3

Today my internet service provide gave me a customer agreement form to fill in. I found following line in it:

Permission limit for Encryption is 40 bit key per length in RSA algorithms, If customer is using higher than specific limit provide the relevent details and permission taken from telecom authority.

I don't have much knowledge of encryption, but use 1024/2048/4096 bit keys during public key pair generation during work.

Is limiting key size fine and norm (I am from India)? Will it impact when I am using some software requiring public key generation like github account key?

UPDATE : I searched more regarding limit and found some talking about 40 bit RSA, other about 40 bit symmetric algorithms limit. This look not logical as RSA is asymmetric. So I searched on original source on DOT website, and found http://dot.gov.in/sites/default/files/internet_telephony_lce.doc Where I found following statement. 

Individuals / Groups/ Organisations are permitted to use as customer encryption  upto 40 bit key length in the RSA algorithms or its equivalent in other algorithms without having to obtain permission. However, if encryption equipments higher than this limit  are to be deployed, individuals/groups/organisations shall do so with the permission of the Telecom Authority  and deposit the decryption key, split into two parts, with the Telecom Authority.

I thing this covers all (or all asymmetric) algorithms not just RSA, So situation look like more confusing.

kuldeep.kamboj
  • 183
  • 1
  • 7
  • IANAL, but the given document seems to apply to internet service providers, not to the subscribers of the service provided by such ISP. I'm wondering why you are given a form with such clause in it. Unless you are going to be providing the internet services to other people commercially, I can't see how it applies to regular internet user. – Lie Ryan Jan 30 '17 at 11:40
  • Besides, I can't see how such an incoherent regulation would stand to technical scrutiny in a proper court of law, and which every internet user would have violated. Aside, reading around the internet on the search term "india 40 bit rsa", the consensus seems to be that it is generally ignored, and [one article](https://www.nextbigwhat.com/indian-govt-to-ban-https-and-ssh-297/) mentioned that it's a proposal that was never implemented (though it didn't cite source). – Lie Ryan Jan 30 '17 at 12:07
  • @LieRyan, I agree with your comment, I have similar doubt why they included on form for customers while it should only for internet service providers. They have zero knowledge about this when I talk about this with them (May be their lawyers know more about it ). Also I read articles and most of them talk that their are no comprehensive law regulating encryption See http://sflc.in/faq-legal-position-of-encryption-in-india/ – kuldeep.kamboj Jan 30 '17 at 13:18
  • I also found a [blog post](http://toroid.org/dot-india-crypto-nonsense) from 2010 which states that the document where this is written is only a "informative document inviting proposals from ISPs". The link to the government website is also dead. So it sounds like your ISP just copied something from a draft they got from the DoT without really understanding it. But I am not from India and not a lawyer, so don't take this as advice to ignore the "regulation". – Josef Jan 30 '17 at 14:30

3 Answers3

5

Permission limit for Encryption is 40 bit key per length in RSA algorithms

This is totally nonsensical.

First some history: There was a time when key lengths were commonly restricted, particularly but not exclusively by the US government in export control regulations. (This was because encryption was considered a "dual use technology" with both civilian and military applications, and the alleged aim was to reduce the availability of encryption outside of the US that the US could not break. An easy way to do that is to restrict the key length, and the most accessible means for a government to do so is in national and export regulations.)

This key length was, for a long time, capped at 40 bits for symmetrical ciphers. The limit was eventually raised to 56 bits and later the limit was abandoned completely.

However, RSA is not a symmetrical cipher. It is an asymmetric cipher, which means that it uses different keys for encryption and decryption. There's a lot of math behind how this works, which is not necessary to understand, but which you can read about in Wikipedia's articles on public-key cryptography and the RSA cryptosystem specifically if you are curious. Basically, you pick numbers such that given a subset of those numbers the calculations involved in encryption are easy to do, but the calculations involved in decryption are difficult; you then distribute the set of numbers that make encryption easy, but keep the set of numbers that make decryption easy a secret.

