Here's my take on cryptographic agility intended for application developers.
A security system is considered crypto agile if its cryptographic algorithms or parameters can be replaced with ease and is at least partly automated.
- Cryptographic agility
I believe there is a gradient of cryptographic agility:
- You have no idea what crypto is in your system;
- You have an idea of what crypto is in place but any changes require significant effort;
- You have complete track of your crypto and you have reliable transition plans should any changes be required;
- And any changes to your crypto can be managed with configuration to initiate and complete transitions between cryptographic algorithms.
The inability to adjust your cryptography would be the opposite of agile.
Okay, okay. I'll do it myself.
I just added integrity checks to my encryption but someone says it looks wrong on the internet!
Migrations are not easy. Here's some mistakes I see in this example:
- The same function is being used for different versions;
- It is subject to silent downgrade attacks because the signature can be removed;
- The same key is used for both the old and new version;
- AES-CBC is risky to implement in newer versions of anything;
- And the data does not identify and is not bound to which version and key it is encrypted with.