Choosing Algorithms
88 RSA BSAFE Crypto-C Developers Guide
Block Symmetric-Key Algorithms
The following considerations may help when choosing between DES, DESX, Triple
DES, and the RC2, RC5, and RC6 algorithms.
DES is a standard algorithm in use by many applications. Using DES ensures
widespread connectivity. However, DES is limited to an effective key size of 56 bits.
The cryptography community expects that, because of the continued increase in
computing power, within a few years, DES will not be strong enough to withstand
attacks. Triple DES is gaining in acceptance as a substitute for DES to counter this
problem.
DESX is viewed as a fast and secure alternative to Triple DES.
The RC2 algorithm is faster in software than DES and Triple DES and has gained
momentum in the marketplace, although it is not as widely implemented as DES. In
addition, the RC2 algorithm employs a variable key size, which allows you to increase
the security beyond that supplied by DES or Triple DES.
The RC5 algorithm is even faster than the RC2 algorithm; its speed and security can
be increased or decreased through the word size, rounds, and key length parameters.
In the years since it was developed, RC5 has received a lot of attention from the
cryptographic community. No serious weaknesses have been discovered during this
time, and RC5 is considered secure.
The RC6 algorithm is faster than the RC2 algorithm, and is also faster than the RC5
algorithm on most hardware. Like the RC5 algorithm, the RC6 algorithm has a
variable number of rounds, which has the potential to allow tradeoffs between speed
and security. Although the RC6 algorithm is fairly new, as a submission to the
Advanced Encryption System process, the algorithm has been made public and has
been subjected to intense scrutiny by the cryptographic community.
Unless communication with other applications that do not support the RC algorithms
is an issue, the RC2 and RC5 algorithms offer greater security and are much faster in
software than DES.
Key Agreement vs. Digital Envelopes
Both key agreement and digital envelopes allow two nodes communicating over an
unsecure medium to establish a secret symmetric-encryption key. Key agreement is
easier and faster when the two nodes are in current contact, such as in a phone
conversation. Crypto-C employs the Diffie-Hellman key agreement algorithm and the
implementation requires an interactive session.