3

I've been asked to generate a public key with PuTTY key generator. The default is 2048 bits, should I add additional bits to the generated key? Or is it unnecessary?

Vilican
  • 2,703
  • 8
  • 21
  • 35
leeand00
  • 1,297
  • 1
  • 13
  • 21

3 Answers3

6

There seems to be a convention of using power of 2 keysizes, it's not strictly required but it seems to be the norm.

The best known way to attack RSA is to factor the modulus to get p and q, once p and q are known it's trivial to reconstruct the rest of the private key. How difficult that factorisation is depends on the size of the modulus.

512 has been factored by hobbyists.
768 bit has been factored by researchers in a public challange.
1024 can probablly be factored now by well-funded orgnisations but noone has publically admitted doing it.
2048 is generally thought to be secure for the time being.
4096 is what the more paranoid go for, especially for long lived keys.

Personally I use 4096 for all newly generated keys.

Peter Green
  • 4,918
  • 1
  • 21
  • 26
3

1024 is considered the minimum key size for RSA at the current time. For general purposes i would say that 2048 is enough. However, if you will use this key to transfer highly sensible data (e.g. related to bank accounts or important server passwords etc..) I´d go with 4096 bits.

marstato
  • 2,237
  • 14
  • 11
  • Well, bare in mind that many some systems are not compatible with a 4096bit key strenght. Also in terms of overhead, it requires more processing power. c.f. https://certsimple.com/blog/measuring-ssl-rsa-keys – Florian Bidabé Nov 20 '15 at 22:53
1

Depending on how paranoid you are and how secure the server needs to be, 2048 should be enough. It's going to take many years for someone to break that.

BadSkillz
  • 4,404
  • 24
  • 29