A few weeks ago at Black Hat 2013 in Las Vegas, there was a particularly interesting presentation entitled, “The Factoring Dead: Preparing for the Cryptopocalypse.” Here at Symantec, we found the topic particularly interesting. Tthe presentation touched on a key topic that we would like to highlight. RSA is a tried and true algorithm and pervasive throughout the ecosystem and there is no reason to mistrust it. This year the industry is moving from RSA 1024-bit certificates to 2048-bits based on NIST recommendations, as the compute power available to bad actors makes a brute force attack on 1024 bit keys increasingly practical. However, what the article mentioned was that recent advances in technology and mathematics have questioned whether this natural balance of bit length versus compute power has a third variable that could make RSA more vulnerable to factoring within 2-5 years. The presenters indicated that the Elliptic-curve cryptography, or the ECC algorithm, is the best replacement should it become apparent that RSA shouldn’t be used.
Fortunately, the presenters have pointed out one thing we’ve known here at Symantec for quite some time – that the SSL landscape is changing and will continue to evolve, and that algorithm agility (or diversity) is a key element in making the entire ecosystem stronger. Earlier this year, we introduced the DSA and ECC algorithms in addition to the RSA algorithm. We are currently the only Certificate Authority to offer a choice of algorithms with every certificate (and yes, you can choose all three at once). We are also the only CA to offer a pure ECC implementation, meaning all certificates in the chain, including the roots, use ECC keys and not RSA keys. These are production certificates with good root ubiquity that are currently being deployed by our customers.
We have the solution to the Cryptopocalypse ready to install today, even if this scenario remains in the realm of theoretical academia for the foreseeable future.