RSA Security 5.2.2 Diffie-Hellman Parameters and DSA Keys, RC2 Effective Key Bits, RC4 Key Bits

Security Considerations

progress in factoring algorithms and improvements in computing power.

Diffie-Hellman Parameters and DSA Keys

The security of the Diffie-Hellman algorithm and DSA are both dependent on the complexity of computing logarithms modulo a prime number. Generally, this is equivalent to the complexity of the factoring problem, because modern factoring algorithms generally apply to the discrete logarithm problem. Therefore, the designer is advised to use similar sizes for the Diffie-Hellman parameters and DSA keys as for RSA operations: a 768-bit prime for user keys, 1024-bit prime for organizational keys and a 2048-bit prime for root keys.

Note: The Digital Signature Standard lists a maximum of 1024 bits for DSA, but the algorithm does not have an inherent limit. Crypto-C’s implementation allows up to 2048-bit DSA keys.

RC2 Effective Key Bits

A key with 80 to 128 effective key bits is sufficient for most applications using the RC2 algorithm.

RC4 Key Bits

An 80- to 128-bit key is sufficient for most applications using the RC4 cipher.

RC5 Key Bits and Rounds

An 80- to 128-bit key is sufficient for most applications using the RC5 cipher. Note also that the security of the RC5 cipher is dependent on the number of rounds. For the RC5 cipher with a 32-bit word size, RSA Security recommends at least 16 rounds for applications; while no practical attacks are known for 12-round RC5-32, recent cryptanalytic work suggests 16 rounds is now a more conservative choice. For the RC5 cipher with a 64-bit word size, RSA Security recommends at least 20 rounds.

Triple DES Keys

It is possible to implement Triple DES with one, two, or three keys. One key in EDE mode (encrypt-decrypt-encrypt) is equivalent to DES, and is used to provide compatibility with applications that only understand DES. There are known attacks against Triple DES using two keys, so RSA Security recommends using three keys.