Choosing Algorithms

Block Symmetric-Key Algorithms

The following considerations may help when choosing between DES, DESX, Triple DES, and the RC2, RC5, and RC6 algorithms.

DES is a standard algorithm in use by many applications. Using DES ensures widespread connectivity. However, DES is limited to an effective key size of 56 bits. The cryptography community expects that, because of the continued increase in computing power, within a few years, DES will not be strong enough to withstand attacks. Triple DES is gaining in acceptance as a substitute for DES to counter this problem.

DESX is viewed as a fast and secure alternative to Triple DES.

The RC2 algorithm is faster in software than DES and Triple DES and has gained momentum in the marketplace, although it is not as widely implemented as DES. In addition, the RC2 algorithm employs a variable key size, which allows you to increase the security beyond that supplied by DES or Triple DES.

The RC5 algorithm is even faster than the RC2 algorithm; its speed and security can be increased or decreased through the word size, rounds, and key length parameters. In the years since it was developed, RC5 has received a lot of attention from the cryptographic community. No serious weaknesses have been discovered during this time, and RC5 is considered secure.

The RC6 algorithm is faster than the RC2 algorithm, and is also faster than the RC5 algorithm on most hardware. Like the RC5 algorithm, the RC6 algorithm has a variable number of rounds, which has the potential to allow tradeoffs between speed and security. Although the RC6 algorithm is fairly new, as a submission to the Advanced Encryption System process, the algorithm has been made public and has been subjected to intense scrutiny by the cryptographic community.

Unless communication with other applications that do not support the RC algorithms is an issue, the RC2 and RC5 algorithms offer greater security and are much faster in software than DES.

Key Agreement vs. Digital Envelopes

Both key agreement and digital envelopes allow two nodes communicating over an unsecure medium to establish a secret symmetric-encryption key. Key agreement is easier and faster when the two nodes are in current contact, such as in a phone conversation. Crypto-C employs the Diffie-Hellman key agreement algorithm and the implementation requires an interactive session.

8 8

R S A B S A F E C r y p t o - C D e v e l o p e r ’s G u i d e

Page 109 Page 111
Page 110
Image 110
RSA Security 5.2.2 manual Block Symmetric-Key Algorithms, Key Agreement vs. Digital Envelopes
Page 109 Page 111
Top Page Image Contents