distrib > Mageia > cauldron > i586 > by-pkgid > 92a9f9a2ff17105809ab69f8e09db031 > files > 59


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"

<html xmlns="">
    <meta http-equiv="X-UA-Compatible" content="IE=Edge" />
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title>Algorithms &#8212; Botan</title>
    <link rel="stylesheet" href="_static/agogo.css" type="text/css" />
    <link rel="stylesheet" href="_static/pygments.css" type="text/css" />
    <script type="text/javascript" id="documentation_options" data-url_root="./" src="_static/documentation_options.js"></script>
    <script type="text/javascript" src="_static/jquery.js"></script>
    <script type="text/javascript" src="_static/underscore.js"></script>
    <script type="text/javascript" src="_static/doctools.js"></script>
    <script type="text/javascript" src="_static/language_data.js"></script>
    <link rel="index" title="Index" href="genindex.html" />
    <link rel="search" title="Search" href="search.html" />
    <link rel="next" title="Build Log" href="build_log.html" />
    <link rel="prev" title="PGP Code Signing Key" href="pgpkey.html" /> 
    <div class="header-wrapper">
      <div class="header">

    <div class="content-wrapper">
      <div class="content">
        <div class="document">
      <div class="documentwrapper">
        <div class="bodywrapper">
          <div class="body" role="main">
  <div class="section" id="algorithms">
<span id="algo-list"></span><h1>Algorithms<a class="headerlink" href="#algorithms" title="Permalink to this headline">¶</a></h1>
<div class="section" id="supported-algorithms">
<h2>Supported Algorithms<a class="headerlink" href="#supported-algorithms" title="Permalink to this headline">¶</a></h2>
<p>Botan provides a number of different cryptographic algorithms and
primitives, including:</p>
<ul class="simple">
<li>Public key cryptography<ul>
<li>Encryption algorithms RSA, ElGamal, DLIES (padding schemes OAEP,
PKCS #1 v1.5)</li>
<li>Signature algorithms RSA, DSA, ECDSA, GOST 34.10-2001,
Nyberg-Rueppel, Rabin-Williams (padding schemes PSS, PKCS #1 v1.5,
<li>Key agreement techniques Diffie-Hellman and ECDH</li>
<li>Hash functions<ul>
<li>NIST hashes: SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512</li>
<li>RIPE hashes: RIPEMD-160 and RIPEMD-128</li>
<li>SHA-3 candidates Skein-512, Keccak, and Blue Midnight Wish-512</li>
<li>Other common hash functions Whirlpool and Tiger</li>
<li>National standard hashes HAS-160 and GOST 34.11</li>
<li>Obsolete or insecure hashes MD5, MD4, MD2</li>
<li>Non-cryptographic checksums Adler32, CRC24, CRC32</li>
<li>Block ciphers<ul>
<li>AES (Rijndael) and AES candidates Serpent, Twofish, MARS, CAST-256, RC6</li>
<li>DES, and variants 3DES and DESX</li>
<li>National/telecom block ciphers SEED, KASUMI, MISTY1, GOST 28147, Skipjack</li>
<li>Other block ciphers including Blowfish, CAST-128, IDEA, Noekeon,
TEA, XTEA, RC2, RC5, SAFER-SK, and Square</li>
<li>Block cipher constructions Luby-Rackoff and Lion</li>
<li>Block cipher modes ECB, CBC, CBC/CTS, CFB, OFB, CTR, XTS and
authenticated cipher mode EAX</li>
<li>Stream ciphers ARC4, Salsa20/XSalsa20, Turing, and WiderWake4+1</li>
<li>Authentication codes HMAC, CMAC (aka OMAC1), CBC-MAC, ANSI X9.19
DES-MAC, and the protocol-specific SSLv3 authentication code</li>
<li>Public Key Infrastructure<ul>
<li>X.509 certificates (including generating new self-signed and CA
certs) and CRLs</li>
<li>Certificate path validation</li>
<li>PKCS #10 certificate requests (creation and certificate issue)</li>
<li>Other cryptographic utility functions including<ul>
<li>Key derivation functions for passwords: PBKDF1 (PKCS #5 v1.5),
PBKDF2 (PKCS #5 v2.0), OpenPGP S2K (RFC 2440)</li>
<li>General key derivation functions KDF1 and KDF2 from IEEE 1363</li>
<li>PRFs from ANSI X9.42, SSL v3.0, TLS v1.0</li>
<div class="section" id="recommended-algorithms">
<h2>Recommended Algorithms<a class="headerlink" href="#recommended-algorithms" title="Permalink to this headline">¶</a></h2>
<p>This section is by no means the last word on selecting which
algorithms to use.  However, botan includes a sometimes bewildering
array of possible algorithms, and unless you’re familiar with the
latest developments in the field, it can be hard to know what is
secure and what is not. The following attributes of the algorithms
were evaluated when making this list: security, standardization,
patent status, support by other implementations, and efficiency (in
roughly that order).</p>
<p>It is intended as a set of simple guidelines for developers, and
nothing more.  It’s entirely possible that there are algorithms that
will turn out to be more secure than the ones listed, but the
algorithms listed here are (currently) thought to be safe.</p>
<ul class="simple">
<li>Block ciphers: AES or Serpent in CBC, CTR, or XTS mode</li>
<li>Hash functions: SHA-256, SHA-512</li>
<li>MACs: HMAC with any recommended hash function</li>
<li>Public Key Encryption: RSA with “EME1(SHA-256)”</li>
<li>Public Key Signatures: RSA with EMSA4 and any recommended hash, or
DSA or ECDSA with “EMSA1(SHA-256)”</li>
<li>Key Agreement: Diffie-Hellman or ECDH, with “KDF2(SHA-256)”</li>

