DKIM 512 bit cracked, Gmail Policy Changes, And The Implications for Email Senders
On Oct 24, Wired.com published an article detailing how a clever mathematician got an email from a headhunter at Google, took it as a challenge, cracked the 512 bit DKIM key that Google sent the mail with, and wrote them back spoofing Gmail’s founders as the senders, setting off a chain reaction as the implications were examined.
As Google understood what had happened, they changed their own key to a more secure one, and rightly decided to change their policies about accepting incoming mail with weak DKIM keys. They announced that they would soon start failing keys that were weaker than 1024 bits. On Nov 9, Laura Atkins from Word to the Wise posted that Gmail was sending out warnings to postmasters that they would begin treating mail signed with a 512 bit key as unsigned within about a week.
What does this mean to you as a sender?
First, the good news:
Failing a DKIM check at Gmail or anywhere else does not mean your mail will bounce. It does not mean your mail will arbitrarily be placed in the spamfolder. It does not mean your domain’s chance of being hacked and spoofed have increased – those chances are the same as they ever were.
It does mean that Gmail will treat the mail the same as they would unsigned mail – with increased suspicion, which could have a negative impact on your IP’s reputation(s). It also means that your valuable domain is vulnerable to being spoofed in spam or used in a phishing attempt: The Wired article makes a point of noting that with modern computing power, a 512 bit key can be broken in 3 days. The US-CERT published a warning about this, saying “It is possible that an attacker could factor the encryption key for a domain that is using DKIM allowing them to sign emails originating from that domain. An attacker may be able to use a test signing key that is treated as trusted.”
What do you do?
- Check your DKIM key’s length, and if it is less than 1024 bits, change it immediately, and make sure to delete the old key. Leaving it in means your domain remains vulnerable.
- Make sure that you are not publishing your DKIM key in testing mode. A signer can indicate that a domain is testing DKIM by setting the DKIM Selector Flag (t=) flag to t=y. If yours is set that way, most receivers will treat the mail as unsigned.
- Rotate your keys regularly. We recommend this be done quarterly.
- Implement DMARC if you haven’t already done it. It can be a valuable tool to keep your domain secure.
How can you tell if your key is too short, or if Gmail is failing it?
You can check your key using this tool. A 512 key will look like this:
example._domainkey.example.com descriptive text “k=rsa\; p=AKDA3adkelLHaK653IuYD aVgIFc/FBvErvNOkCAwEAAQ==\;”
Kudos to the gentleman who started this ball rolling – Zachary Harris, mathematician. It’s a remarkable story, and I hope he got the job if he wanted it.