Reference Guide
34 Secure Operation of the Module
RSA BSAFE Crypto-J JSAFE and JCE Software Module 6.2.5 Security Policy Level 1
with Level 2 Roles, Services and Authentication
• The iteration count shall be selected as large as possible, a minimum of
1000 iterations is recommended.
• The maximum key length is
(2
32
-1)*b, where b is the digest size of
the hash function.
• The key derived using PBKDF can be used as referred to in SP 800-132,
Section 5.4, option 1 and 2.
• Triple-DES:
– For two-key Triple-DES:
• The use of two-key Triple-DES for encryption is disallowed.
• Decryption using two-key Triple-DES is allowed for legacy-use.
The user should determine the risk of accepting the decrypted information
when processing more than 2
20
blocks of data encrypted using two-key
Triple-DES.
For more information about the use of two-key Triple-DES, see NIST Special
Publication 800-131A revision 1 Transitions: Recommendation for
Transitioning the Use of Cryptographic Algorithms and Key Lengths.
– For three-key Triple-DES:
• The use of three-key Triple-DES is approved.
• The user is responsible for ensuring the same Triple-DES key has a limit
of:
• 2
20
64-bit data block encryptions when keys are generated as part of
one of the recognized IETF protocols.
• 2
16
64-bit data block encryptions otherwise.
For more information about the use of three-key Triple-DES, see
NIST Special Publication 800-67 revision 2: Recommendation for the Triple
Data Encryption Algorithm (TDEA) Block Cipher.