Security Considerations

Table 3-4 gives a summary of the recommended key sizes for the algorithms supported in Crypto-C. These recommendations were current at the time this manual went to press. Please note, however, that such recommendations are always provisional and can be affected by changes in the cryptographic state of the art.

Table 3-4Summary of Recommended Key Sizes

 

 

Organizational or

 

Algorithm

User Key

Long-Term Key

Root Key

 

 

 

 

AES

128 (192 or 256 is also

 

 

 

acceptable)

 

 

Diffie-Hellman

768-bit prime

1024-bit prime

2048-bit prime

DSA

768-bit prime

1024-bit prime

2048-bit prime

ECAES

160-170-bit modulus

Not recommended

 

 

 

at this time

EC Diffie-Hellman

160-170-bit modulus

Not recommended

 

 

 

at this time

ECDSA

160-170-bit modulus

Not recommended

 

 

 

at this time

RC2

––––––––––––––––––––––– 80-128 effective key bits––––––––––––––––––––––

RC4

–––––––––––––––––––––––––– 80-128 key bits–––––––––––––––––––––––––

RC5

–––––––––––––––––––––––– 80-128 key bits with

 

–––––––––––– 16 rounds for 32-bit word or 20 rounds for 64-bit word–––––––––––

RC6

–––––––––––––––––––– 80-128 key bits with 20 rounds –––––––––––––––––––

RSA

768-bit modulus

1024-bit modulus

2048-bit modulus

 

 

 

 

RSA Keys

The security of the RSA algorithm is based on the difficulty of factoring large integers. Therefore, the choice for the key size depends on the efficiency of integer-factoring algorithms. Because users will probably want a key pair to last a few years, it is advisable to choose a size that will not only remain secure against current state of the art factoring, but will probably defeat improved factoring attempts of the future. The RSA Laboratories publication, “Frequently Asked Questions About Today’s Cryptography,” describes current factoring capabilities.

For normal user data, RSA Security recommends a modulus size of 768 bits. For organization keys or for long-term applications, a 1024-bit modulus is advisable. For root keys, RSA Security recommends a 2048-bit modulus. This safeguards against

9 8

R S A B S A F E C r y p t o - C D e v e l o p e r ’s G u i d e

Page 120
Image 120
RSA Security 5.2.2 manual RSA Keys, 4Summary of Recommended Key Sizes