Jump to content
Main menu
Main menu
move to sidebar
hide
Navigation
Main page
Recent changes
Random page
Help about MediaWiki
Special pages
Niidae Wiki
Search
Search
Appearance
Create account
Log in
Personal tools
Create account
Log in
Pages for logged out editors
learn more
Contributions
Talk
Editing
Key size
(section)
Page
Discussion
English
Read
Edit
View history
Tools
Tools
move to sidebar
hide
Actions
Read
Edit
View history
General
What links here
Related changes
Page information
Appearance
move to sidebar
hide
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
==Asymmetric algorithm key lengths== The effectiveness of [[public key cryptography|public key cryptosystems]] depends on the intractability (computational and theoretical) of certain mathematical problems such as [[integer factorization]]. These problems are time-consuming to solve, but usually faster than trying all possible keys by brute force. Thus, [[asymmetric key]]s must be longer for equivalent resistance to attack than symmetric algorithm keys. The most common methods are assumed to be weak against sufficiently powerful [[quantum computer]]s in the future. Since 2015, NIST recommends a minimum of 2048-bit keys for [[RSA (algorithm)|RSA]],<ref name="keymanagement">{{cite journal |url=http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57Pt3r1.pdf |archive-url=https://web.archive.org/web/20150226074432/http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57Pt3r1.pdf |archive-date=2015-02-26 |url-status=live |title=Recommendation for Key Management; Part 3: Application-Specific Key Management Guidance |date=2015-01-22 |page=12 |access-date=2017-11-24 |journal=NIST Special Publication |publisher=[[National Institute of Standards and Technology]] |doi=10.6028/NIST.SP.800-57pt3r1 |first1=Elaine |last1=Barker |first2=Quynh |last2=Dang}}</ref> an update to the widely accepted recommendation of a 1024-bit minimum since at least 2002.<ref>{{cite web|url=http://emc.com/emc-plus/rsa-labs/historical/a-cost-based-security-analysis-key-lengths.htm |title=A Cost-Based Security Analysis of Symmetric and Asymmetric Key Lengths |publisher=[[RSA Security|RSA Laboratories]] |access-date=2016-09-24 |url-status=dead |archive-url=https://web.archive.org/web/20170113075540/https://www.emc.com/emc-plus/rsa-labs/historical/a-cost-based-security-analysis-key-lengths.htm |archive-date=2017-01-13}}</ref> 1024-bit RSA keys are equivalent in strength to 80-bit symmetric keys, 2048-bit RSA keys to 112-bit symmetric keys, 3072-bit RSA keys to 128-bit symmetric keys, and 15360-bit RSA keys to 256-bit symmetric keys.<ref>{{cite journal |url=https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf |archive-url=https://web.archive.org/web/20200509101121/https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf |archive-date=2020-05-09 |url-status=live |title=Recommendation for Key Management: Part 1 – General |page=53 |journal=NIST Special Publication |publisher=[[National Institute of Standards and Technology]] |doi=10.6028/NIST.SP.800-57pt1r5 |first=Elaine |last=Barker |date=May 2020|s2cid=243189598 }}</ref> In 2003, [[RSA Security]] claimed that 1024-bit keys were likely to become crackable sometime between 2006 and 2010, while 2048-bit keys are sufficient until 2030.<ref name="twirl">{{cite web |url=http://emc.com/emc-plus/rsa-labs/historical/twirl-and-rsa-key-size.htm|title=TWIRL and RSA Key Size |publisher=[[RSA Security|RSA Laboratories]] |archive-url=https://web.archive.org/web/20170417095741/https://www.emc.com/emc-plus/rsa-labs/historical/twirl-and-rsa-key-size.htm |archive-date=2017-04-17 |url-status=dead |access-date=2017-11-24 |first=Burt |last=Kaliski |date=May 6, 2003 |df=ymd-all}}</ref> {{As of|2020}} the largest RSA key publicly known to be cracked is [[RSA-250]] with 829 bits.<ref>{{cite web |title=Factorization of RSA-250 |date=2020-02-28 |first=Paul |last=Zimmermann |publisher=Cado-nfs-discuss |url=https://lists.gforge.inria.fr/pipermail/cado-nfs-discuss/2020-February/001166.html |access-date=2020-07-12 |archive-date=2020-02-28 |archive-url=https://web.archive.org/web/20200228234716/https://lists.gforge.inria.fr/pipermail/cado-nfs-discuss/2020-February/001166.html |url-status=dead }}</ref> The Finite Field [[Diffie-Hellman]] algorithm has roughly the same key strength as RSA for the same key sizes. The work factor for breaking Diffie-Hellman is based on the [[discrete logarithm problem]], which is related to the integer factorization problem on which RSA's strength is based. Thus, a 2048-bit Diffie-Hellman key has about the same strength as a 2048-bit RSA key. [[Elliptic-curve cryptography]] (ECC) is an alternative set of asymmetric algorithms that is equivalently secure with shorter keys, requiring only approximately twice the bits as the equivalent symmetric algorithm. A 256-bit [[Elliptic-curve Diffie–Hellman]] (ECDH) key has approximately the same safety factor as a 128-bit [[Advanced Encryption Standard|AES]] key.<ref name="keymanagement"/> A message encrypted with an elliptic key algorithm using a 109-bit long key was broken in 2004.<ref>{{cite web|url=https://www.certicom.com/news-releases/300-solution-required-team-of-mathematicians-2600-computers-and-17-months- |title=Certicom Announces Elliptic Curve Cryptography Challenge Winner |date=2004-04-27 |access-date=2016-09-24 |publisher=[[BlackBerry Limited]] |url-status=dead |archive-url=https://web.archive.org/web/20160927063421/https://www.certicom.com/news-releases/300-solution-required-team-of-mathematicians-2600-computers-and-17-months- |archive-date=2016-09-27}}</ref> The [[National Security Agency|NSA]] previously recommended 256-bit ECC for protecting classified information up to the SECRET level, and 384-bit for TOP SECRET;<ref name=NSASuiteBphaseout>{{cite web|url=http://www.nsa.gov/ia/programs/suiteb_cryptography/index.shtml |title=NSA Suite B Cryptography |date=2009-01-15 |access-date=2016-09-24 |url-status=dead |archive-url=https://web.archive.org/web/20090207005135/http://www.nsa.gov/ia/programs/suiteb_cryptography/index.shtml |archive-date=2009-02-07 |publisher=[[National Security Agency]]}}</ref> In 2015 it announced plans to transition to quantum-resistant algorithms by 2024, and until then recommends 384-bit for all classified information.<ref name="NSAComSuite">{{cite web|url=https://apps.nsa.gov/iaarchive/programs/iad-initiatives/cnsa-suite.cfm |archive-url=https://web.archive.org/web/20220218193742/https://apps.nsa.gov/iaarchive/programs/iad-initiatives/cnsa-suite.cfm |archive-date=2022-02-18 |title=Commercial National Security Algorithm Suite |date=2015-08-09 |access-date=2020-07-12 |publisher=[[National Security Agency]]}}</ref>
Summary:
Please note that all contributions to Niidae Wiki may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
Encyclopedia:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)
Search
Search
Editing
Key size
(section)
Add topic
