|System z on Facebook
Cryptographic Key Strengths for Data Encryption
Pratin Ashtekar 2700046SAG email@example.com | | Tags:  eysha_powers system_z_software crypto z/os system_z systemz security | 2,984 Visits
It has always been interesting to me how key strength is affected not only by key size but also by the algorithm.
TDES and AES symmetric keys both provide a means of encrypting and decrypting data shared between two or more parties.
TDES keys can be single (64-bit), double (128-bit), or triple (192-bit) length keys, but even the largest TDES key is considered weaker than the smallest AES key (128-bit). Besides the fact that DES keys have 8 bits of each block on reserve for parity, there are weaknesses in the algorithm due to the nature of the encrypt-decrypt-encrypt operation that is performed on the data. This makes TDES susceptible to meet-in-the-middle brute force attacks.
With a little digging you can find a couple of tables in the NIST Recommendations for Key Management (Section 5.6.1) that show the bit strengths vs key algorithms. It even explains their approach to determining key security by comparing how much work it takes to break a given algorithm relative to others. Key strengths for both symmetric/asymmetric algorithms and hashing algorithms are included in the tables.
A good reference!
We're kicking off a System z security blog series from the z/OS development lab. Stay tuned to the Mainframe Insights blog for more!
Eysha Shirrine is a software developer for the Integrated Cryptographic Services Facility (ICSF) product which provides data encryption and key management services on System z. She is an active member of the STG Crypto Customer Council and leads the software delivery team for ICSF. Prior to her work in ICSF, Eysha was a software developer and tester for Java Cryptography Extension (JCE, JCECCA, PKCS#11) on System z and performed function test for Enterprise Identity Mapping and Distributed Identity support on the Resource Access Control Facility (RACF) team. She has been with IBM for 9 years in the System z Middleware Security organization.