Keylength.com - Cryptographic Key Length from Fact Sheet NSA Suite B Cryptography (2005)

In most cryptographic functions, the key length is an important security parameter. Both academic and private organizations provide recommendations and mathematical formulas to approximate the minimum key size requirement for security. Despite the availability of these publications, choosing an appropriate key size to protect your system from attacks remains a headache as you need to read and understand all these papers. This web site implements mathematical formulas and summarizes reports from well-known organizations allowing you to quickly evaluate the minimum security requirements for your system. You can also easily compare all these techniques and find the appropriate key length for your desired level of protection.

The lengths provided here are designed to resist mathematic attacks; they do not take algorithmic attacks, hardware flaws, etc. into account.

Please enable JavaScript to fully utilize this website (Privacy Policy)

Choose a method



			NSA's goal in presenting Suite B [6] is to provide industry with a common set of cryptographic algorithms that they can use to create products that meet the needs of the widest range of US Government needs. Another suite of NSA, Suite A, contains classified algorithms that will not be released.

Type	Symmetric	Elliptic Curve	Hash

Secret	128	256	256
Top Secret	256	384	384

All key sizes are provided in bits. These are the minimal sizes for security.
Click on a value to compare it with other methods.

Suite B includes cryptographic algorithms for encryption, hashing, digital signatures and key exchange:

Encryption: Advanced Encryption Standard (AES) - FIPS 197
Hashing: Secure Hash Algorithm - FIPS 180-2
Digital Signature: Elliptic Curve Digital Signature Algorithm - FIPS 186-2
Key Exchange: Elliptic Curve Diffie-Hellman or Elliptic Curve MQV - Draft NIST SP 800-56

A key aspect of Suite B is its use of elliptic curve technology instead of classical public key technology. NSA has determined that beyond the 1024 bits public key cryptography in common use today, rather than increase key sizes beyond 1024 bits, a switch to elliptic curve technology is warranted.


© 2008		Keylength.com - v 17.10 - November 19, 2007
		Author: Damien Giry Approved by Prof. Jean-Jacques Quisquater Contact:

Surveys of laws and regulations on cryptology: Crypto Law Survey / Digital Signature Law Survey.


Bibliography	[1]	Selecting Cryptographic Key Sizes, Arjen K. Lenstra and Eric R. Verheul, PKC2000: p. 446-465, 01/2000.
	[2]	Handbook of Information Security, Arjen K. Lenstra, 06/2004.
	[3]	Yearly Report on Algorithms and Keysizes (2006), D.SPA.21 Rev. 1.1, IST-2002-507932 ECRYPT, 01/2007.
	[4]	Recommendation for Key Management, Special Publication 800-57 Part 1, NIST, 03/2007.
	[5]	Mécanismes cryptographiques - Règles et recommandations "standards", Rev. 1.10, DCSSI , 12/2006.
	[6]	Fact Sheet Suite B Cryptography, NSA, 02/2005.
	[7]	Determining Strengths for Public Keys Used for Exchanging Symmetric Keys, RFC 3766, H. Orman and P. Hoffman, 04/2004.
	[8]	Algorithms for Qualified Electronic Signatures, BNetzA, BSI, 02/2007 updated with BSI Draft, 07/2007.


Privacy Policy (P3P) \| Disclaimer / Copyright \| Release Notes