The RSA algorithm for asymmetric encryption has been publicly available since 1977. It has been used over the years for key exchange, as digital signatures, and to encrypt small blocks of data. Today, RSA is primarily used to “encrypt the session key used for secret key encryption (message integrity) or the message’s hash value (digital signature)”.
The current NIST standards specify that the RSA key size should be a minimum 2048-bit or preferably a higher 3072-bit.
Not too many years ago, the standard was 1024-bit and even 512-bit. RSA algorithm is, however, mathematically fallible, and given enough time and computational resources they can be reverse engineered by factoring.
In 1999, 512-bit RSA was first factored using one supercomputer and hundreds of other computers in a period of seven months. Today, a 512-bit RSA can be factored in four hours with a personal computer.
Moore’s Law edicts hold that “computing power doubles every 18 months or so”, and thus given the current prowess of our hardware, we would need a 3072-bit RSA key to make the encryption secure. And in the coming years, and as the computer infrastructure continue to evolve, we will require the RSA keys to proportionally grow.
The key length is determined by calculating complex equations and integral calculations considering the time and infrastructure needed to factor it. It should be long enough to make it extremely difficult to break, and yet not slow down the system implementing it, as RSA is a notoriously “slow” algorithm.
- Kessler, G. C. (2017, January 24). An Overview of Cryptography. Retrieved from http://www.garykessler.net/library/crypto.htm
- Timothy, W. P., & Dodson, D. F. (2015). Cryptographic Algorithms and Key Sizes for Personal Identity Verification. NIST Special Publication 800-78-4, 7-7. Retrieved from http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-78-4.pdf
- Goodin, D. (2015, October 20). Breaking 512-bit RSA with Amazon EC2 is a cinch. So why all the weak keys? Retrieved from https://arstechnica.com/security/2015/10/breaking-512-bit-rsa-with-amazon-ec2-is-a-cinch-so-why-all-the-weak-keys/
- Moore’s law. (n.d.). Retrieved from https://en.wikipedia.org/wiki/Moore%27s_law