NIST Security Strength Time Frames

Security Strength Time Frames of NIST SP 800-57 Part 1
Security Strength80112128192256
applying processing applying processing
through 2010 acceptable acceptable acceptable acceptable acceptable acceptable acceptable
2011 through2013 deprecated legacy use acceptable acceptable acceptable acceptable acceptable
2014 through 2030 disallowed legacy use acceptable acceptable acceptable acceptable acceptable
2031 and Beyond disallowed legacy use disallowed legacy use acceptable acceptable acceptable
Symmetric Algorithms 2TDEA 3TDEA AES-128 AES-192 AES-256
FFC (e.g., DSA, D-H) L = 1024
N = 160
L = 2048
N = 224
L = 3072
N = 256
L = 7680
N = 384
L = 15360
N = 512
IFC (e.g., RSA) k = 1024 k = 2048 k = 3072 k = 7680 k = 15360
ECC (e.g.,ECDSA) f = 160-223 f = 224-255 f = 256-383 f = 384-511 f = 512+
Digital Signatures and hash-only applications SHA-1,
SHA-224,
SHA-256,
SHA-384,
SHA-512
SHA-224,
SHA-256,
SHA-384,
SHA-512
SHA-256, SHA-384, SHA-512 SHA-384, SHA-512 SHA-512
HMAC SHA-1,
SHA-224,
SHA-256,
SHA-384,
SHA-512
SHA-1,
SHA-224,
SHA-256,
SHA-384,
SHA-512
SHA-1,
SHA-224,
SHA-256,
SHA-384,
SHA-512
SHA-224, SHA-256, SHA-384, SHA-512 SHA-256, SHA-384, SHA-512
Key Derivation Functions SHA-1,
SHA-224,
SHA-256,
SHA-384,
SHA-512
SHA-1,
SHA-224,
SHA-256,
SHA-384,
SHA-512
SHA-1,
SHA-224,
SHA-256,
SHA-384,
SHA-512
SHA-224, SHA-256, SHA-384, SHA-512 SHA-256, SHA-384, SHA-512
Random Number Generation SHA-1,
SHA-224,
SHA-256,
SHA-384,
SHA-512
SHA-1,
SHA-224,
SHA-256,
SHA-384,
SHA-512
SHA-1, SHA-224, SHA-256, SHA-384, SHA-512 SHA-224, SHA-256, SHA-384, SHA-512 SHA-256, SHA-384, SHA-512

Note (Reference from NIST SP 800-57 part 1, reversion 3):
  • "applying" and "processing" indicates whether cryptographic protection is being applied to data (e.g., encrypted), or whether cryptographically protected data is being processed (e.g., decrypted).
  • "Acceptable" indicates that the algorithm or key length is not known to be insecure. 
  • "Deprecated" means that the use of an algorithm or key length that provides the indicated security strength may be used if risk is accepted; note that the use deprecated algorithms or key lengths may have restrictions.
  • "Disallowed" means that an algorithm or key length shall not be used for applying cryptographic protection.
  • "Legacy use" means that an algorithm or key length may be used because of its use in legacy applications (i.e., the algorithm or key length can be used to process cryptographically-protected data).

Popular posts from this blog

JSSE Oracle Provider Preference of TLS Cipher Suites

TLS Server Name Indication Extension and Unrecognized_name

JEP 114: TLS SNI Extension - SunJSSE Behavior Changes