Key Length Comparison

When used, the Microsoft Enhanced Cryptographic Provider provides an application with stronger security than currently available with the Microsoft Base Cryptographic Provider. This provides users more protection in keeping sensitive data secure.

The following table shows the default key lengths supported by the Base Provider and the Enhanced Provider for the shown algorithms.

Algorithm
Base Provider
Enhanced Provider
RSA Key Exchange 512-bit 1,024-bit
RSA Signature 512-bit 1,024-bit
RC2 40-bit 128-bit
RC4 40-bit 128-bit
DES Not supported 56-bit
Triple DES (2-key) Not supported 112-bit
Triple DES (3-key) Not supported 168-bit

The Enhanced Provider is backward-compatible with the Base Provider distributed with CryptoAPI version 1.0, with the following exception. For session keys, both CSPs are limited to generating and deriving keys of default key length: 40-bit for the Base Provider, and 128-bit for the Enhanced Provider, which precludes the Enhanced Provider from creating keys with Base Provider–compatible key lengths. However, the Enhanced Provider can import key lengths of any size, up to 128-bits.

Warning If you use the Microsoft RSA Base Provider to create a certification authority, your license to issue certificates is limited to certificates intended for use in the context of your particular application or service.