Our world relies on secure digital cryptography. Secure doesn\u2019t mean unbreakable forever. No serious cryptographer will ever declare a cryptographic anything unbreakable. In fact, cryptographers always assume that every cryptographic algorithm will eventually be broken. The best pronouncement you can hope for from a crypto expert is that breaking it is \u201cnon-trivial,\u201d meaning that no apparent, easy to accomplish attacks are known. All cryptographic algorithms fall over time, and this has been more true and consistent than the highly respected Moore\u2019s Law, which drives computing evolution.What is crypto-agility?The recent flood of huge crypto breaks has been staggering. It seems like one after the other, and that\u2019s just in the last few months. That\u2019s why organizations need to be crypto-agile, expecting to transition from one encryption standard to another at a moment\u2019s notice. That\u2019s the world we live in.Crypto-agility has been a development concept within the crypto community for a long time. Even the widely used x.509 digital certificate standard (released in 1988) was created with crypto-agility in mind. You can use any conforming cipher to create asymmetric keys and certificates. You just have to indicate which one is being used (and how long the associated key) early on in the certificate so the \u201cconsumers\u201d can read and use it appropriately.Many companies, including Microsoft, have been talking about it publicly since at least 2010. (Full disclosure: I work for Microsoft.) But with the latest breaks, it\u2019s now more important than ever to make sure your crypto-systems are agile. Unfortunately, the world is full of non-agile crypto-systems. You probably have some. You might even be making some today.Cryptographic algorithms are falling every dayIn fact, it\u2019s hard to name a respected cryptographic algorithm that hasn\u2019t fallen in recent years. Not only did the widely used Secure Hash Algorithm (SHA-1) fall, but so did nearly every popular precursor hash algorithm (including MD4 and MD5). Even SHA-1\u2019s recommended predecessor, SHA-2, contains the same cryptographic weakness as SHA-1, but it\u2019s increased length protects it against easy breaking, at least for now.Today, SHA-3, the recommended replacement for SHA-1 and SHA-2, is what everyone should be using, but almost no hardware or software products support it. Within a few years, we all will be making the move to SHA-3. The question is: Will we do so before it, too, gets a noted public weakness?The ubiquitous Rivest-Shamir-Adleman (RSA) asymmetric cipher has been under constant attack since its introduction in 1977. Over the years, it has been successfully weakened, and improved, many times. The recently discovered Return of the Coppersmith Attack (ROCA) vulnerability in October 2017, which was a weak implementation of RSA keypair generation on Infineon\u2019s Trusted Platform Module (TPM) chips, impacted billions of security devices, including smartcards.This announced vulnerability had nearly every large company in the world scrambling to analyze their reliant crypto systems and replace vulnerable smartcards in a very short amount of time. If you\u2019re not familiar with the ROCA issue, just understand that it is a seismic problem and there are probably still billions of vulnerable devices and smartcards being used today that offer very little protection.In December 2017, ROCA was followed by the ROBOT attack, which found another RSA weakness that impacted a very large percentage of the HTTPS\/TLS websites, including over one-third of the most popular websites (e.g., Facebook and Paypal). ROBOT applied to many network security devices and load balancers. Both ROBOT and ROCA allowed passive listeners to decrypt encrypted traffic and to determine the sacred private key from capturing the widely distributed public key.Because RSA, and its related predecessor, Diffie-Hellman-Merkle, are getting long in the tooth (and likely successfully attacked by the NSA and other nation states), crypto admins are looking to move to anything looking more secure in the future. Many crypto-systems (including bitcoin) are using Elliptical Curve Cryptography (ECC), except for the NSA, which\u00a0has let it be quietly known, for unexplained reasons, that it doesn\u2019t recommend anyone use ECC.The NSA is recommending quantum cryptography for long-term security. That\u2019s great, except for the fact that quantum cryptography does not yet exist in sufficient quantities and protections to be useful in most scenarios. It is likely to be that way for another decade or more. When readers ask me for recommendations, I tell them to use one of the generally accepted standards along with larger key sizes.WPA2Even our wireless networks are more vulnerable than ever with the announcement of the KRACK attack in November 2017. For years, we\u2019ve been told that using the WPA2 protocol makes our wireless communications safe. KRACK changed that understanding. Its authors found a fatal re-transmission flaw that allowed them to decrypt WPA2 traffic, manipulate it, and inject malware without having to decrypt the common Wi-Fi \u201cpassword.\u201d \u00a0As stated in KRACK\u2019s introduction paragraph, \u201cThe attack works against all modern protected Wi-Fi networks\u2026if your device supports Wi-Fi, it is most likely affected.\u201d\u00a0 It\u2019s hard to be clearer than that. The author of KRACK explains the vulnerability and solutions well in his latest Blackhat talk.Crypto issues don\u2019t just impact companies and products. They can impact sovereignty. As Bruce Schneier reminded us recently, entire countries are learning from the mistakes of not being agile enough.Are you crypto-agile?You have to be crypto-agile as a user\/admin, and if applicable, as a developer. Crypto-agility is simply preparing (or easily allowing) for moving from one implemented cipher to another without having to re-do or re-write everything. In some instances, you might even be able to keep the same encryption keys and just move to related, safer, improved ciphers.If you\u2019re a user\/admin of crypto-products, and who isn\u2019t, you need to understand the importance of crypto-agility and start to look for it and demand it from your crypto-products and vendors. If you buy crypto products does it appear as if your vendors are aware of and practicing crypto agility?You need to stay up on the latest critical crypto news. Did you know about all the issues I mentioned above? Did you apply the needed patches and mitigations? Did you update your Wi-Fi routers, VPNs, load balancers, websites, security cameras, firmware, and TPM chips? Did you stop using what couldn\u2019t be fixed? I bet more companies than not are continuing to use encryption unaware that what they have been using to protect their data has become transparent.If your developers use cryptography, are they making sure that any included crypto is able to be replaced as needed without rebuilding everything from scratch? Many developers struggle with how to appropriately implement cryptographic routines at a basic level. Are they even aware of the concept of crypto-agility and why it is needed?If your company isn\u2019t crypto-agile, and most aren\u2019t, now is the time to start the education and inclusion of its concepts. The companies that understand and operate with crypto-agility awareness are going to be more efficient and secure over the long run.