Encryption Algorithms

The following encryption algorithms are provided with Base SAS:
SAS Proprietary for SAS data set encryption with passwords
is a cipher that uses parts of the passwords that are stored in the SAS data set as part of the 32-bit rolling key encoding of the data. This encryption provides a medium level of security. With the speed of today’s computers, it could be subjected to a brute force attack on the 2,563,160,682,591 possible combinations of valid password values, many of which must produce the same 32-bit key.
Note: This algorithm is not FIPS 140-2 compliant.
SAS Proprietary Encryption for communications
is a cipher that provides basic fixed encoding services under all operating environments that are supported by SAS. The algorithm expands a single message to approximately one-third by using 32-bit fixed encoding. This encoding is used for passwords in configuration files, login passwords, internal account passwords, and so on.
Note: This algorithm is not FIPS 140-2 compliant.
RC2
is a block cipher that encrypts data in blocks of 64 bits. A block cipher is an encryption algorithm that divides a message into blocks and encrypts each block. The RC2 key size ranges from 8 to 256 bits. SAS/SECURE uses a configurable key size of 40 or 128 bits. (The NETENCRYPTKEYLEN system option is used to configure the key length.) The RC2 algorithm expands a single message by a maximum of 8 bytes. RC2 is an algorithm developed by RSA Data Security, Inc.
Note: This algorithm is not FIPS 140-2 compliant.
RC4
is a stream cipher. A stream cipher is an encryption algorithm that encrypts data one byte at a time. The RC4 key size ranges from 8 to 2048 bits. SAS/SECURE uses a configurable key size of 40 or 128 bits. (The NETENCRYPTKEYLEN system option is used to configure the key length.) RC4 is an algorithm developed by RSA Data Security, Inc.
Note: This algorithm is not FIPS 140-2 compliant.
DES (Data Encryption Standard)
is a block cipher that encrypts data in blocks of 64 bits by using a 56-bit key. The algorithm expands a single message by a maximum of 8 bytes. DES was originally developed by IBM but is now published as a U.S. Government Federal Information Processing Standard (FIPS 46-3).
Note: This algorithm is not FIPS 140-2 compliant.
TripleDES
is a block cipher that encrypts data in blocks of 64 bits. TripleDES executes the DES algorithm on a data block three times in succession by using a single 56-bit key. This has the effect of encrypting the data by using a 168-bit key. TripleDES expands a single message by a maximum of 8 bytes. TripleDES is defined in the American National Standards Institute (ANSI) X9.52 specification.
Note: TripleDES is a FIPS 140-2 compliant encryption algorithm.
AES (Advanced Encryption Standard)
is a block cipher that encrypts data in blocks of 128 bits by using a 256-bit key. AES expands a single message by a maximum of 16 bytes. Based on its DES predecessor, AES has been adopted as the encryption standard by the U.S. Government. AES is one of the most popular algorithms used in symmetric key cryptography. AES is published as a U.S. Government Federal Information Processing Standard (FIPS 197).
Note: AES is a FIPS 140-2 compliant encryption algorithm.
RSA (Rivest-Shamir-Adleman)
RSA is a public-key (or assymetric-key) cryptography algorithm and is widely used for secure data transmission. It is used for both encryption and authentication. Encryption and decryption are carried out using two different keys, the public key and the private key. A public-key system means the algorithm for encrypting a message is publicly known but the algorithm to decrypt the message is only privately known. In RSA, the public key is a large number that is a product of two primes, plus a smaller number. The private key is a related number.
Note: RSA is a FIPS 140-2 compliant signing algorithm.
DSA (Digital Signature Algorithm)
The Digital Signature Algorithm (DSA) is a public-key (or assymetric-key) cryptography algorithm. A digital signature is a mathematical scheme for demonstrating the authenticity of a digital message or document. A DSA algorithm is used to compute and verify digital signatures. Essentially, the DSA helps verify that data has not been changed after it is signed, thus providing message integrity.
In 1994, the National Institute of Standards and Technology (NIST) issued a Federal Information Processing Standard for digital signatures, known as the DSA or DSS. This was adopted as FIPS 186 in 1993.
Note: DSA is a FIPS 140-2 compliant signing algorithm.
MD5 (Message Digest)
is a series of byte-oriented algorithms that produce a 128-bit hash value from an arbitrary-length message. It is an algorithm used for hashing. It was developed by Rivest.
Note: This algorithm is not FIPS 140-2 compliant.
SHA-1 (Secure Hash Algorithm)
produces a 160-bit (20-byte) hash value. A SHA-1 hash value is typically rendered as a hexadecimal number, 40 digits long. This algorithm was developed by the U.S. National Security Agency (NSA) and published in 2001 by the NIST as a U.S. Federal Information Processing Standard (FIPS) PUB 180-1.
Note: SHA-1 is a FIPS 140-2 compliant hashing algorithm.
SHA-256 (Secure Hash Algorithm)
is essentially a 256-bit block cipher algorithm that encrypts the intermediate hash value using the message block as key. SHA stands for Secure Hash Algorithm. This algorithm was developed by the U.S. National Security Agency (NSA) and published in 2001 by the NIST as a U.S. Federal Information Processing Standard (FIPS) PUB 180-4.
Note: SHA-256 is a FIPS 140-2 compliant hashing algorithm.