Key Lengths and DKIM

DKIM (or Domain keys) is a system where in a mail gateway can sign outgoing email and a recipient server can then validate that it is legitimate email from your domain rather than mail sent from another domain.

When using crypto, appropriate key strength is a floating target.   What was once acceptable is no longer good enough as computing power increases.   Long key lives encourage an admin to configure and forget.

That’s likely what caused Zachary Harris’ unlikely turn as security researcher.   As written up in Wired, he received an email from a Google headhunter that seemed phishy.   Looking at the mail headers to ascertain the veracity of the message, he noticed the DKIM headers.   Not knowing what that was, he did some research.   He found that Google was only using a 512 bit key.   For reference, Microsoft recently pushed an update disabling keys smaller than 1024 because of their security vulenrability.

Harris used a bit of cloud computing and his skills as a mathematician to generate an email that appeared to be DKIM validated and sent a message to Google founders.   He also reviewed the bit strength of several other DKIM implementations and reported them as lacking.

US Cert has a writeup on this vulnerability here.   They recommend reissuing any   RSA signing key of less than 1024 bit.   Of course that was already the DKIM recommendation.

Sensational headlines were the rule of the day in the tech press’ reporting.   Wired called it a “massive net security hole“.   Computer world called it a “serious email weakness”.    Surprisingly The Register didn’t have a dire headline and there were no extra exclamation marks in sight.  I think their summary that if Google, Microsoft, Amazon, PayPal and large banks didn’t get this right what chance do the rest of us have.   Choosing key strength and appropriate certificate life are important as are revoking certs and not accepting invalid certs.

In Sans Newsbytes, William Murray went another direction “Short e-mail signing keys are a vulnerability without a threat.”

Perhaps its just me.  But when I put integrity mechanisms in place, particularly in regards to making sure my customers receive my legitimate mail without spoofed email, I want to make sure that isn’t bypassed.