Welcome to the most active Linux Forum on the web.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 12-13-2002, 04:04 PM   #1
Registered: May 2002
Location: South Africa
Distribution: Gentoo
Posts: 103

Rep: Reputation: 15
rsa private key keysize - how big?

Hallo all

I'm currently generating a set of certificates for use on a server we have on which we are running a server we wrote. I would now like to know how big the rsa keylength has to be for it to be secure. I read that keysizes less than 1024 should be considered insecure. For testing we used keysizes of excactly 1024, is there any reason to use bigger keys than this?

We use openssl to generate these keys as follows:

dd if=/dev/random of=./randfile count=1
openssl genrsa -out ./key.pem -rand ./randfile 1024

Is there any reason to enlarge the 1024?

Old 12-14-2002, 09:45 AM   #2
Registered: Aug 2001
Location: Off the coast of Madadascar
Posts: 498

Rep: Reputation: 30
Well you say it is a server. So you won't want to change it often because that disrupt the users. SO a key size of 2048 or bigger will take you for a long period of time. Maybe someone else has a better answer than I do.

Old 12-14-2002, 03:05 PM   #3
Registered: May 2002
Location: South Africa
Distribution: Gentoo
Posts: 103

Original Poster
Rep: Reputation: 15
Yep, well, for now I'll just stick to 1024 (while we are still testing) and will try and find out more. I would really like to get hold of some kind of guidelines for choosing key sizes for different algorithms but I seem to be unable to find any. And anyway, what defines secure? For one, take SHA, it is computationally infeasable to construct two strings that hash to the same value, but it is still possible - but it is so unlikely to succeed (1/2^160 to get a string to hash to a specific value, about 1 * 10 ^ -50 iirc) that I for one would not bother trying. RSA keys are however not quite the same, the private components must be prime, and thus there are not truly 2 ^ 1024 possible keys. In addition you would like to stay away from boundaries (would prefer to have an approximately equal number of 0's and 1's). So the question remains, how do you pick the keysizes?


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Which is better RSA or DSA public key? tarballedtux Linux - Security 12 02-03-2009 06:15 AM
failed ssh RSA key authentication jdarren Linux - Networking 15 07-06-2008 10:25 AM
RSA host key for has changed ssharma_02 Red Hat 3 11-15-2006 09:55 AM
ssh RSA key thanat0s Linux - Security 3 09-29-2003 09:51 PM
RSA public key encryption/private key decription koningshoed Linux - Security 1 08-08-2002 07:25 AM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:04 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration