For example, European and international users might want to use Cameilla rather than AES since Cameilla is NESSIE and ISO approved.
Though DES and AES are listed, any non-wounded or non-broken block cipher can be used. Symmetric Key is a block cipher algorithm that offers an equivalent strength. To break Diffie-Hellman via classical discrete logarithms, a number of methods could be employed: Index calculus, modified Pollard's rho, or Baby-step giant-step to name a few. It will take a computer, on average, approximately 2 80 operations to find a solution (think Big-Oh notation). For example, if someone says, 'My system uses 1024 Diffie Hellman", they are really stating their system has a security level of 80 bits (and because its Diffie Hellman, the problem domain is finite field). Security Bits estimate the computational steps or operations (not machine instructions) required to find a solution to the problem in the problem's domain (FF, IF, or EC). 112-bits is shaded because NIST allows 112-bits of security, but many cryptographers and organizations recommend 128-bits of security. In the table below, FF is finite field, IF is integer factorization, EC is elliptic curve. The yellow and green highlights are explained in the NIST Recommendations section. Triple DES is specified in SP800-67, Recommendation for the Triple Data Encryption Algorithm (TDEA) Block Cipher.
In the table below, 2TDEA is 2-key triple-DES and 3TDEA is 3-key triple-DES and sometimes referred to as just triple DES. The table below was taken from SP800-57, Recommendation for Key Management, Section 5.6.1. Security levels do not change when using Multiple Encryption, or encrypting the output of the first cipher with a second cipher. Finally, ECRYPT2 Yearly Report on Algorithms and Keysizes (2010) might also be of interest. SP800-131, Recommendation for the Transitioning of Cryptographic Algorithms and Key Lengths summarizes the information found in SP800-56 and SP800-57. NIST's official recommendations can be found in SP800-57, Part 1, Recommendation for Key Management, Section 5.6.1. Attacks against a DSA signature have two instance problems: the first is logarithms in the multiplicative group \displaystyle, where current methods run in square root time. The best known attack against integer factorization (ie, RSA moduli) is number field sieveing, while the best known attack on AES is paramount to guessing (some hand waiving and not considering reduced round attacks). It is the motivation for the "cryptographic arms race" metaphore: as attacks advance, so does the algorithm or its key. Maintaining security levels ensures a component meets minimum security requirements, and helps achieve the overall system security.Īn algorithm's security level is based on the best known attack on the algorithm. Put another way, a security level allows one to quantify "how strong" in statements such as "cryptographically strong algorithm". Security Levels are a formalization of 'strengths' of security, and are used to estimate a cipher's ability to protect data based upon an adversary's potential capabilities over time. Cryptographic algorithms provide different 'strengths' of security, depending on the algorithm and the key size used.
0 kommentar(er)
