Am Freitag, den 14.08.2015, 11:07 +0100 schrieb Stuart Henderson: > Is 4096-bit overkill? When we updated ssl(8) we settled on 2048-bit > though > that's more aimed at https where response time is more important.
http://www.keylength.com/en/ gives an overview about the keylength recommendations of the mayor studies and standards institutes. Most cited studies recommend 2048 bit moduli for the long term. bettercrypto.org recommends 4096 bit for RSA. In their 2015 report, the German Federal Office for Information Security (BSI) just increased their recommended RSA keysize from 2000 to 3000 bits for the usage after 2016. ENISA recommends "3072 bits (or more)" in their 2014 report on "Algorithms, key size and parameters". NIST (2015) goes for 2048 (or 3072). IETF recommends at "least a 2048-bit" in RFC7527/BCP195. So you may pick whom you trust, use the upper boundary of 3072 bit or round up to 4096 bits. -- David Dahlberg Fraunhofer FKIE, Dept. Communication Systems (KOM) | Tel: +49-228-9435-845 Fraunhoferstr. 20, 53343 Wachtberg, Germany | Fax: +49-228-856277
