Avoid Cryptographic Failures With These 6 Easy Steps
- Jen C
- Nov 11
- 3 min read
Updated: 7 days ago
In a previous article, I discussed cryptographic failures. Well, we’re gonna talk about it a bit more. Don’t think of it as a comeback, but a remix?
We’ll actually focus in a little deeper on these three areas of Cryptographic Failures:
Exposed Key/Poor Key Management
Insecure Randomness
Weak Algorithm Use/Inefficient Algorithms
For a brief refresher, what is a Cryptographic Failure?
It’s a symptom, not necessarily a cause! It’s a security vulnerability that happens when a third party exposes sensitive data, which is not our intent! How does this happen? Our application security and data are directly affected when our algorithms fail, keys are exposed, or poor key management, protocols, or implementations are used incorrectly. We fail to properly protect transmitted or stored data. When it fails, it really fails. Attackers find vulnerabilities, steal keys, and gain access to our data, which they can modify or simply take. But it’s not just stealing information. It could be accessing an entire database and accessing company data, taking control over a server. Not cool.
Weak Cryptographic Algorithms
These can occur when an algorithm has vulnerabilities or is flawed. It can be outdated or have vulnerable encryption mechanisms. If we have a known vulnerability or too small keys, a brute force attack can occur. An attacker can just try keys over and over until they hit the right key. (It might be helpful to brush up on the difference between encryption and hashing, too.) The root cause could be due to a weak or outdated encryption algorithm that isn’t up to date with modern attacks.
How can we prevent this? By using a strong encryption algorithm that has been tested thoroughly for vulnerabilities. We can also keep our encryption libraries and software updated, as well as security patches.
Key Management
Using weak encryption keys, not storing keys properly, improper generation, distribution, and rotation, which can allow unauthorized access, all work against an encryption system. It may also be an inadequate key length. Using predictable or short encryption keys is a no-no, as is key rotation not happening regularly. These are the backbone of our system! Are we storing keys in plain text? Are we using the same key for multiple systems? No!
How can we prevent this? Keep software updated with security patches. Use unique and strong encryption keys that are not easily guessable. Keys should not be stored in plain text or on a device that is always accessible or is always “on”. Keys should be different for different systems. Insecure random number generation is not as likely to be an issue, but should still not have any weak keys.
Insecure Randomness
Computers are not completely random, but we can try, right? They are still predictable. That’s why we have to encrypt, but even that can get hacked. We have to generate secure tokens.
How can we prevent this? One way to prevent would be to use a random number generator or a cryptographic function (or both). Always make sure keys are in proper key length and use random number generation. Another would be to use a PRNG algorithm that is cryptographically secure. We can also mix in entropy from other sources or use a cryptographic hash function (or both again).
Best Practices to Avoid Cryptographic Failures
1. Stay informed! Stay on top of the latest and greatest developments in cryptography, attacks, and best practices! This is the most important AND easiest!
2. Identify vulnerabilities and weaknesses through regular security audits and cryptographic assessments.
3. Secure those numbers with cryptographically random number generation for generating encryption keys and other cryptographic elements.
4. Don’t create your own cryptography solutions. Use established cryptographic libraries and protocols.
5. Implement strong, standardized cryptographic algorithms that are industry-approved.
6. Store those keys using proper secure key management practices, generation, storage, rotation, and, dun dun dun...even destruction.
So there you have it! That’s a deeper dive into cryptographic failures.
Comments