Examining AD RMS and Exchange 2010 IRM's cryptographic modes

Does IRM and AD RMS’s relationship confuse you? What about their different cryptographic modes? It’s definitely a perplexing topic; our expert aims to demystify it.

Q: I hear a lot of about Information Rights Management for Exchange 2010, as well as its various cryptographic...

modes. Why are they important, and what should I know about them?

A: The primary purpose of Exchange 2010's Information Rights Management (IRM) feature is to prevent information leakage. In addition to adding transport protection for messages, IRM also makes it possible to distribute messages to specific users in specific forms, prevent screen captures with native Windows tools, protect message attachments and more.

IRM is actually a part of an overarching technology that is built into Active Directory and known as Active Directory Rights Management Services (AD RMS). Both AD RMS and IRM use professional-grade encryption. But AD RMS's most significant encryption features -- when it comes to IRM -- are its two distinct cryptographic modes.

When the Windows Server team released Windows Server 2008 R2 Service Pack 1, it included an update to AD RMS. This update changes how cryptography works in both AD RMS and IRM.

Cryptographic Mode 1 vs. Cryptographic Mode 2 in AD RMS and IRM
AD RMS uses Cryptographic Mode 1 by default. Mode 1 uses 1024-bit encryption keys for RSA and 160-bit keys for the SHA-1 hash algorithm. The Windows Server update added Cryptographic Mode 2, which uses 2048-bit keys for RSA and 256-bit keys for SHA-1, and it has also added the SHA-2 hash algorithm.

This seems like alphabet soup, doesn't it? Well, it's important, and here's why:

SHA-1 is normally used to generate hashes. A hash is a signature for a piece of data; think of it as a digital thumbprint. Normally, it's not possible to figure out what the data is from just looking at the hash, but in 2005, researchers found that it was possible to create a "hash collision."

A hash collision is a piece of data that generates the same SHA-1 hash as another piece of data in less time required than by brute force, which involves attempting every single SHA-1 hash to see which one generates a collision. A brute-force search of all possible SHA-1 hashes would take 2^80 operations, but researchers found the time involved could be shaved down to around 2^57 operations.

In other words, it has become much easier to use reverse-engineering and expose the messages signed with SHA-1. In addition, the amount of time required to exploit this vulnerability is going nowhere but down.

There are utilities that enable a brute-force SHA-1 search for a 16-character password in a matter of minutes using nothing more than a CUDA-compatible video card. Considering how the price for processing power continues to decrease, it has become quite easy to crack SHA-1 hashes. Right now, short objects such as passwords are the most vulnerable with SHA-1, but trend is clear.

This is why Cryptographic Mode 2 was introduced in AD RMS. It's a way for those who use AD RMS and IRM to gracefully transition to a higher encryption tier -- one that is a bit more future-proof and even comes with the U.S. government's seal of approval.

Granted, it's entirely possible that in 10 years, something could come along and easily compromise SHA-2 and 2048-bit RSA keys, but Cryptographic Mode 2 buys everyone some time.

Don't jump the gun on AD RMS Cryptographic Mode 2

Before you run off and switch AD RMS to Mode 2, there are several things to keep in mind.

1. Cryptographic Mode 2 is a one-way upgrade.

After implementing Cryptographic Mode 2, there's no going back. You cannot go back to Mode 1 unless you restore a backup for all relevant systems. Obviously, this backup needs to have been made before Mode 2 was set up.

This should be a maintenance milestone like upgrading to an entirely new version of an operating system.

2. You must set up Cryptographic Mode 2 on both clients and servers.

It's not enough to patch your AD servers and enable Mode 2 on them. Windows 7, for example, has a post-SP1 hotfix you must apply before you can use Mode 2. Microsoft Office 2007 and Office 2010 have their own hotfixes as well (for the sake of Microsoft Outlook, of course). In addition, if you have a trusted user domain (TUD), you'll need to enable Mode 2.

3. Exchange 2010 IRM features do not yet work with Cryptographic Mode 2.

If your IRM rollout is mission-critical, switching to Mode 2 will harm more than help. Microsoft is working on an Exchange 2010 hotfix to make Mode 2 work with IRM, but don't hold your breath waiting for it. It will be thoroughly regression-tested before it's released.

4. There's no sky-is-falling scenario that currently demands Cryptographic Mode 2.

Most of the limitations and shortcomings of Mode 1 cryptography are a matter of long-term planning, not short-term demand. Mode 2 is available not because Mode 1 is broken, but because it makes sense to provide a bridge away from older cryptographic standards that are becoming much easier to attack thanks to commodity computing power.

Serdar Yegulalp
has been writing about personal computing and IT for more than 15 years for a variety of publications, including (among others) Windows Magazine, InformationWeek and the TechTarget family of sites.

This was last published in July 2012

Dig Deeper on Email Encryption



Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: