After several major organizations were found to be using shorter-than-recommended encryption keys to authenticate their messages, an industry group recommended organizations replace keys immediately.
As SecurityWeek reported last month, a researcher discovered that Google, Yahoo, Twitter, Amazon, eBay, Microsoft, and other tech giants were using keys shorter than the recommended 1024-bits. Some, such as Yahoo, Twitter, and Amazon, were using 512-bits and HSBC, LinkedIn, and PayPal were using 768-bits.
The finding prompted US-CERT to issue a warning to organizations using DKIM to harden their keys and configure production servers to not use, or allow, testing mode, to prevent domain name spoofing.
“Technology is advancing, and to keep pace with hackers, the industry needs to revisit its practices in light of their expanding capabilities,” Chris Roosenraad, co-chairman of M3AAWG, said in a statement.
DKIM was originally developed as a mechanism for domains to sign messages sent from authorized servers so receiving domains could verify the messages were sent legitimately. The signature associated with the message takes a cryptographic hash of the message using the SHA-256 hash and RSA public key encryption scheme, and cannot be altered while going from one server to another. This means criminals have a harder time crafting messages that look as if they were sent by a legitimate company.
Organizations are at risk with short keys because the cheap availability of high-speed computing resources means attackers increasingly have the means to crack sensitive encryption keys. These shorter keys can be cracked using dedicated servers available through Amazon Web Services fairly cheaply, for example. Shorter keys can be cracked in 72 hours using “inexpensive” cloud services, according to M3WAAG.
Organizations should also rotate keys quarterly, and set signatures to expire after the key rotation period and revoke old keys in the Domain Name System records, M3WAAG wrote in the paper. Even if the company issues new keys, if the older, shorter, more vulnerable DKIM key is still listed in the domain’s DNS record, an attacker can still exploit that weaker key to send email. Organizations have to remove the weaker key entirely from DNS to fight domain spoofing.
This is a big problem for organizations that outsource some, if not all, their email communications to third-party email service providers. Organizations have to ensure the providers are also revoking the too-short keys and removing the older keys from DNS to prevent spoofing attempts.
Organizations who are still using Domain Keys should switch to the newer DKIM protocol. The test mode should be used only for a short time period, and revoke the test key only during the initial ramp-up to using DKIM, M3WAAG said.
The paper “explains the relatively simple and immediate steps large-scale senders can take to safeguard their brands in response to recent concerns about some levels of key encryption and usage,” Roosenraad said.
M3WAAG also recommended implementing Domain-based Message Authentication, Reporting and Conformance in monitoring mode and use DNS to monitor how frequently the keys are being queried. The DMARC standard provides organizations with policy management reporting capabilities for DKIM. Mail recipients don’t currently have a reliable way to know how the mail sender is using SPF and DKIM to authenticate their servers. DMARC addresses that gap so that organizations can distinguish legitimate unauthenticated messages from fraudulent or malicious ones. Domain owners can also request all illegitimate messages be rejected outright under DMARC.
Related: Lessons From the Recent DKIM Mail Verification Vulnerability