Home arrow Security arrow Page 5 - PKI: Looking at the Risks

Key generation - Security

Public key infrastructure (PKI) is an excellent technology to help users certify that the people or companies they are corresponding with are who they say they are. It has proven itself invaluable in e-commerce among other areas. As with any technology, however, it is not without its own security risks. Eliana Stavrou discusses these risks, and ways to minimize them.

  1. PKI: Looking at the Risks
  2. Trust establishment
  3. Private key protection
  4. CRL availability
  5. Key generation
  6. Legislation compliance
By: Eliana Stavrou
Rating: starstarstarstarstar / 9
January 24, 2005

print this article



The generation of the public and private key is done using a cryptographic algorithm, and the generation of a digital signature is done using a hash algorithm. Examples of well known cryptographic algorithms are RSA (Rivest - Shamir - Aldeman), Diffie – Hellman, Elliptic Curve and DSS (Digital Signature Standard). Examples of well known hash algorithms are MD2, MD4, MD5 and SHA (Secure Hash Algorithm).

The risk associated with the cryptographic or hash algorithm used to generate the keys or digital signature respectively, pertains to the length of the keys that define the strength of the algorithm. By using a limited bit length to generate the keys or the digital signature, you face the risk of a brute force attack, in which an intruder tests every possible key combination to break the cryptographic or hash algorithm. These days, a brute force attack is easily made as computers get faster and cheaper.

Keep in mind that, if an attacker uses brute force, the computing power that is needed to break the algorithm increases exponentially with the length of the key. For example, a 32 bit length key requires 232 combinations; a key of this length can be easily broken even by you using special software. These days, a 512 bit length key can be broken by major governments or university research groups within a few months.   

In theory, any cryptographic method can be broken by trying all possible combinations. Fortunately, at the moment large length keys (i.e. 2048 bits) are unbreakable. By the time a cryptographic algorithm is broken, usually a new, stronger algorithm appears to cover the loss.  

How to minimize the risk: There is always the risk of using weak algorithms, which generate the public key from the private key in a manner that allows the value of the private key to be determined. Each issuing authority must use well-known algorithms and a large bit length for the generated keys to prevent an attacker from predicting the keys and causing problems. In addition, anyone requesting a digital certificate should take some time reading the Certificate Practice Statement of the issuing authority; it states the key length and the cryptographic and hash algorithms used. By doing so, all parties could prevent the creation of weak keys that can be determined by an intruder.  

>>> More Security Articles          >>> More By Eliana Stavrou

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort


- Secure Your Business for Data Privacy Day
- Google Testing Security Fob Password Alterna...
- Security News Highlights Concerns
- Going to Extremes for Data Security
- Skipfish Website Vulnerability Scanner
- Critical Microsoft Visual Studio Security Pa...
- US Faces Tech Security Expert Deficit
- LAN Reconnaissance
- An Epilogue to Cryptography
- A Sequel to Cryptography
- An Introduction to Cryptography
- Security Overview
- Network Security Assessment
- Firewalls
- What’s behind the curtain? Part II

Developer Shed Affiliates


Dev Shed Tutorial Topics: