# Cryptographic Algorithms
Algorithm Operation Status Alternative QCR
DES Encryption Avoid AES
3DES Encryption Legacy AES
RC4 Encryption Avoid AES

AES-CBC mode

AES-GCM mode

Encryption

Authenticated encryption

Acceptable

NGE

AES-GCM

✓ (256-bit)

✓ (256-bit)

DH-768, -1024

RSA-768, -1024

DSA-768, -1024

Key exchange

Encryption

Authentication

Avoid

DH-3072 (Group 15)

RSA-3072

DSA-3072

DH-2048

RSA-2048

DSA-2048

Key exchange

Encryption

Authentication

Acceptable

ECDH-256

ECDSA-256

DH-3072

RSA-3072

DSA-3072

Key exchange

Encryption

Authentication

Acceptable

ECDH-256

ECDSA-256

MD5 Integrity Avoid SHA-256

SHA-1

Integrity

Legacy

SHA-256

SHA-256

SHA-384

SHA-512

Integrity

NGE

SHA-384

HMAC-MD5 Integrity Legacy HMAC-SHA-256
HMAC-SHA-1 Integrity Acceptable HMAC-SHA-256
HMAC-SHA-256 Integrity NGE

ECDH-256

ECDSA-256

Key exchange

Authentication

Acceptable

ECDH-384

ECDSA-384

ECDH-384

ECDSA-384

Key exchange

Authentication

NGE

1. QCR = quantum computer resistant.

2. NGE = next generation encryption.

- Avoid: Algorithms that are marked as Avoid do not provide adequate security against modern threats and should not be used to protect sensitive information. It is recommended that these algorithms be replaced with stronger algorithms. - Legacy: Legacy algorithms provide a marginal but acceptable security level. They should be used only when no better alternatives are available, such as when interoperating with legacy equipment. It is recommended that these legacy algorithms be phased out and replaced with stronger algorithms. - Acceptable: Acceptable algorithms provide adequate security. - Next generation encryption (NGE): NGE algorithms are expected to meet the security and scalability requirements of the next two decades. For more information, see Next Generation Encryption. - Quantum computer resistant (QCR): There's a lot of research around quantum computers (QCs) and their potential impact on current cryptography standards. Although practical QCs would pose a threat to crypto standards for public-key infrastructure (PKI) key exchange and encryption, no one has demonstrated a practical quantum computer yet. It is an area of active research and growing interest. Although it is possible, it can't be said with certainty whether practical QCs will be built in the future. An algorithm that would be secure even after a QC is built is said to have postquantum security or be quantum computer resistant (QCR). AES-256, SHA-384, and SHA-512 are believed to have postquantum security. There are public key algorithms that are believed to have postquantum security too, but there are no standards for their use in Internet protocols yet. ## Additional References - NIST Post-Quantum Cryptography Project: https://csrc.nist.gov/projects/post-quantum-cryptography - Post Quantum Cryptography (Wikipedia): https://en.wikipedia.org/wiki/Post-quantum_cryptography