Strong cryptography and the PCI DSS

The PCI DSS requires that credit card numbers are protected with "strong cryptography" or something equivalent. That's usually interpreted as meaning encryption that provides the equivalent of 112 bits of strength, like you get with three-key Triple-DES or an RSA key of 2,048 bits. But no way of protecting credit card numbers will get close to that much security. Here's why.

The strength of a way of protecting sensitive data is as strong as the easiest way for an attacker to recover the sensitive data. If the easiest way for him to do this involves cracking an encryption key that provides 112 bits of security, that's how much protection the sensitive data has. If there's an easier way, say one that takes only the effort equivalent to cracking an 80-bit key, then the data only has 80 bits of security. 

And that's exactly what we have with credit card numbers.

There are only 1015 possibilities for a typical 16-digit credit card number because the final digit is a checksum that's determined by the previous 15 digits. That means that an adversary can guess any credit card number in no more than 1015 attempts.

That's roughly the amount of guesses needed to crack a 50-bit cryptographic key (1015 is about 249.8), so that it's essentially impossible to get more that 50 bits of security for a 16-digit credit card number. It also means that worrying about "strong encryption" really isn't worth it. A 112-bit key won't provide any more security than a 50-bit key does because they're both equally hard to defeat.

There are lots of people in the payments industry who spend lots of time worrying about whether or not particular techniques qualify as "strong cryptography." It certainly looks like they ought to stop worrying about this particular issue and move on to more useful things.

Leave a Reply

Your email address will not be published. Required fields are marked *