I've been asked to generate a public key with PuTTY key generator. The default is 2048 bits, should I add additional bits to the generated key? Or is it unnecessary?
Asked
Active
Viewed 5,420 times
3
-
1The general guideline (at the moment) is: stick with 1024 at a minimum, go with 2048 to be safe, use 4096 if you're paranoid (and/or a government), and use more if you want to show off. – KnightOfNi Jul 01 '14 at 23:00
-
1What do you need to do with this key? – user1301428 Jul 02 '14 at 08:43
-
Lock down an HR / CRM system that will probably also be accessed for 3rd party queries. But it has HTTP Access too. – leeand00 Jul 02 '14 at 12:37
-
Sorry I meant https access. – leeand00 Jul 02 '14 at 12:46
3 Answers
6
There seems to be a convention of using power of 2 keysizes, it's not strictly required but it seems to be the norm.
The best known way to attack RSA is to factor the modulus to get p and q, once p and q are known it's trivial to reconstruct the rest of the private key. How difficult that factorisation is depends on the size of the modulus.
512 has been factored by hobbyists.
768 bit has been factored by researchers in a public challange.
1024 can probablly be factored now by well-funded orgnisations but noone has publically admitted doing it.
2048 is generally thought to be secure for the time being.
4096 is what the more paranoid go for, especially for long lived keys.
Personally I use 4096 for all newly generated keys.
Peter Green
- 4,918
- 1
- 21
- 26
3
1024 is considered the minimum key size for RSA at the current time. For general purposes i would say that 2048 is enough. However, if you will use this key to transfer highly sensible data (e.g. related to bank accounts or important server passwords etc..) I´d go with 4096 bits.
marstato
- 2,237
- 14
- 11
-
Well, bare in mind that many some systems are not compatible with a 4096bit key strenght. Also in terms of overhead, it requires more processing power. c.f. https://certsimple.com/blog/measuring-ssl-rsa-keys – Florian Bidabé Nov 20 '15 at 22:53
