In most cryptographic functions, the key length is an important security parameter. Both academic and private organizations provide recommendations and mathematical formulas to approximate the minimum key size requirement for security. Despite the availability of these publications, choosing an appropriate key size to protect your system from attacks remains a headache as you need to read and understand all these papers.

This web site implements mathematical formulas and summarizes reports from well-known organizations allowing you to quickly evaluate the minimum security requirements for your system. You can also easily compare all these techniques and find the appropriate key length for your desired level of protection. The lengths provided here are designed to resist mathematic attacks; they do not take algorithmic attacks, hardware flaws, etc. into account.

• 128-bit is the recommended symmetric size.
• 64-bit is the minimal bloc length for bloc ciphers (128-bit after 2020).
• It is counseled to use bloc ciphers instead of stream ciphers.
• Encryption algorithm: AES-CBC (FIPS 197)
• Authentication and integrity algorithm: CBC-MAC "retail" with AES and 2 distinct keys.

• For encryption, public exponents must be strictly higher than 2¹⁶=65536.
• Secret exponents must have the same length as the module.
• Encryption algorithm: RSAES-OAEP (PKCS#1 v2.1)
• Signature algorithm: RSA-SSA-PSS (PKCS#1 v2.1)
• Signature algorithm: ECDSA with P-256, P-384, P-521, B-283, B-409 or B-571 (FIPS 186-2)
• Elliptic curves GF(p): P-256, P-384 and P-521 (FIPS 186-2)
• Elliptic curves GF(2ⁿ): B-283, B-409 and B-571 (FIPS 186-2)