A cryptoperiod is the time span during which a specific cryptographic key is authorized for use. Common government guidelines[1] range from 1 to 3 years for asymmetric cryptography,[2] and 1 day to 7 days for symmetric cipher traffic keys.[3]
Factors to consider include the strength of the underlying encryption algorithm, key length, the likelihood of compromise through a security breach and the availability of mechanisms of revoking keys.
In traditional cryptographic practice, keys were changed at regular intervals, typically at the same time each day. The code word for a key change, in NSA parlance, is HJ or Hotel Juliet in the NATO phonetic alphabet.[4][5]
When cryptographic devices began to be used in large scale, those who had to update the key had to set a specific time to synchronize the re-key. This was accomplished at the hour (H) the Julian (J) Date changed, among crypto-accountants, managers and users the jargon "HJ" became the accepted term meaning it was time to change the crypto-key.[citation needed]
NESTOR in Vietnam
editDuring the Vietnam War, the United States issued its forces a series of secure voice encryption equipment code-named NESTOR. According to a U.S. Army history: "To maintain compatibility, key changes had to occur simultaneously in all units. The time chosen for this change was midnight, tactically the worst possible time because the greatest number of enemy contacts occurred from 2200 to 0200. Moreover, where several units shared the same keying device, having to move at night to change key settings was inconvenient and dangerous and added to the reasons for not using the equipment. Later the time of the daily NESTOR key change was moved to 0600."[6]
References
edit- ^ NIST Special Publication 800-57 Part 3 Revision, Recommendation for Key Management, Part 3: Application-Specific Key Management Guidance
- ^ "Keylength - NIST Report on Cryptographic Key Length and Cryptoperiod (2020)".
- ^ "CSEC: Cryptographic Algorithms". Archived from the original on 2011-06-17. Retrieved 2011-05-02.
- ^ "Telecommunications Handbook". U.S. Department of State Foreign Affairs. December 2010. Retrieved 2016-01-12.
- ^ "Common Crypto Terms".
- ^ Vietnam Studies—Division-Level Communications 1962-1973 Archived 2015-11-15 at the Wayback Machine, Lieutenant General Charles R. Myer, U.S. Department of the Army, 1982, Chapter 8
- Conduct Unbecoming, Randy Shilts, Macmillan, 2005, p. 117, describes HJ key change procedure