Oracle Fusion Middleware Reference for Oracle Directory Server Enterprise Edition

### Key Length and Encryption Strength

The strength of encryption is related to the difficulty of discovering
the key, which in turn depends on both the cipher used and the length of the
key. For example, the difficulty of discovering the key for the RSA cipher
most commonly used for public-key encryption depends on the difficulty of
factoring large numbers, a well-known mathematical problem.

Encryption strength is often described in terms of the size of the keys
used to perform the encryption: in general, longer keys provide stronger encryption.
Key length is measured in bits. For example, 128-bit keys for use with the
RC4 symmetric-key cipher supported by SSL provide significantly better cryptographic
protection than 40-bit keys for use with the same cipher. Roughly speaking,
128-bit RC4 encryption is 3 x 10^{26} times stronger
than 40-bit RC4 encryption.

Different ciphers may require different key lengths to achieve the same
level of encryption strength. The RSA cipher used for public-key encryption,
for example, can use only a subset of all possible values for a key of a given
length, due to the nature of the mathematical problem on which it is based.
Other ciphers, such as those used for symmetric key encryption, can use all
possible values for a key of a given length, rather than a subset of those
values. Thus a 128-bit key for use with a symmetric-key encryption cipher
would provide stronger encryption than a 128-bit key for use with the RSA
public-key encryption cipher. This difference explains why the RSA public-key
encryption cipher must use a 512-bit key (or longer) to be considered
cryptographically strong, whereas symmetric key ciphers can achieve approximately
the same level of strength with a 64-bit key. Even this level of strength
may be vulnerable to attacks in the near future.