Recently, the strength of SSL key lengths has been the subject of heated debate in security circles, after Nicko van Someren disclosed that he is able to break 512-bit keys in around six weeks, using conventional office computers.
The analysis focuses on the key length used for the server's public key (the key which is used to prove the authenticity of the server to web browsers). The longer the key, the harder it is for an attacker to break the key - if this key is broken, it can compromise both past and future secure browsing sessions, and allow the attacker to impersonate the server. Most experts currently recommend a key length of at least 1024 bits as secure and some of the strongest debate has concerned the perceived safety of these 1024 bit keys.
However, a more timely aspect to the work is to highlight the number of SSL servers currently in use on the internet, and their geographical location.
Although US export restrictions on strong cryptography have been relaxed in recent years, data collected as part of our SSL Server Survey shows that the US export legislation and locally acted legislation to restrict the use of cryptography in countries with repressive or eccentric administrations, does still cast a shadow over the security of ecommerce even years after the acts have been repealed.
|Country||Percentage of sites|
with short keys
Internet-wide, around 18% of SSL Servers use potentially vulnerable key lengths. However, these tend to be concentrated in geographical areas outside the United States and its close trading partners. In the US, where over 60% of SSL sites are situated, and Canada only around 15% of sites are using short keys. In most European countries over 25% are still using short keys, and in France, which had laws restricting the use of cryptography until relatively recently, over 40% of sites are using short keys.
US export regulations (described in detail by the crypto law survey) have had a discernable impact in slowing use of strong cryptography outside of the States. One reason export grade cryptography remains quite common is that the relative weakness of the server's choice of cryptography is not obvious to the end user, so there is so little pressure to make the change. Browser developers are in a position to help change this, perhaps by displaying a graded indication of key length rather than the present lock symbol displayed on all SSL sessions regardless of strength.