Key Length - How Long is Long Enough?

The security of any algorithm relates directly to how difficult its underlying problem is. For example, in the case of RSA (which uses a factoring problem), the size of the modulus (the number being factored) determines how secure an actual use is. Factoring large numbers takes more time than factoring smaller numbers, and the larger the modulus, the longer it would take an attacker to factor it.

In general, if a cryptosystem costs more to break than the data it protects is worth, then it's secure. But keep in mind that as computing power increases, cryptosystems become easier to crack through brute force. For example, a report on the RSA website estimates that a 512-bit RSA key can be factored for less than $1,000,000 in cost and eight months of effort now. RSA recommends that 512-bit keys do not currently provide sufficient security, and should be discontinued in favor of 768-bit keys for personal use, 1024 bits for corporate use, and 2048 bits for extremely valuable keys like the key pair of a certifying authority. A 768-bit key is projected to be secure through 2004 at a minimum.

To give some idea of how key length relates to complexity, RSA estimates that, a 256 bit modulus is easily factored by ordinary people, 384 bit keys can be broken by university research groups or companies, and 512 bits is within reach of major governments. 768-bit keys are secure for the short term, 1024-bit keys should be safe for the immediate future (excluding any major algorithmic advances) and keys of 2048 bits are considered by many to be secure for decades.


Table:Who Can Break my Key?

Key Length Potential Crackers
256 bitsordinary people
384 bitsuniversity research groups & crypto communities
512 bitsmajor governments
768 bitssecure in the short term
1024 bitssecure for the immediate future
2048 bitssecure for decades?


Home
Cryptography Defined/A Brief History of Cryptography
Popular Algorithms & How They Work
Cryptography in Everyday Life
America's Social/Political Debate
Resources & References


This document submitted as partial requirement for
ECO350k, Spring 1997 by Sarah Simpson