[Ach] Proposing RSA keylengths

christian mock cm at coretec.at
Tue Nov 5 18:26:18 CET 2013

On Tue, Nov 05, 2013 at 05:31:04PM +0100, Pepi Zawodsky wrote:
> I consider Moore's law to be in favour of our recommendations. Some performance problems fix themselves over time.
> So if you're running on 2048bit RSA you're likely ok, we recommend to opt for 4096bit RSA on new deployments if possible.

I ran a quick "openssl speed" on the various RSA lengths:

                  sign    verify    sign/s verify/s
rsa 1024 bits 0.000173s 0.000012s   5793.2  84958.0
rsa 2048 bits 0.001275s 0.000039s    784.6  25431.9
rsa 4096 bits 0.009251s 0.000147s    108.1   6783.1

For twice the key size, that's a factor of 7 for signing and a factor
of 3.something for verification; i.e. 2-3 years of Moore's law in

To me that means that if my keys are used in X.509 certs that I have
to renew every 1-2 years anyways, I'd postpone going to 4096 bits for
those 2 years.

SSH keys, OTOH, are rarely changed and produce way less crypto load,
so those'd be candidates for a 4096 bit recommendation.

BTW, allow me to introduce myself: I've been invited by Aaron Kaplan.
I'm doing security system design/implementation and pen-testing at
CoreTEC (www.coretec.at) and I'm in the IT security trade since 1997.
Before that, I was with one of Austria's first ISPs, PING/EUnet. I've
also been running a mixmaster remailer for more than a decade now, and
I'm generally interested in crypto from the application view -- don't
expect any cryptanalysis or higher math from me. I'm a linux guy who
tries to touch windows with the proverbial 10-foot pole only, and
have experience with postfix, apache, cyrus, dovecot, courier, INN.
Some of the stuff I've done can be seen on
https://www.tahina.priv.at/, including the results of an evening's
fiddling with the SSL cipher suites in mod_ssl...


Christian Mock                          Wiedner Hauptstr. 15
Senior Security Engineer                1040 Wien
CoreTEC IT Security Solutions GmbH      +43-1-5037273
FN 214709 z

CoreTEC: Web Application Audit - Damit so etwas nicht passiert!



More information about the Ach mailing list