The IT Law Wiki

Security strength

32,284pages on
this wiki
Add New Page
Talk0 Share

Definition Edit

Security strength (also referred to as security level) is a number associated with the amount of work (that is, the number of operations) that is required to break a cryptographic algorithm or system. The security strength is specified in bits and is currently a value from the set {80, 112, 128, 192, 256}. 80 bits of security was good through December 31, 2010. Thereafter, NIST recommends 112 bits as the minimum.[1]

Overview Edit

The appropriate security strength to be used depends on the sensitivity of the data being protected, and needs to be determined by the owner of that data (e.g., a person or an organization). For the Federal government, a minimum security strength of 112 bits is required for applying cryptographic protection (e.g., for encrypting or signing data). Note that prior to 2014, a security strength of 80 bits was approved for applying these protections, and the current transitions reflect the change to a strength of 112 bits. However, a large quantity of data was protected at the 80-bit security strength and may need to be processed (e.g., decrypted or have a digital signature verified). The processing of this already-protected data at the lower security strength is allowed, but a certain amount of risk must be accepted.

References Edit

  1. Digital Signature Standard (DSS) 4 (FIPS 186-3) (June 2009).

Source Edit

See also Edit

Ad blocker interference detected!

Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.

Also on Fandom

Random Wiki