[Ach] Proposing RSA keylengths
cm at coretec.at
Tue Nov 5 18:26:18 CET 2013
On Tue, Nov 05, 2013 at 05:31:04PM +0100, Pepi Zawodsky wrote:
> I consider Moore's law to be in favour of our recommendations. Some performance problems fix themselves over time.
> So if you're running on 2048bit RSA you're likely ok, we recommend to opt for 4096bit RSA on new deployments if possible.
I ran a quick "openssl speed" on the various RSA lengths:
sign verify sign/s verify/s
rsa 1024 bits 0.000173s 0.000012s 5793.2 84958.0
rsa 2048 bits 0.001275s 0.000039s 784.6 25431.9
rsa 4096 bits 0.009251s 0.000147s 108.1 6783.1
For twice the key size, that's a factor of 7 for signing and a factor
of 3.something for verification; i.e. 2-3 years of Moore's law in
To me that means that if my keys are used in X.509 certs that I have
to renew every 1-2 years anyways, I'd postpone going to 4096 bits for
those 2 years.
SSH keys, OTOH, are rarely changed and produce way less crypto load,
so those'd be candidates for a 4096 bit recommendation.
BTW, allow me to introduce myself: I've been invited by Aaron Kaplan.
I'm doing security system design/implementation and pen-testing at
CoreTEC (www.coretec.at) and I'm in the IT security trade since 1997.
Before that, I was with one of Austria's first ISPs, PING/EUnet. I've
also been running a mixmaster remailer for more than a decade now, and
I'm generally interested in crypto from the application view -- don't
expect any cryptanalysis or higher math from me. I'm a linux guy who
tries to touch windows with the proverbial 10-foot pole only, and
have experience with postfix, apache, cyrus, dovecot, courier, INN.
Some of the stuff I've done can be seen on
https://www.tahina.priv.at/, including the results of an evening's
fiddling with the SSL cipher suites in mod_ssl...
Christian Mock Wiedner Hauptstr. 15
Senior Security Engineer 1040 Wien
CoreTEC IT Security Solutions GmbH +43-1-5037273
FN 214709 z
CoreTEC: Web Application Audit - Damit so etwas nicht passiert!
More information about the Ach