##language:en ## 20160514 AK ---- [[SuggestKeySizes/CZ|Ĩesky]] | '''english''' ---- == Suggested Key Sizes == [[http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57_part1_rev3_general.pdf|NIST SP 800-57]] is the NIST's suggestion on what keylengths to use and expected timeframe that is will be useful. ||||||||||'''Recommended algorithms and minimum key sizes'''|| ||Algorithm security lifetimes||Symmetric key algorithms<
>(Encryption & MAC)||FFC<
>(e.g., DSA, D-H)||IFC<
>(e.g., RSA)||ECC<
>(e.g., ECDSA)|| ||Through 2010<
>(min. of 80 bits of strength)||2TDEA*<
>3TDEA<
>AES-128<
>AES-192<
>AES-256||Min.:<
>L = 1024;<
>N =160||Min.:<
>k=1024||Min.:<
>f=160|| ||Through 2030<
>(min. of 112 bits of strength)||3TDEA<
>AES-128<
>AES-192<
>AES-256||Min.:<
>L = 2048<
>N = 224||Min.:<
>k=2048||Min.:<
>f=224|| ||Beyond 2030<
>(min. of 128 bits of strength)||AES-128<
>AES-192<
>AES-256||Min.:<
>L = 3072<
>N = 256||Min.:<
>k=3072||Min.:<
>f=256|| Explanations: * FFC = Finite Field Cryptography; "L" = bit width of the public key, "N" = bit width of the private key. * IFC = Integer Factorization Cryptography; "k" = module size (bits). * ECC = Elliptic Curve Cryptography; "f" = minimal key size (bits). * The guarantee of at least 80-bits of security for 2TDEA is based on the assumption that an attacker has at most 240 matched plaintext and ciphertext blocks. Encryption with the strength of 80 is disallowed after 2013. That strength is no more considered as the secure one. * MAC = Message Authentication Code * DSA = Digital Signature Algorithm * D-H = Diffie-Hellmann (authors of the secure key exchange algorithm) * RSA = Rivest, Shamir, Adleman (authors of the non-symmetrical encryption-decryption algorithm with public and private keys) * ECDSA = Elliptic Curve Digital Signature Algorithm * 2TDEA = 2-keys Triple Data Encryption Algorithm * 3TDEA = 3-keys Triple Data Encryption Algorithm * AES = Advanced Encryption Standard ---- . CategorySystems . CategorySoftware