Cryptographic Key Length Recommendation

In most cryptographic functions, the key length is an important security parameter. Both academic and private organizations provide recommendations and mathematical formulas to approximate the minimum key size requirement for security. Despite the availability of these publications, choosing an appropriate key size to protect your system from attacks remains a headache as you need to read and understand all these papers.

This web site implements mathematical formulas and summarizes reports from well-known organizations allowing you to quickly evaluate the minimum security requirements for your system. You can also easily compare all these techniques and find the appropriate key length for your desired level of protection. The lengths provided here are designed to resist mathematic attacks; they do not take algorithmic attacks, hardware flaws, etc. into account.

Choose a Method
This report [8] describes recommendations from the German federal office for information security, BSI.
Date Symmetric Factoring
Modulus
Discrete Logarithm
Key Group
Elliptic Curve Hash
2020 - 2022 128 2000
250 2000
250
SHA-256
SHA-512/256
SHA-384
SHA-512
SHA3-256
SHA3-384
SHA3-512
2023 - 2026 128 3000
250 3000
250
SHA-256
SHA-512/256
SHA-384
SHA-512
SHA3-256
SHA3-384
SHA3-512
All key sizes are provided in bits. These are the minimal sizes for security.
Click on a value to compare it with other methods.
As a transitional measure, the use of RSA-based signature and confidentiality mechanisms with a key size of at least 2000 bits remain conform for the year 2023.

For information, the BSI publishes specific recommendations for the TLS, IPsec and SSH protocols in the document Cryptographic Mechanisms: Recommandations and Key Lengths: Use of Transport Layer Security (TLS) - TR-02102-2.


© 2024 BlueKrypt - v 32.3 - May 24, 2020
Author: Damien Giry
Approved by Prof. Jean-Jacques Quisquater
Contact:
Surveys of laws and regulations on cryptology: Crypto Law Survey / Digital Signature Law Survey.
Bibliography[1] Selecting Cryptographic Key Sizes, Arjen K. Lenstra and Eric R. Verheul, Journal Of Cryptology, vol. 14, p. 255-293, 2001.
[2] Key Lengths, Arjen K. Lenstra, The Handbook of Information Security, 06/2004.
[3] Algorithms, Key Size and Protocols Report (2018), H2020-ICT-2014 – Project 645421, D5.4, ECRYPT-CSA, 02/2018.
[4] Recommendation for Key Management, Special Publication 800-57 Part 1 Rev. 5, NIST, 05/2020.
[5] Mécanismes cryptographiques - Règles et recommandations, Rev. 2.03, ANSSI , 02/2014.
[6] Commercial National Security Algorithm, National Security Agency (NSA), 01/2016.
[7] Determining Strengths for Public Keys Used for Exchanging Symmetric Keys, RFC 3766, H. Orman and P. Hoffman, 04/2004.
[8] Cryptographic Mechanisms: Recommendations and Key Lengths, TR-02102-1 v2020-01, BSI, 03/2020.
Privacy Policy  |  Disclaimer / Copyright  |  Release Notes