Key Length Comparison
The Microsoft Enhanced Cryptographic Provider provides an application with stronger security than currently available with the Microsoft Base Cryptographic Provider. Greater key length gives users more protection for sensitive data.
The following table lists the default key lengths supported by the Base Provider and the Enhanced Provider for standard algorithms.
|Algorithm||Base Provider||Strong and Enhanced Providers|
|RSA Key Exchange||512-bit||1,024-bit|
|Triple DES (2-key)||Not supported||112-bit|
|Triple DES (3-key)||Not supported||168-bit|
The Enhanced Provider is backward-compatible with the Base Provider distributed with earlier versions of CryptoAPI with the following exception. Both the base provider and the Enhanced Provider can only generate session keys of default key length. The default length of session keys for the Base Provider is 40 bits. The default key length for the Enhanced Provider is 128 bits. The Enhanced Provider cannot create keys with Base Provider-compatible key lengths. However, the Enhanced Provider can import key lengths of any size, up to 128 bits.