Cryptographic Key Length Recommendation

In most cryptographic functions, the key length is an important security parameter. Both academic and private organizations provide recommendations and mathematical formulas to approximate the minimum key size requirement for security. Despite the availability of these publications, choosing an appropriate key size to protect your system from attacks remains a headache as you need to read and understand all these papers.

This web site implements mathematical formulas and summarizes reports from well-known organizations allowing you to quickly evaluate the minimum security requirements for your system. You can also easily compare all these techniques and find the appropriate key length for your desired level of protection. The lengths provided here are designed to resist mathematic attacks; they do not take algorithmic attacks, hardware flaws, etc. into account.

Choose a Method
1   Reference for the comparison
You can enter the year until when your system should be protected and see the corresponding key sizes or you can enter a key/hash/group size and see until when you would be protected.
2
Method Date Symmetric Factoring
Modulus
Discrete Logarithm
Key Group
Elliptic Curve Hash
[1] Lenstra / Verheul (?) 2018 84
1771 1376
149 1771
158 168
[2] Lenstra Updated (?) 2018 80
1329 1478
160 1329
160 160
[3] ECRYPT 2018 - 2028 128 3072
256 3072
256 256
[4] NIST 2016 - 2030 112 2048
224 2048
224 224
[5] ANSSI 2014 - 2020 100 2048
200 2048
200 200
[6] IAD-NSA - 256 3072
- -
384 384
[7] RFC3766 (?) - - -
- -
- -
[8] BSI 2018 - 2022 128 2000
250 2000
250 256
All key sizes are provided in bits. These are the minimal sizes for security.
© 2018 BlueKrypt - v 31.0 - June 10, 2018
Author: Damien Giry
Approved by Prof. Jean-Jacques Quisquater
Contact:
I would like to thank Prof. Arjen K. Lenstra for his kind authorization and comments.
Surveys of laws and regulations on cryptology: Crypto Law Survey / Digital Signature Law Survey.
Bibliography[1] Selecting Cryptographic Key Sizes, Arjen K. Lenstra and Eric R. Verheul, Journal Of Cryptology, vol. 14, p. 255-293, 2001.
[2] Key Lengths, Arjen K. Lenstra, The Handbook of Information Security, 06/2004.
[3] Algorithms, Key Size and Protocols Report (2018), H2020-ICT-2014 – Project 645421, D5.4, ECRYPT-CSA, 02/2018.
[4] Recommendation for Key Management, Special Publication 800-57 Part 1 Rev. 4, NIST, 01/2016.
[5] Mécanismes cryptographiques - Règles et recommandations, Rev. 2.03, ANSSI , 02/2014.
[6] Commercial National Security Algorithm, Information Assurance Directorate at the NSA, 01/2016.
[7] Determining Strengths for Public Keys Used for Exchanging Symmetric Keys, RFC 3766, H. Orman and P. Hoffman, 04/2004.
[8] Kryptographische Verfahren: Empfehlungen und Schlüssellängen, TR-02102-1 v2018-02, BSI, 05/2018.
Privacy Policy (P3P)  |  Disclaimer / Copyright  |  Release Notes