Asymmetric Key Size
「 Overview 」
Recommended 「 In Order 」
256-bit
The key size for X25519, which provides a ~128-bit security level.
Why am I recommending this when I recommend 256-bit keys,
a 256-bit security level, for symmetric encryption?
Because X25519 is faster, more common, and more accessible than X448.
If quantum computers do come along, then ECC and RSA will be broken regardless
of the key size anyway, so many people feel less of a need to use a higher
security level curve considering that 128-bit security is currently enough.
456-bit
The key size for X448, which provides a 224-bit security level.
3072-bit / 4096-bit
If you’re forced to use RSA, then the minimum key size should be 3072-bit,
which is the key size currently used by the NSA and recommended by ECRYPT
for near term protection.
The maximum should be 4096-bit because the performance is really bad after that.
However, seriously don’t use RSA!
Avoid 「 Unordered | All Unsuitable 」
1024-bit
These are no longer secure.
2048-bit
These only provide a 112-bit security level, which is below the standard
128-bit security level. Therefore, whilst commonly used and still safe as
a minimum RSA key size, it makes sense to use 3072-bit keys instead.
8192-bit
These are slow to generate and excessive to store.
Post-quantum Algorithm Key Sizes
These algorithms are still being researched, and the
key sizes are very large compared to those for ECDH.