Why not use larger cipher keys?

  • RSA Security commonly uses keys of sizes 1024-bit, 2048-bit or even 3072-bit. And most Symmetric algorithms only between 112-bit and 256-bit. I do realize that the current keys are secure enough for today's hardware, but as computers get faster, should we not consider an insanely large key size like a million bits or so to protect ourselves against super computer systems that has not been invented yet?

    So in other words what is the consequences of choosing a cipher key that is too large and why does everyone restrict their key sizes?

    There is the page 32 of this document from the enisa about the worth of longer keys in the case of RSA.

  • Fredefl

    Fredefl Correct answer

    8 years ago

    The reason why RSA keys are so small is that:

    With every doubling of the RSA key length, decryption is 6-7 times times slower.

    So this is just another of the security-convenience tradeoffs. Here's a graph: RSA Decryption time by key length

    Source: http://www.javamex.com/tutorials/cryptography/rsa_key_length.shtml

    +1. Using big key lengths for "offline" asymmetric crypto (like PGP) is often applied, but for "online" key-exchanges, a 2048-bit key for 30-year security is sufficient for most applications, and doesn't annoy the user with a 2-minute wait during the SSL handshake.

    Keep in mind that asymmetric cyphers are usually used only to protect symmetric session keys, so this increase in asymmetric cypher decryption time is not *that* dramatic in practice.

    But when you bear in mind that Browsers are already resorting to dirty tricks like DNS prefetching and just-in-time compiling javascript, you'll realize that the cost of going from 4096-bit keys to 65536-bit keys matters. And also, since the best known attacks on 2048-bit RSA is more work than brute-forcing the AES-256 key, there's no cryptographic benefit to doing it either.

    @SecurityMatt Any source for that claim? The claims I heard is that breaking 2048 bit RSA is about as hard as breaking a 112 bit symmetric algo, not harder than breaking 256 bit encryption.

    @SecurityMatt *yet...*

    Do you have similar graphs for EEC and AES?

License under CC-BY-SA with attribution


Content dated before 6/26/2020 9:53 AM