Hallo all

I'm currently generating a set of certificates for use on a server we have on which we are running a server we wrote. I would now like to know how big the rsa keylength has to be for it to be secure. I read that keysizes less than 1024 should be considered insecure. For testing we used keysizes of excactly 1024, is there any reason to use bigger keys than this?

We use openssl to generate these keys as follows:

dd if=/dev/random of=./randfile count=1
openssl genrsa -out ./key.pem -rand ./randfile 1024

Is there any reason to enlarge the 1024?

koningshoed

Well you say it is a server. So you won't want to change it often because that disrupt the users. SO a key size of 2048 or bigger will take you for a long period of time. Maybe someone else has a better answer than I do.


--tarballedtux

Yep, well, for now I'll just stick to 1024 (while we are still testing) and will try and find out more. I would really like to get hold of some kind of guidelines for choosing key sizes for different algorithms but I seem to be unable to find any. And anyway, what defines secure? For one, take SHA, it is computationally infeasable to construct two strings that hash to the same value, but it is still possible - but it is so unlikely to succeed (1/2^160 to get a string to hash to a specific value, about 1 * 10 ^ -50 iirc) that I for one would not bother trying. RSA keys are however not quite the same, the private components must be prime, and thus there are not truly 2 ^ 1024 possible keys. In addition you would like to stay away from boundaries (would prefer to have an approximately equal number of 0's and 1's). So the question remains, how do you pick the keysizes?