It is widely believed that public/private keys or certificates are “more secure” than passwords.E.g., an SSH login via key rather than using a password. Or a site-to-site VPN with certificate authentication rather than a pre-shared key (PSK). However, even certificates and private keys are not unlimited secure. They can be compromised, too, since the public-key cryptography only implies that private keys won’t be exposed if a brute-force attack is nearly impossible.
So, what’s the real security level of passwords compared to public keys/certificates?The basic question is: How can an attacker brute-force a password or a private key? And how long does he need for that breach? In both cases he would be able to use these credentials to impersonate as the real person/device and could login into the system. So, what are the security levels (bits of security) for passwords compared to private keys / certificates?
(This post is not about an advice on how end users should use passwords or certificates in general, it’s about the math to crack a password or a certificate if you have the possibility to do so, e.g., when having the public key to brute-force it.)
Security LevelsThe following graph shows the security levels of passwords compared to private keys.It assumes that passwords are chosen randomly (!!!) out of 83 characters (0-9, a-z, A-Z, and 21 special characters, refer to Password Strength/Entropy ), while the security levels for the RSA / DLOG algorithms are taken from the ECRYPT II Yearly Report 2012 . The y-axis shows the security level (bits of security) while the five bars show the necessary key sizes and password lengths.
The raw values are the following:
RSA/DLOGSecurity Level
RSA/DLOG
PasswordSecurity Level
Password
512 50 8 51 768 62 10 63 1024 73 12 79 1536 89 14 89 2048 103 16 102For example, a 1024 bit RSA certificate offers 73 bits of security. This can be compared to a password with 12 characters, which offers 79 bits of security.
That is: To have a greater security level than 80 bits, RSA certificates with at least 1536 bits must be used while passwords need at least 14 characters. As a comparison to a 2048 bit certificate, a password must have 16 characters.
ConclusionCertificates or public/private keys are not “more secure” by default. It depends on the key size.If, for example, a pre-shared key with more than 16 characters is used for authenticating VPNs, it has the same security level as a 2048 bit certificate! Furthermore, the security of this PSK can be extended if more characters are used, while it is not easy in all situations to use longer key sizes for certificates.
However, it also heavily depends on the overall scenario!There are situations where a login via certificate is easier for the end user. Similarly, there are situations in which a simple password is better because of its handling, e.g. for site-to-site VPNs. If the password is long enough (and chosen randomly), there is no problem from the mere math perspective. However, the handling of certificates might be much easier and more secure in other situations. For example, you can use hardware security modules (HSM) for certificates that won’t ever expose the private key, while an easy pre-shared key might be copied to the wrong destination and it’s gone. That is: Though the bits of security might be comparable between public key cryptography and mere passwords, it still “depends”. ;)
Final note: For a login to a critical system, two-factor authentication should be used anyway. In this case, a password AND certificate can be used. Or a password and a token. Or a certificate and an SMS. Or or or.
Featured image: “ Computer Protection ” by Blue Coat Photos ( www.bluecoat.com/ ) is licensed under CC BY-SA 2.0 .