BLOG

How long is your DKIM key?

While we were at M3AAWG, Wired published an article talking about how simple it was to crack DKIM keys. I didn’t post about it at the time because it didn’t really seem like news. DKIM keys smaller than 1024 are vulnerable and not secure and the DKIM spec does not recommend using keys smaller than 1024. When I asked the DKIM-people-who-would-know they did tell me that the news was that the keys had been cracked and used in the wild to spoof email.

Fair enough.

If you are signing with DKIM, use a key 1024 or longer. Anything shorter and your risk having the key cracked and your mail fraudulently signed.

This morning M3AAWG published recommendations on keeping DKIM keys secure.

  • Updating to a minimum 1024-bit key length.  Shorter keys can be cracked in 72 hours using inexpensive cloud services
  • Rotating keys quarterly
  • Setting signatures to expire after the current key rotation period and revoking old keys in the DNS
  • Using the key test mode only for a short time period and revoking the test key after the ramp-up
  • Implementing DMARC in monitoring mode and using DNS to monitor how frequently keys are queried. DMARC (Domain-based Message Authentication, Reporting and Conformance) is another standard often used in conjunction with DKIM
  • Using DKIM rather than Domain Keys, which is a depreciated protocol
  • Working with any third parties hired to send a company’s email to ensure they are adhering to these best practices

M3AAWG

Google took a good step in encouraging folks to upgrade to more secure keys. According to Return Path Gmail is currently failing DKIM for any key 512 and shorter. Keys between 512 and 1024 are still validating, but Gmail will start failing any keys smaller than 1024 in the near future.

 

5 comments

  1. Martijn says

    I think it’s good to mention here that, assuming Google does things the proper way, “failing DKIM” means they will pretend there is no DKIM key. They will not “fail” (i.e. block or bounce) the messages themselves. So if you’re reading this and your key length is 512 bits, you don’t have to fix it tonight, you can fix it first thing in the morning.

  2. protodave says

    After that vulnerability was reported I wrote tool to check DKIM TXT records and determine their key length so you can see if you are using a short key (less than 1024 bits):
    http://www.protodave.com/tools/dkim-key-checker/

  3. Kent says

    protodave, that’s a great little tool for checking DKIM keys….thanks.

  4. Kathy says

    you mean this article?
    http://www.wired.com/threatlevel/2012/10/dkim-vulnerability-widespread/

    1. laura says

      Yup. I even linked to it in my blog post.

Comment:

Your email address will not be published. Required fields are marked *

  • ReturnPath on DMARC+Yahoo

    Over at ReturnPath Christine has an excellent non-technical summary of the DMARC+Yahoo situation, along with some solid recommendations for what actions you might take to avoid the operational problems it can cause.No Comments


  • AOL problems

    Lots of people are reporting ongoing (RTR:GE) messages from AOL today.  This indicates the AOL mail servers are having problems and can't accept mail. This has nothing to do with spam, filtering or malicious email. This is simply their servers aren't functioning as well as they should be and so AOL can't accept all the mail thrown at them. These types of blocks resolve themselves. 1 Comment


  • Fixing discussion lists to work with new Yahoo policy

    Al has some really good advice on how to fix discussion lists to work with the new Yahoo policy. One thing I would add is the suggestion to actually check dmarc records before assuming policy. This will not only mean you're not having to rewrite things that don't need to be rewritten, but it will also mean you won't be caught flat footed if (when?) other free mail providers start publishing p=reject.No Comments


Archives