"... In PAGE 5: ...Table 6: Symmetric Key Cipher Support Table6 presents an overview of the symmetric key cipher support in the servers we examined (here, the DES category includes 3-DES). As can be seen, nearly all the servers we surveyed support DES, RC2, and RC4.... ..."

"... In PAGE 5: ...Table 5: Symmetric Key MAC Support Table5 shows the MAC algorithm support discovered by PSST. Most servers we surveyed supported both.... ..."

"... In PAGE 7: ... The cryptography software packages, which we use, come with the development tools. As we see in Table1 , these security operations are fast. The longest operations are the public key operations, which take hundreds of milliseconds.... ..."

"... In PAGE 38: ... Additional Comments All NIST-recommended curves, key and modulus sizes must be tested to be used in a FIPS Approved mode of operation. For NIST-Recommended elliptic curves, the value of f is commonly considered to be the size of the private key ( Table2 , NIST SP 800-57). From this value the strength can be determined.... In PAGE 65: ...6.1, Comparable Algorithm Strength, contains Table2 , which provides comparable security strengths for the Approved algorithms. Table 2: Comparable strengths Bits of security Symmetric key ... In PAGE 65: ... A 256- bit AES key transport key could be used to wrap a 256-bit AES key. For key strengths not listed in Table2 above, the correspondence between the length of an RSA or a Diffie- Hellman key and the length of a symmetric key of an identical strength can be computed as: If the length of an RSA key L (this is the value of k in the fourth column of Table 2 above), then the length x of a symmetric key of approximately the same strength can be computed as: NIST CMVP Page 65 of 86 ... In PAGE 65: ... A 256- bit AES key transport key could be used to wrap a 256-bit AES key. For key strengths not listed in Table 2 above, the correspondence between the length of an RSA or a Diffie- Hellman key and the length of a symmetric key of an identical strength can be computed as: If the length of an RSA key L (this is the value of k in the fourth column of Table2 above), then the length x of a symmetric key of approximately the same strength can be computed as: NIST CMVP Page 65 of 86 ... ..."

"... In PAGE 10: ... 8. Precomputation time for half of the salts and for all salts as a function of the number of BEE2 modules Table1 compares our results with other hardware as well as software solutions. The only known hardware solution is [12] which attacked one 40-bit DES while our target was 25 56-bit DES blocks.... ..."

"... In PAGE 6: ... Knowing the key size is useless if you don apos;t know what type of algorithm is being used. But to give you some idea of what apos;s reasonable, Table2 , from [1], compares symmetric keys against one type of asymmetric key: those based on the \factoring problem quot; or the \discrete log problem. quot; (Algorithms based on the \elliptical curve discrete log problem quot; are more resistant to brute-force attacks and can use much smaller keys.... ..."