In most cryptographic functions, the key length is an important security parameter. Both academic and private organizations provide recommendations and mathematical formulas to approximate the minimum key size requirement for security. Despite the availability of these publications, choosing an appropriate key size to protect your system from attacks remains a headache as you need to read and understand all these papers.

This web site implements mathematical formulas and summarizes reports from well-known organizations allowing you to quickly evaluate the minimum security requirements for your system. You can also easily compare all these techniques and find the appropriate key length for your desired level of protection. The lengths provided here are designed to resist mathematic attacks; they do not take algorithmic attacks, hardware flaws, etc. into account.

• 128-bit is the recommended symmetric size.
• 64-bit is the minimal bloc length for bloc ciphers (128-bit recommended and mandatory after 2020).
• It is counseled to use bloc ciphers instead of stream ciphers.
• Encryption algorithm: AES-CBC (FIPS 197)
• Authentication and integrity algorithm: CBC-MAC "retail" with AES and 2 distinct keys.

• For RSA encryption, public exponents must be strictly higher than 2¹⁶=65536.
• The secret exponents must have the same length as the modulus (3072-bit recommended).
• The prime factors of the RSA modulus must be chosen uniformly at random among the integers that are half the size of the modulus.
• Encryption algorithm: RSAES-OAEP (PKCS#1)
• Signature algorithm: RSA-SSA-PSS (PKCS#1)
• Signature algorithm: ECDSA/ECKCDSA with FRP256v1 or P-256, P-384, P-521, B-283, B-409, B-571 in FIPS 186-4
• Elliptic curves GF(p): FRP256v1 and P-256, P-384, P-521 in FIPS 186-4
• Elliptic curves GF(2ⁿ): B-283, B-409 and B-571 (FIPS 186-4)