The Minimum Key Length Recommendations for Variable Length Algorithms Comparable Algorithm Strengths The security strength of a symmetric algorithm for a given key is typically defined as the amount of work to attack the key without any short cut. Cryptography algorithms provide different security strengths depending on the algorithm and the key size chosen. Two algorithms are said to have the same comparable strength if the amount of work to break the algorithms or determine the keys is approximately the same using a given resource. Bits of Security and Key Size The key size and the bits of security are not same. A symmetric algorithm of key size X without short cut attacks (try all keys) is said to have security strength of X bits. E.g AES 128 has security strength of 128 bits. An asymmetric algorithm of key size Y is said to have security strength of X bits if it has the comparable algorithm strength of a symmetric algorithm of key size X. An RSA with key size 1024 has security strength of 80 bits. Recommendations for the Key Sizes for Respective Algorithms Year Bits of Security Symmetric Key Algorithms Through 2010 80 Triple DES AES 128/192/256 Asymmetric IFC Algorithms (RSA) Min: key size = 1024 Through 2030 112 Triple DES AES 128/192/256 Min: key size = 2048 Beyond 2030 128 AES 128/192/256 Min: key size = 3072 Asymmetric FFC Algorithms (DSA, D-H) Min: L = 1024 N = 160 Min: L = 2048 N = 224 Min: L = 3072 N = 256 IFC: Integer Factorization Cryptography FFC: Finite Field Cryptography D-H: Diffie-Hellman L: the public key length N: the private key length Reference: 1. National Institute of Standards and Technology Special Publication 800-57, Recommendation of Key Management – Part 1: General, March, 2007, page 66. 2. Digital Signature Standard (DSS), Federal Information Processing Standards Publication FIPS PUB 186-3, June 2009