Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Key size
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
==Symmetric algorithm key lengths== IBM's [[Lucifer (cipher)|Lucifer cipher]] was selected in 1974 as the base for what would become the [[Data Encryption Standard]]. Lucifer's key length was reduced from 128 bits to [[56-bit encryption|56 bits]], which the [[National Security Agency|NSA]] and NIST argued was sufficient for non-governmental protection at the time. The NSA has major computing resources and a large budget; some cryptographers including [[Whitfield Diffie]] and [[Martin Hellman]] complained that this made the cipher so weak that NSA computers would be able to break a DES key in a day through brute force [[parallel computing]]. The NSA disputed this, claiming that brute-forcing DES would take them "something like 91 years".<ref>{{cite web |url=http://www.toad.com/des-stanford-meeting.html |title=DES Stanford-NBS-NSA meeting recording & transcript |website=Toad.com |access-date=2016-09-24 |archive-url=https://web.archive.org/web/20120503083539/http://www.toad.com/des-stanford-meeting.html |archive-date=2012-05-03 |url-status=dead }}</ref> However, by the late 90s, it became clear that DES could be cracked in a few days' time-frame with custom-built hardware such as could be purchased by a large corporation or government.<ref name="fortify">{{cite web |url=http://www.fortify.net/related/cryptographers.html |title=Minimal key lengths for symmetric ciphers to provide adequate commercial security |first1=Matt |last1=Blaze |author-link1=Matt Blaze |first2=Whitefield |last2=Diffie |author-link2=Whitfield Diffie |first3=Ronald L. |last3=Rivest |author-link3=Ron Rivest |first4=Bruce |last4=Schneier |author-link4=Bruce Schneier |first5=Tsutomu |last5=Shimomura |author-link5=Tsutomu Shimomura |first6=Eric |last6=Thompson |first7=Michael |last7=Wiener |date=January 1996 |publisher=[[Fortify (Netscape)|Fortify]] |access-date=14 October 2011 |df=ymd-all}}</ref><ref>[http://object.cato.org/sites/cato.org/files/pubs/pdf/bp51.pdf Strong Cryptography The Global Tide of Change], Cato Institute Briefing Paper no. 51, Arnold G. Reinhold, 1999</ref> The book ''Cracking DES'' (O'Reilly and Associates) tells of the successful ability in 1998 to break 56-bit DES by a brute-force attack mounted by a cyber civil rights group with limited resources; see [[EFF DES cracker]]. Even before that demonstration, 56 bits was considered insufficient length for [[symmetric-key algorithm|symmetric algorithm]] keys for general use. Because of this, DES was replaced in most security applications by [[Triple DES]], which has 112 bits of security when using 168-bit keys (triple key).<ref name=NISTSP800-131Ar2/> The [[Advanced Encryption Standard]] published in 2001 uses key sizes of 128, 192 or 256 bits. Many observers consider 128 bits sufficient for the foreseeable future for symmetric algorithms of [[Advanced Encryption Standard|AES]]'s quality until [[quantum computer]]s become available.{{citation needed|date=September 2013}} However, as of 2015, the U.S. [[National Security Agency]] has issued guidance that it plans to switch to quantum computing resistant algorithms and now requires 256-bit AES keys for data [[classified information in the United States|classified up to Top Secret]].<ref name=NSASuiteBphaseout/> In 2003, the U.S. National Institute for Standards and Technology, [[National Institute of Standards and Technology|NIST]] proposed phasing out 80-bit keys by 2015. At 2005, 80-bit keys were allowed only until 2010.<ref> {{cite journal |url=https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-57p1.pdf |archive-url=https://web.archive.org/web/20161213220801/http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-57p1.pdf |archive-date=2016-12-13 |url-status=live |title=Recommendation for Key Management β Part 1: General |date=2005-08-01 |access-date=2019-01-08 |journal=NIST Special Publication |publisher=[[National Institute of Standards and Technology]] |doi=10.6028/NIST.SP.800-57p1 |first1=Elaine |last1=Barker |first2=William |last2=Barker |first3=William |last3=Burr |first4=William |last4=Polk |first5=Miles |last5=Smid |at=Table 4, p. 66 }} </ref> Since 2015, NIST guidance says that "the use of keys that provide less than 112 bits of [[security strength]] for key agreement is now disallowed." NIST approved symmetric encryption algorithms include three-key [[Triple DES]], and [[Advanced Encryption Standard|AES]]. Approvals for two-key Triple DES and [[Skipjack (cipher)|Skipjack]] were withdrawn in 2015; the [[NSA]]'s Skipjack algorithm used in its [[Fortezza]] program employs 80-bit keys.<ref name=NISTSP800-131Ar2>{{cite web|url=http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf |title=Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths, NIST SP-800-131A Rev 2 |date=March 2019 |first1=Elaine |last1=Barker |first2=Allen |last2=Roginsky|website=Nvlpubs.nist.gov|access-date=2023-02-11 |df=ymd-all}}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)