko
Hey, don’t be the person who still is issuing SHA-1 based certificates in a post-quantum world.
-
Tim Callan
Yes. There you go. There should be a special price for that.
-
Jason Soroko
Yeah. Exactly. Anyway, interesting topic, Tim.
-
Tim Callan
I agree, Jay.
-
Jason Soroko
This is very near and dear to our hearts.
-
Tim Callan
Yeah. So, thank you everybody. Thank you, Jay. Always fun.
-
Jason Soroko
Thank you, Tim.
-
Tim Callan
Thank you, Listeners. This has been Root Causes.