|Designers||National Security Agency|
|Key sizes||320 bits (160 effective)|
|Block sizes||96, 128 bits|
While the BATON algorithm itself is secret (as is the case with all algorithms in the NSA's Suite A), the public PKCS#11 standard includes some general information about how it is used. It has a 320-bit key and uses a 128-bit block in most modes, and also supports a 96-bit electronic codebook mode. 160 bits of the key are checksum material. It supports a "shuffle" mode of operation, like the NSA cipher JUNIPER. It may use up to 192 bits as an initialization vector, regardless of the block size.
BATON is used in a variety of products and standards:
- APCO Project 25 (Public standard for land mobile radio) (Algorithm IDs 01 and 41)
- PKCS#11 (Public standard for encryption tokens)
- CDSA/CSSM (Another public standard)
- HAIPE-IS (NSA's version of IPsec)
- FNBDT (Advanced flexible voice security protocol)
- Thales Datacryptor 2000 (a British network-encryption box)
- SecNet-11 (a crypto-secure 802.11b PC Card, based on the Sierra chip)
- Fortezza Plus (a PC Card product, used in the STE)
- SafeXcel-3340 (a HAIPIS network-encryption box)
- Numerous embeddable encryption modules: AIM, CYPRIS, MYK-85, Sierra (microchip), etc.