You’ve decided to use public key cryptography, and you need to know what size numbers you should use in your system. For example, if you want to use RSA, should you use 512-bit RSA or 4,096-bit RSA?

There’s some debate on this issue. When using RSA, we recommend a 2,048-bit instantiation for general-purpose use. Certainly don’t use fewer than 1,024 bits, and use that few only if you’re not worried about long-term security from attackers with big budgets. For Diffie-Hellman and DSA, 1,024 bits should be sufficient. Elliptic curve systems can use far fewer bits.

The commonly discussed
"
bit
size” of an algorithm should be an indication of the
algorithm’s strength, but it measures different
things for different algorithms. For example, with RSA, the bit size
really refers to the bit length of a public value that is a part of
the public key. It just so happens that the combined bit length of
the two secret primes tends to be about the same size. With
Diffie-Hellman, the bit length refers to a public value, as it does
with DSA.^{[1]} In
elliptic curve cryptosystems, bit length does roughly map to key
size, but there’s a lot you need to understand to
give an accurate depiction of exactly what is being measured (and
it’s not worth understanding for the sake of this
discussion—“key size” will
do!).

Obviously, we can’t always compare numbers directly, even across public key algorithms, never mind trying to make a direct comparison to ...

Start Free Trial

No credit card required