Perhaps some on this list are better qualified than me to answer this
question, but this is my $0.02.
Generally speaking, higher-bit key lengths (than 2048) become much slower
when used on embedded hardware (even high-end smartphones). In some cases
it may be impossible to support keys longer than 2048 bits due to hardware
constraints (i.e. smart meters, security cards, etc). I believe that the
Fortinet firewalls support SSL offloading up to only 2048 bit key length.
On the other extreme, an 8192-bit RSA key for an Apache server will cause a
user-noticeable delay on an otherwise unloaded server while performing the
initial handshake. Large numbers of sessions would bring such an
installation to its knees. A denial of service attack would be easy to
accomplish against such a configuration.
A 4096-bit key seems a bit extreme as well, but is probably useful for
low-volume installations where key material must have high assurance. Last
I heard, the largest key which has been publicly factored was 768 bits.
Unless practical quantum computers become available, a 2048-bit key should
be more than sufficient for most use cases.
Mike
On Thu, Feb 21, 2013 at 11:38 PM, Ashok C ash@gmail.com wrote:
Hi,
What is the current industry standard for private key lengths?
As of now, my application supports 2048 bit-wide keys.
I'm planning to support higher key lengths now, and want your suggestions
on how big a key I should support?
--
Ashok