Perhaps some on this list are better qualified than me to answer this question, but this is my $0.02.
Generally speaking, higher-bit key lengths (than 2048) become much slower when used on embedded hardware (even high-end smartphones). In some cases it may be impossible to support keys longer than 2048 bits due to hardware constraints (i.e. smart meters, security cards, etc). I believe that the Fortinet firewalls support SSL offloading up to only 2048 bit key length. On the other extreme, an 8192-bit RSA key for an Apache server will cause a user-noticeable delay on an otherwise unloaded server while performing the initial handshake. Large numbers of sessions would bring such an installation to its knees. A denial of service attack would be easy to accomplish against such a configuration. A 4096-bit key seems a bit extreme as well, but is probably useful for low-volume installations where key material must have high assurance. Last I heard, the largest key which has been publicly factored was 768 bits. Unless practical quantum computers become available, a 2048-bit key should be more than sufficient for most use cases. Mike On Thu, Feb 21, 2013 at 11:38 PM, Ashok C <ash....@gmail.com> wrote: > Hi, > > What is the current industry standard for private key lengths? > As of now, my application supports 2048 bit-wide keys. > I'm planning to support higher key lengths now, and want your suggestions > on how big a key I should support? > > -- > Ashok >