Because this requires that keys have certain mathematical properties, keys must be significantly longer to provide a comparable level of security. RSA keys need to be a few thousand bits long to provide security comparable to that of 128-bit symmetric keys, which is generally considered the smallest symmetric key size that can be considered reasonably secure today. Compare Amount of simple operations that is safely out of reach for all humanity? here on Information Security SE. For RSA, absent a more exact specification, the "key size" generally refers to the size of the public modulus, which in RSA is a multiplicative product of two prime numbers. For RSA these days, the absolute minimum is generally considered to be a 1024 bits modulus, with 2048 bits strongly preferred wherever possible.

A 40-bit RSA key would be absolutely trivial to break.

Even a 40-bit symmetric key would be very easy to break with modern consumer hardware and naiive implementations.

Just to give you an idea, I'm browsing Stack Exchange over HTTPS, and they are using a 2048-bit RSA key.

TL;DR:

I don't know about the legal situation in India, but yes, governments have historically limited civilian access to "strong" encryption. What actually is considered "strong" encryption has changed over time. However, the specific limit as you wrote it is utterly nonsensical; there is no reason to use RSA with a 40-bit modulus, because you pay all the complexity in terms of implementation but gain nothing in terms of security because the key is so short. You would be better off not using encryption at all and knowing that you aren't, than using 40-bit RSA, and it is highly unlikely that any software will even allow you to create a 40-bit RSA key.

user
  • 7,700
  • 2
  • 30
  • 54
  • OpenSSL `genrsa` will do 40 bits -- and it's really really fast, not like the inconvenient waiting required for a secure length! Otherwise completely concur. – dave_thompson_085 Jan 28 '17 at 07:02
3

40 bits does not provide any meaningful security, and most websites will have this disabled (in fact, 40 bit RSA keys don't make sense, as pointed out by Michael). This is a bit of speculation, but I suspect this limit refers to the "Export Grade" encryption that used to be common in the 1990s, due to US export regulations. The background is that the US used to consider higher bit encryption as a military "secret" (because the US military had a hand in developing it), which was therefore subject to strict export rules (see this wikipedia article and Michael's answer for more background).

To answer your second question: yes, it will impact the use of public keys on github (although I suppose you could in theory avoid it by not using RSA -- you could use a DSA or an ECDSA key). However, note that normal web-browsing over HTTPS is also affected, in most cases.

Community
  • 1
Rens van der Heijden
  • 615
  • 4
  • 8
  • 1
    As I discussed in my answer, the 40 bits limitation for US "export grade" was for symmetrical ciphers. IIRC the upper limit at least for RSA was 512 bits. Also, it wasn't really a military secret -- if it had been, then it would have been unavailable also to US civilians -- but rather a "dual use" technology (could be used for civilian *as well as* military purposes). Of course, US export regulations had no bearing on algorithms or software developed outside of the US, of which there were plenty (128-bit IDEA for one, used in early versions of PGP). – user Jan 28 '17 at 13:47
-1

The agreement limits only the key length of an RSA. You can use a different algorithm, it is not limited by the agreement.

RSA is for asymmetric ciphers, if you use everything with symmetric encryption, RSA is eliminated.

Thus, if you use a strong VPN solution with a symmetric (i.e. non-RSA) algorithm, you can use anything over it. Note, you should share the symmetric key with the remote VPN server on a different channel, as your ISP.

Note, if you use RSA with a >40bit key length, and you embed it into a non-RSA channel, it is still limited by the agreement. Although the provider has no way to check, if you do this.

peterh
  • 2,958
  • 6
  • 26
  • 32
  • **upto 40 bit key length in the RSA algorithms or its equivalent in other algorithms** sounds like you are wrong! – Josef Jan 30 '17 at 14:25
  • @Josef Yes, it sounds really wrong, but I didn't say any similar. – peterh Jan 30 '17 at 14:41
  • What I mean is, the document from the government says "**upto 40 bit key length in the RSA algorithms or its equivalent in other algorithms**". The other document @kuldeep.kamboj had to sign says only RSA. But we don't know the whole document there. I would be cautious to assume it is only limited to RSA without further information. – Josef Jan 30 '17 at 14:56