example, the Advanced Encryption Standard using a 192-bit key
(AES-192) provides stronger protection than the Advanced Encryption Standard using a 128-bit key (AES-128) because there
are more possible values for a 192-bit key than for a 128-bit key.
Generate a strong cryptographic key and transport it securely. If an attacker can get information about certain bits of
the key, then the encryption function using this key does not
provide the necessary level of protection. For example, if the key
is two bits and the attacker knows that the first bit of the key is
equal to the second bit, then the attacker needs to try only two
possible keys, 00 and 11, instead of four combinations.
Ideally, a cryptographic key is a randomly generated string of
bits that provides the attacker with no information about any
bits of the key. Keys can be generated using a Deterministic
Random Bit Generator, a function used to generate high-qual-
ity random bits for an encryption key. The National Institute of
Standards and Technology’s “Recommendation for Random
Number Generation Using Deterministic Random Bit Genera-
tors” recommends NIST-approved mechanisms for the genera-
tion of random bits using deterministic methods.
An encryption algorithm that uses a
longer key provides a greater level
of confidentiality protection.
In many secure communication protocols (e.g., TLS), the
cryptographic key may be generated through cooperation of
the encrypting and decrypting entities. NIST’s “
Recommendation for Key Management—Parts 1 and 2” provide guidelines on
these key agreement schemes.
In an application where the encrypting entity needs to share
the key with a separate decrypting entity, the key must be transported to the decrypting entity in a secure manner. This transportation can be done physically using an electronic device
such as a USB drive that holds the cryptographic key. It can also
be done electronically over a computer network. NIST’s “
Recommendation for Key Management—Parts 1 and 2” provide
guidelines on methods of secure key transport.
Encrypt all copies of the data. All data that require confidentiality protection should be encrypted if there is a possibility that
an unauthorized person could access it. Data at rest in an operational environment are frequently encrypted. However, all copies of data, including data in storage and back-up environments,
should also be encrypted to provide comparable protection.
Transition to NIST-approved encryption functions. Over
time, changes in the use of encryption may be necessary because of cryptographic attacks on encryption algorithms or the
availability of more powerful computing techniques and/or devices. Data encrypted in the past using a non-NIST–approved
encryption algorithm or a NIST-approved encryption algorithm
that has become obsolete should be encrypted using a current
NIST-approved encryption algorithm to ensure a strong level of
protection for the data. NIST’s “Transitions: Recommendation
for Transitioning the Use of Cryptographic Algorithms and Key
Lengths” identifies current approved algorithms and timelines
for acceptable use.
For more information on encryption processes and technologies, visit NIST’s Computer Security Resource Center at http://
Kevin Stine is an information security specialist and Quynh Dang is a computer scientist for the National Institute of Standards and Technology, Information Technology Laboratory, Computer Security Division.