Cryptographic Key Length Recommendation

In most cryptographic functions, the key length is an important security parameter. Both academic and private organizations provide recommendations and mathematical formulas to approximate the minimum key size requirement for security. Despite the availability of these publications, choosing an appropriate key size to protect your system from attacks remains a headache as you need to read and understand all these papers.

This web site implements mathematical formulas and summarizes reports from well-known organizations allowing you to quickly evaluate the minimum security requirements for your system. You can also easily compare all these techniques and find the appropriate key length for your desired level of protection. The lengths provided here are designed to resist mathematic attacks; they do not take algorithmic attacks, hardware flaws, etc. into account.

Choose a Method
This report [8] describes recommendations from the German federal office for information security, BSI. It provides optimal cryptographic key length for electronic signature algorithm.
Date Factoring
Discrete Logarithm
Key Group
Elliptic Curve Hash
2014 - 2015 1976
224 2048
2016 - 2021 1976
256 2048
> 2021 1976
256 2048
All key sizes are provided in bits. These are the minimal sizes for security.
Click on a value to compare it with other methods.
(*) For digital certificates verification only.
Remarks for RSA:
  • Recommended algorithm: ISO/IEC 14888-2
  • For long-term security level, 2048 bits is recommended.
Remarks for discrete logarithm:Remarks and recommended algorithms for elliptic curve:This report must be used for cryptographic key length in electronic signatures only.
© 2015 BlueKrypt - v 28.6 - February 26, 2015
Author: Damien Giry
Approved by Prof. Jean-Jacques Quisquater
Surveys of laws and regulations on cryptology: Crypto Law Survey / Digital Signature Law Survey.
Bibliography[1] Selecting Cryptographic Key Sizes, Arjen K. Lenstra and Eric R. Verheul, Journal Of Cryptology, vol. 14, p. 255-293, 2001.
[2] Key Lengths, Arjen K. Lenstra, The Handbook of Information Security, 06/2004.
[3] Yearly Report on Algorithms and Keysizes (2012), D.SPA.20 Rev. 1.0, ICT-2007-216676 ECRYPT II, 09/2012.
[4] Recommendation for Key Management, Special Publication 800-57 Part 1 Rev. 3, NIST, 07/2012.
[5] Mécanismes cryptographiques - Règles et recommandations, Rev. 2.03, ANSSI , 02/2014.
[6] Fact Sheet Suite B Cryptography, NSA, 09/2014.
[7] Determining Strengths for Public Keys Used for Exchanging Symmetric Keys, RFC 3766, H. Orman and P. Hoffman, 04/2004.
[8] Algorithms for Qualified Electronic Signatures, BNetzA, BSI, 01/2014 updated with BSI Draft, 10/2014.
Privacy Policy (P3P)  |  Disclaimer / Copyright  |  Release Notes