Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
Part 1: General - Computer Security Resource Center - National ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>Security</strong> life of data up to 4 years<br />
2010 2027 2031<br />
Algorithm originator<br />
usage period<br />
Algorithm security life<br />
Figure 2: Algorithm Originator Usage Period Example<br />
March, 2007<br />
When initiating cryptographic protections for information, the strongest algorithm and key size<br />
that is appropriate for providing the protection should be used in order to minimize costly<br />
transitions. However, it should be noted that selecting some algorithms or key sizes that are<br />
unnecessarily large may have adverse performance affects (e.g., the algorithm may be<br />
unacceptably slow).<br />
The process of transitioning to a new algorithm or a new key size may be as simple as selecting a<br />
more secure option in the security suites offered by the current system, or it can be as complex as<br />
building a whole new system. However, given that it is necessary to develop a new algorithm<br />
suite for a system, the following issues should be considered.<br />
1. Sensitivity of information and system lifetime: The sensitivity of the information<br />
that will need to be protected by the system for the lifetime of the new algorithm(s)<br />
should be evaluated in order to determine the minimum security requirement for the<br />
system. Care should be taken not to underestimate the lifetime of the system or the<br />
sensitivity of information that it may need to protect. Many decisions that were<br />
initially thought of as temporary or interim decisions have lasted well beyond their<br />
expected lifetimes.<br />
2. Algorithm selection: The new algorithms should be carefully selected to insure that<br />
they meet or exceed the minimum security requirement of the system. In general, it is<br />
relatively easy to select cryptographic algorithms and key sizes that offer high<br />
security. However, it is wise for the amateur to consult a cryptographic expert when<br />
70