Mathematician exposes weak DKIM keys

According to a report from Wired, mathematician Zachary Harris has discovered that many major sites use insufficiently long keys for the digital signatures in their emails. The email addresses of Google, PayPal, Yahoo, Amazon, eBay and many others are easy to forge, said Harris.

Many companies now use DomainKeys Identified Mail (DKIM) to include a digital signature and confirm that an email originated from their domain. When checking a job offer that appeared to come from Google, Harris noticed that the Google signature was easy to forge. He informed Google of the problem by sending Google CEO Larry Page an email that allegedly came from co-founder Sergey Brin and vice versa.

DKIM signatures are usually encrypted through public keys and the RSA method. Apparently, however, companies such as Google, eBay, Yahoo, Twitter and Amazon only use 512-bit keys. According to Harris, these keys can be cracked within three days in the cloud using Amazon Web Services (AWS) at a cost of about $75. Financial institutions such as PayPal, US Bank and HSBC reportedly use 768-bit keys that are also considered insecure. To make digital signatures effective, keys with a minimum length of 1,024 bits must be used for RSA; the US National Institute of Standards and Technology (NIST) even recommends a minimum length of 2,048 bits.

Harris has informed the affected companies together with the CERT at Carnegie Mellon University, prompting the companies to revoke their keys and issue new ones. In subsequent spot checks on sites such as PayPal, Google and eBay, The H's associates at heise Security only found 1,024-bit keys.

US-CERT has now published an advisory about the problem, specifically mentioning Google, Microsoft and Yahoo. The advisory also points out that some DKIM messages are sent in testing mode. According to RFC 6376, these should be treated as if they were not DKIM signed.

(crve)