148 CFB 3 key EVP_des_ede3_cfb des-ede3-cfb OFB 3 key EVP_des_ede3_ofb des-ede3-ofb ECB 2 key EVP_des_ede des-ede CBC 2 key EVP_des_ede_cbc des-ede-cbc CFB 2 key EVP_des_ede_cfb des-ede-cfb OFB 2 key EVP_des_ede_ofb des-ede-ofb

6.2.1.7 IDEA

The IDEA cipher is a good all-around block cipher with 128-bit keys and 64-bit blocks. It is fast and is widely regarded as strong. Its major drawback is that it is covered by patent in the U.S. and Europe. Nonetheless, you can use the algorithm without paying a fee for noncommercial purposes. IDEA is about 10 years old and has seen a fair amount of scrutiny. Bruce Schneier highly recommends the algorithm in Applied Cryptography, and it is commonly used with PGP. Table 6- 7 gives more information. Table 6-7. Referencing IDEA Cipher mode EVP call for cipher object String for cipher lookup ECB EVP_idea_ecb idea-ecb CBC EVP_idea_cbc idea-cbc CFB EVP_idea_cfb idea-cfb OFB EVP_idea_ofb idea-ofb

6.2.1.8 RC2™

The RC2 algorithm is a block cipher from RSA Labs. RC2 supports variable-length keys up to 128 bytes. OpenSSLs implementation uses a default length of 16 bytes 128 bits. Theres an additional parameter for setting the effective key strength. What this means is you can take, say, a 128-bit key and cripple it to 40 bits worth of security. We strongly recommend against using this parameter. RC2 is efficient and has no significant published weaknesses. However, the algorithm has not really seen a great deal of scrutiny, particularly compared to DES and AES. Table 6-8 gives the details. Table 6-8. Referencing RC2 Cipher mode EVP call for cipher object String for cipher lookup ECB EVP_rc2_ecb rc2-ecb CBC EVP_rc2_cbc rc2-cbc CFB EVP_rc2_cfb rc2-cfb OFB EVP_rc2_ofb rc2-ofb

6.2.1.9 RC4™

RC4 is a stream cipher with variable-length keys that can be up to 256 bytes long. RC4 was previously a trade secret but is now in common use due to the publication of a reverse-engineered, third-party implementation. If you use RC4 in a commercial product, RSA Security might come after you legally, even though it would be unlikely to win. The name RC4 is also trademarked, and you should consult RSA Security before using it. 149 RC4 is a stream cipher and is blazingly fast compared to the available block ciphers in OpenSSL. Its certainly the fastest algorithm currently implemented in OpenSSL. RC4 is also well-regarded as an algorithm. For this reason, and due to its widespread use in SSL, its vastly popular, though it is widely used with insecure 40-bit keys. RC4 is difficult to use well. The encryption algorithm itself is good, but some problems with the way it sets up keys require care in using it. In particular, RSA Security recommends you take one of the following two steps when using this algorithm: 1. Make sure that all key material is cryptographically hashed before use. The problem necessitating this solution is most prominent when frequently rekeying RC4. A common approach to frequent rekeying is to use a base key, and then concatenate with a counter. In RC4, that turns out to be a bad thing to do. If you take the key material and the counter and hash them together to get the actual key, the weakness goes away. The general recommendation of hashing all key material before use is a good one, no matter which cipher you use in your applications. 2. Discard the first 256 bytes of the generated key stream before using it. The easy way to do this is to encrypt 256 bytes of random data and discard the results. Additionally, as previously noted, it is particularly important to supplement use of RC4 with a MAC to ensure data integrity. See Table 6-9 for more information. Table 6-9. Referencing RC4 Key length EVP call for cipher object String for cipher lookup 40 bits EVP_rc4_40 rc4-40 128 bits EVP_rc4 rc4

6.2.1.10 RC5™