Discussion:
Recommended cryptographic key sizes?
(too old to reply)
David
2004-12-17 20:01:41 UTC
Permalink
Hi all,

I am searching the recommended cryptographic key sizes for securing
today's applications.

I found some recommendations in the next reference: B. Kaliski. TWIRL
and RSA Key Size. RSA Laboratories. Revised May 2003. Online at
http://www.rsasecurity.com/rsalabs/node.asp?id=2004.
In this technical note RSA recommends 1024-bit public keys and 80 bit
(AES) symmetric key till the year 2010 for equivalent security
level(See Table 1).

My questions are:
- Which organizations are globally recognized/accepted to set the
recommended cryptographic key sizes? Links?
- Can you provide any recommendations on cryptographic key sizes based
on personal experience/knowledge/expertise?
Your answers are certainly appreciated.

Thanks,
David
DJohn37050
2004-12-19 14:36:41 UTC
Permalink
NIST/ANSI X9F1 have such a table, the latest published one is in the form of 2
tables in the NIST key management guidelines; but it is out of date in that the
years are now 2010, 2030, 2031+, ditto and ditto for the 5 levels discussed.
Don Johnson
Markus Jansson
2004-12-19 21:30:00 UTC
Permalink
Post by David
- Which organizations are globally recognized/accepted to set the
recommended cryptographic key sizes? Links?
My guess is none. RSA maybe.
Post by David
- Can you provide any recommendations on cryptographic key sizes based
on personal experience/knowledge/expertise?
Symmetric: Use 256bits. There is really no point on using anything smalle=
r.
Asymmetric: Use 4096bit RSA. Again, there is no point on using anything=20
smaller, that gives about 140bits complexity to attack. Ofcourse, if you=20
can, move to 512bit ECC.

--=20
=EF=BB=BFMy computer security & privacy related homepage
http://www.markusjansson.net
Use HushTools or GnuPG/PGP to encrypt any email
before sending it to me to protect our privacy.
Francois Grieu
2004-12-23 12:44:03 UTC
Permalink
Post by David
I am searching the recommended cryptographic key sizes for securing
today's applications.
A useful and most cited reference
Arjen K. Lenstra, Eric R. Verheul: Selecting Cryptographic Key Sizes
(Journal of Cryptology, 2001)
http://citeseer.csail.mit.edu/467687.html


Fran<E7>ois Grieu

Loading...