What RSA key length should I use for my SSL certificates?
What RSA key length should I use for my SSL certificates?
Recently I was working on setting up an SSL certificate for a site and Internet Explorer asked me what key length I wanted to use. Usually providers offer 2048 and 4096 as their standard options so I was tempted to give it a shot to 16384. When IIS started warning me that generating the key would take forever and if I was totally sure I began to doubt myself… after all the bigger the length of the key the more processing power your webserver will need. I decided I needed to do some research on the impact something like this would have on performance.
Sadly I can’t say I was able to put a figure on the impact on the length of the key but I was able to put into perspective what the different sizes mean in terms of your protection. Now, I believe all this with time will lose relevance as history has taught us technology breakthroughs are more awesome than what we expect. For example, back in 1999 a 2048-bit key was impressive indeed and anything beyond that by any measure meaningless. People were happy with 128-bit keys walking around. fast-forward a decade and what do you have? 1024 bit keys have deemed crackable. The National Institute of Standards and Technology (NIST) has disallowed the use of 1024-bit keys after 31 December 2013 because they are insecure and already proven crackable as of 2010. RSA expected 2048-bit keys to be good until about 2030… I wonder how they’ll be feeling in a few years.
But well, in summary I think this are the conclusions we could draw:
-
Anything less than 2048 is officially insecure and at the end of this year will stop being supported by browsers so CAs are not emitting them any more.
- 4096 bit should be very good, almost guaranteed they’ll be good past 2030 as 2048 bit keys are expected to be good till then. Most people use certificates for information that in 20 years would have no relevance, and passwords I hope you already changed by then. For all practical purposes people want to protect information from being compromised immediately (like financial transactions). The credit card number you used 20 years ago is useless. Anything beyond is a very special situation.
- The 8192 bit key is some serious business. Think of: during my lifetime I don’t want this embarrassing picture from ever being decrypted sort of thing.
- The 16384 bit key is more on the side of computational power across parallel universes or quantum physics. We need a technological breakthrough that challenges our current notions of physics and the universe.
So having all this information and putting it into perspective brought me to the conclusion that a 4096 probably is good enough for me. By all means for what I use it even a 1024 bit key would suffice I don’t care or think the NSA or any hacker has the slightest interest on my information to dedicate the computing power to crack them. So rest assure, a 4096 key is a good balance between performance and security probably 2048 more so but that’s just being dull.
Once quantum computing becomes prevalent and cheap the 16384 bit key will be as useless as plaintext or posting a message on a postcard.
Absolutely, cryptography as we know it won’t be the same after quantum computing. It will be interesting to see what we come up with then to address our need for encryption and privacy. So many things rely on the current methods of cryptography that the impact of this this would easily rival and exceed that of the year 2k bug. For all practical purposes it will impact every single computer out there. It is mind blowing and I really can’t imagine what we’ll do then, so I am incredibly curious about that too.