Cryptography Reference
In-Depth Information
• Key length recommendations for public-key cryptography tend to be algorithm-
specific, since the security of a public-key cryptosystem depends upon the
perceived difficulty of the hard computational problem on which the algorithm
is based (for example, factoring in the case of RSA).
Key length recommendations are usually presented in terms of a combination of
potential attack environments and cover times. Table 10.1 provides an example,
showing protection profiles and recommended symmetric key lengths.
There are several issues worth noting from Table 10.1:
1. Some of the key length recommendations are specifically linked to maximum
recommended key lifetimes.
2. Although these recommendations are largely algorithm-independent, some
further specific advice is given by ECRYPT II on the use of Triple DES, since
Triple DES has a much weaker security than that suggested by its key length
(see Section 4.4.4).
It should also be noted that:
Advice on key length is not unanimous
. Ultimately these are subjective opinions,
albeit hopefully informed ones. Before choosing a key length it is advisable to
seek recommendations from more than one source.
Table 10.1:
ECRYPT II protection profiles and symmetric key lengths (2011)
Protection
Notes
Key length
1
Vulnerable to real-time attacks by individuals
Limited use
32
2
Very short term protection against small
organisations
Not for new applications
64
3
Short-term protection against medium
organisations; medium-term protection
against small organisations
72
4
Very short term protection against agencies;
long-term protection against small
organisations
Protection to 2012
80
5
Legacy standard level
Protection to 2020
96
6
Medium-term protection
Protection to 2030
112
7
Long-term protection
Protection to 2040
128
8
'Foreseeable future'
Good protection against
quantum computers
256
