Cryptography Reference
In-Depth Information
management system is doing its job effectively? We will briefly revisit this issue
in Section 10.7.
Before we discuss the lifecycle of cryptographic keys, we need to consider a couple
of properties of the keys themselves, most significantly the key length.
We already know that, in general (but certainly not by default), longer keys
are better from a security perspective. Longer symmetric keys take more time to
exhaustively search for and longer public-key pairs tend to make the underlying
computational problem on which a public-key cryptosystem is based harder to
solve. So there is certainly a case for making keys as long as possible.
However, a cryptographic computation normally takes more time if the key is
longer. In addition, longer keys involve greater storage and distribution overheads.
Hence longer keys are less efficient in several important respects. Thus key length
tends to be based on an efficiency-security tradeoff. We normally want keys to be
'long enough', but not more than that.
10.2.1
Key lifetimes
The issue of key length is closely linked to the intended
lifetime
(also often referred
to as the
cryptoperiod
) of a cryptographic key. By this we mean that the key can
only be used for a specified period of time, during which it is regarded as being
live
.
Once that lifetime has been exceeded, the key is regarded as
expired
and should
no longer be used. At this point it may need to be
archived
or perhaps
destroyed
(we discuss this in more detail in Section 10.6.4).
There are many reasons why cryptographic keys have finite lifetimes. These
include:
Mitigation against key compromise
. Having a finite lifetime prevents keys being
used beyond a time within which they might reasonably be expected to be
compromised, for example by an exhaustive key search or compromise of the
storage medium.
Mitigation against keymanagement failures
. Finite key lifetimes help tomitigate
against failures in keymanagement. For example, forcing an annual key change
will guarantee that personnel who leave an organisation during the year, but
for some reason retain keys, do not have access to valid keys the following year.
Mitigation against future attacks
. Finite key lifetimes help to mitigate against
future advances in the attack environment. For this reason, keys are normally
set to expire well before current knowledge suggests that they need to.
Enforcement of management cycles
. Finite lifetimes enforce a key change
process, which might be convenient for management cycles. For example,
