The Call of the Open Sidewalk

From a place slightly to the side of the more popular path

User Tools

Site Tools


pgpfan:2048

This is an old revision of the document!


2048 Bit RSA Keys

If you generate a public/private keypair with a recent version of GPG you get a 2048 bit RSA key. That fact generates a surprising amount of angst.

Currently (2020) the largest RSA key ever actually broken was 829 bits long1). Using a random cost off the net for AWS compute capacity the cost works out to around one million USD.

So how much harder would it be to break a 2048 bit RSA key?

RFC3766 gives a method that produces an equivalent “symmetric” key strength. This2) website did the work and produced 65 bits for 829 bit RSA and 103 bits for 2048 bit RSA. That's a difference of 38 bits. Every time you add a bit to a symmetric cipher you double the brute force (guessing) effort required to break it. With 38 doublings we have an extra difficulty factor of 275 billion. So it is unlikely that anyone will be breaking 2048 bit RSA any time soon. But what about later?

There are organizations that produce authoritative looking lists of key sizes VS dates. The idea is that you decide how long you want your data to be secure, look up the date and choose the resulting key size. Such lists are unlikely to be better than the sort of guessing anyone could do.

That is particularly true now that we are coming up against the hard physical limits of the silicon based technology we use for computing. Moore's law is no longer useful for predicting future computing capability. Further significant progress will require a new technology; an invention. Such an invention could come anytime between now and never.

In the same way, further improvements in software methods of breaking RSA will require an invention and the field has kind of gone cold. There have been no significant improvements in 15-10 years. A breakthrough could come anytime between now and never.

A plan based on a future invention is no more than wishful thinking. There is no reason to think that more RSA bits could help in any way that would matter. There is no reason to think that another method would somehow be better. As a result I have no rational reason to not accept the default of 2048 RSA as suggested by GPG.

PGP FAN index

2)
Set to “Enter a factoring modulus size” and hit the “Compare” button
pgpfan/2048.1591837648.txt.gz · Last modified: 2020/06/11 01:07 by b.walzer