        <div class="sidebar">
          <h3>Table of Contents</h3>
<li class="toctree-l1"><a class="reference internal" href="index.html">Welcome</a></li>
<li class="toctree-l1"><a class="reference internal" href="reading.html">Recommended Reading</a></li>
<li class="toctree-l1"><a class="reference internal" href="building.html">Building The Library</a></li>
<li class="toctree-l1"><a class="reference internal" href="firststep.html">Getting Started</a></li>
<li class="toctree-l1"><a class="reference internal" href="filters.html">Information Flow: Pipes and Filters</a></li>
<li class="toctree-l1"><a class="reference internal" href="pubkey.html">Public Key Cryptography</a></li>
<li class="toctree-l1"><a class="reference internal" href="x509.html">Certificate Handling</a></li>
<li class="toctree-l1"><a class="reference internal" href="ssl.html">SSL and TLS</a></li>
<li class="toctree-l1"><a class="reference internal" href="bigint.html">BigInt</a></li>
<li class="toctree-l1"><a class="reference internal" href="lowlevel.html">The Low-Level Interface</a></li>
<li class="toctree-l1"><a class="reference internal" href="secmem.html">Secure Memory Containers</a></li>
<li class="toctree-l1"><a class="reference internal" href="kdf.html">Key Derivation Functions</a></li>
<li class="toctree-l1"><a class="reference internal" href="pbkdf.html">PBKDF Algorithms</a></li>
<li class="toctree-l1"><a class="reference internal" href="passhash.html">Password Hashing</a></li>
<li class="toctree-l1"><a class="reference internal" href="rng.html">Random Number Generators</a></li>
<li class="toctree-l1"><a class="reference internal" href="fpe.html">Format Preserving Encryption</a></li>
<li class="toctree-l1"><a class="reference internal" href="python.html">Python Binding</a></li>

          <div role="search">
            <h3 style="margin-top: 1.5em;">Search</h3>
            <form class="search" action="search.html" method="get">
                <input type="text" name="q" />
                <input type="submit" value="Go" />
                <input type="hidden" name="check_keywords" value="yes" />
                <input type="hidden" name="area" value="default" />
        <div class="clearer"></div>

    <div class="footer-wrapper">
      <div class="footer">
        <div class="left">
          <div role="navigation" aria-label="related navigaton">
            <a href="pgpkey.html" title="PGP Code Signing Key"
              accesskey="P">previous</a> |
            <a href="build_log.html" title="Build Log"
              accesskey="N">next</a> |
            <a href="genindex.html" title="General Index"
          <div role="note" aria-label="source link">
              <a href="_sources/algos.txt"
                rel="nofollow">Show Source</a>

        <div class="right">
    <div class="footer" role="contentinfo">
        &#169; Copyright 2000-2011, Jack Lloyd.
      Created using <a href="">Sphinx</a> 1.8.3.
        <div class="clearer"></div>