Introducing Compliance to Suite B Cryptography
Updated: March 18, 2009
Applies To: Windows 7, Windows Server 2008 R2
This product evaluation topic for the IT professional describes changes to security technologies as a result of Suite B cryptographic compliance in Windows 7 and Windows Server 2008 R2.
Suite B is a group of cryptographic algorithms that is approved by the United States National Security Agency (NSA). Whereas Suite A is intended for highly sensitive communication and critical authentication systems, Suite B is a publicly available set of algorithms that establish a cryptographic standard for software encryption. Suite B's components are:
- Advanced Encryption Standard (AES-128 and AES-256)
- Elliptic Curve Digital Signature Algorithm (ECDSA)
- Elliptic Curve Diffie-Hellman (ECDH)
- Secure Hash Algorithm (SHA-256 and SHA-384)
Support for Suite B cryptographic algorithms was added in Windows Vista Service Pack 1 (SP1) and in Windows Server 2008 with the introduction of Cryptography Next Generation (CNG). For Windows 7 and Windows Server 2008 R2, several security technologies use Suite B algorithms, including:
- Transport Security Layer (TLS) authentication protocol (implemented in the Schannel authentication package)
For more information about what's new in TLS, see Introducing TLS v1.2.
- Encrypting File System (EFS)
For additional resources about Suite B and CNG, see: