Chapter 3 Cryptography 99
Security Considerations
progress in factoring algorithms and improvements in computing power.
Diffie-Hellman Parameters and DSA Keys
The security of the Diffie-Hellman algorithm and DSA are both dependent on the
complexity of computing logarithms modulo a prime number. Generally, this is
equivalent to the complexity of the factoring problem, because modern factoring
algorithms generally apply to the discrete logarithm problem. Therefore, the designer
is advised to use similar sizes for the Diffie-Hellman parameters and DSA keys as for
RSA operations: a 768-bit prime for user keys, 1024-bit prime for organizational keys
and a 2048-bit prime for root keys.
Note: The Digital Signature Standard lists a maximum of 1024 bits for DSA, but the
algorithm does not have an inherent limit. Crypto-C’s implementation allows
up to 2048-bit DSA keys.
RC2 Effective Key Bits
A key with 80 to 128 effective key bits is sufficient for most applications using the RC2
algorithm.
RC4 Key Bits
An 80- to 128-bit key is sufficient for most applications using the RC4 cipher.
RC5 Key Bits and Rounds
An 80- to 128-bit key is sufficient for most applications using the RC5 cipher. Note
also that the security of the RC5 cipher is dependent on the number of rounds. For the
RC5 cipher with a 32-bit word size, RSA Security recommends at least 16 rounds for
applications; while no practical attacks are known for 12-round RC5-32, recent
cryptanalytic work suggests 16 rounds is now a more conservative choice. For the
RC5 cipher with a 64-bit word size, RSA Security recommends at least 20 rounds.
Triple DES Keys
It is possible to implement Triple DES with one, two, or three keys. One key in EDE
mode (encrypt-decrypt-encrypt) is equivalent to DES, and is used to provide
compatibility with applications that only understand DES. There are known attacks
against Triple DES using two keys, so RSA Security recommends using three keys.
