Data security is an old cat-and-mouse problem. Security is getting a lot more public attention since widely publicized breaches that affected millions of consumers. Any entity entrusted with personal data MUST be sure to have due diligence processes in place.
Peaxy Aureum builds in customizable security at five different levels:
- None
- Client authentication / PKI
- Kerberos 5 authentication
- Integrity (signing)
- Confidentiality (encryption on the wire)
We always recommend going all the way to the confidentiality level unless you have a good reason to do otherwise. The main algorithm is the cryptographic hash function. These are mathematical operations run on digital data. By comparing the computed “hash” (the output from execution of the algorithm) to a known and expected hash value, a person can determine the data’s integrity. A cryptographic hash function is a hash function that is considered practically impossible to invert, that is, to recreate the input data from its hash value alone. In practice, we are not concerned as concerned with inverting hash functions as we are with collision attacks.
It should be difficult to find two different messages that hash to the same value. Such a pair is called a cryptographic hash collision. This property is sometimes referred to as strong collision resistance. If a crook can craft a bogus message that has the same value as your genuine value, then you cannot recognize the crook’s message as being a fake.
Recently there has been a lot of talk about the strength of cryptographic hash functions. One popular metric has been the cost to crack an algorithm. The trade-off is that when an algorithm is very expensive to crack, only a government has the means to crack it, but you need a lot of computing power in your data center to run the algorithm. On the other side, an algorithm that can run on the controller of your toaster oven can be cracked by the whiz-kid next door.
For this reason, companies have stopped using the once popular MD5 algorithm years ago. A popular algorithm is SHA-1, or Secure Hash Algorithm. As of 2012, the prediction was that by 2015 it would cost $700,000 to perform a collision attack on SHA-1, which means that only larger organized crime syndicates could afford an attack. Unfortunately, recent progress in cracking techniques for GPUs has brought the cost down to $75,000 to $120,000 by renting Amazon EC2 cloud computing over a few months. This means that an individual criminal can afford to perform a full-on collision attack on SHA-1.
A group of crytpoanalysts just performed their demonstration on a 64-GPU cluster, which is composed of 16 nodes, each node being made of simple, cheap and widely available hardware: 4 GTX-970 GPUs, 1 Haswell i5-4460 processor and 16GB of RAM.
This is a strong incentive to move to the stronger SHA-2 standard, a set of cryptographic hash functions designed by the NSA (U.S. National Security Agency). It includes significant changes from its predecessor, SHA-1. The SHA-2 family consists of six hash functions with digests (hash values) that are 224, 256, 384 or 512 bits: SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256.
In Aureum, to guarantee the integrity of RPC messages (item four in the list above) we are using HMAC-SHA-512/256 (HMAC-SHA-512 with the output truncated to 256 bits to be slightly faster than HMAC-SHA-256).
In the current version of Aureum, our certificates are still signed with SHA-1. However, we already replaced it with SHA256 for our entire certificate chain in the next release. Because we take security so seriously, Peaxy is constantly innovating and using the latest accepted standards. Otherwise how could we stay ahead of the pack in this cat-and-mouse game?