BLU Discuss list archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Discuss] What key lengths are currently adequate?
- Subject: [Discuss] What key lengths are currently adequate?
- From: blu at nedharvey.com (Edward Ned Harvey (blu))
- Date: Sun, 7 Sep 2014 14:48:51 +0000
- In-reply-to: <1683637.ImKDo7NJRT@thinkpad>
- References: <1683637.ImKDo7NJRT@thinkpad>
> From: discuss-bounces+blu=nedharvey.com at blu.org [mailto:discuss- > bounces+blu=nedharvey.com at blu.org] On Behalf Of Bill Horne > > This key is 4096 bits, which I'm confident is > long enough for now, but I'm curious what the "minimum" recommended > key length is these days. The cryptographic strength should be at least 128, preferably 256. For estimating cryptographic strength of various keysizes (including RSA 4096), see here: http://grouper.ieee.org/groups/1619/email-3/pdfnnOaPiCVTm.pdf In RSA, they keysize grows relative to the square of the cryptographic strength, and unfortunately, so does the computation cost. RSA 1024 ~= 80 (insufficient in present day) RSA 2048 ~= 112 (still good enough for most purposes, for a little while longer) RSA 3072 ~= 128 (good) RSA 4096 ~= 128 (pointless but fine) RSA 16k ~= 256 (computationally impractical to use) Basically in RSA, 3072 is the last useful level for RSA. Because 4096 doesn't add significantly more strength, and by the time you get up to 16k, the processing time becomes prohibitive (like half an hour to generate a key, 1 minute to encrypt a packet, etc). We are currently in the last days of RSA being useful. Next up: ECC. By the way, I'm exaggerating the performance problems of RSA 16k, but it does literally take 7-30 minutes to generate a key. In ECC, the cryptographic strength is equal to about half the ECC key size. And ECC is way, way, way, way, way faster than RSA. Like, use any size key, and both key generation and use will all be measured in ms. (Might be hundreds of ms for the largest operations, but still, that's compared to half an hour to do the equivalent operation in RSA). Strangely, the ECC key sizes are 256, 384, and 521. (That's not a type-o, I meant 521 not 512.) So the crypto strengths are: ECC 256 ~= 128 ECC 384 ~= 192 ECC 521 ~= 260
- Follow-Ups:
- [Discuss] What key lengths are currently adequate?
- From: bill.n1vux at gmail.com (Bill Ricker)
- [Discuss] What key lengths are currently adequate?
- References:
- [Discuss] What key lengths are currently adequate?
- From: bill at horne.net (Bill Horne)
- [Discuss] What key lengths are currently adequate?
- Prev by Date: [Discuss] How do I add entropy?
- Next by Date: [Discuss] How do I add entropy?
- Previous by thread: [Discuss] What key lengths are currently adequate?
- Next by thread: [Discuss] What key lengths are currently adequate?
- Index(es):