It’s past time to plan the abandonment of legacy crypto, warns the European Union Agency for Network and Information Security (ENISA) in a new 96-page study providing recommendations for crypto designers that also says most protocols are hard to install in a secure fashion.
The good news, however: behind the huge amount of detail that you’d have to work through if you were actually implementing crypto, ENISA says (PDF) there are only two decisions that have to be made at the high level:
1 – Is the legacy system you’re already using fit for purpose, in terms of its crypto primitive, scheme, protocol and key size? If the answer is no, ENISA makes a strong recommendation that the system be updated “as a matter of urgency”.
2 – Is the primitive, scheme, protocol or key size you’re looking at suitable for new deployments?
The second case, ENISA writes, depends on characteristics like proofs of security, key sizes of 128 bits of symmetric security or better, are well-studied and without structural weaknesses, are standardised, and have a reasonable existing installed base.