Cryptography for Network and Information Security

Previous Topic Next Topic

Public Key Length

Given a key of the same length, public key cryptography generally is more susceptible to attack than symmetric key cryptography, particularly to factoring attacks. In a factoring attack, the attacker tries all of the combinations of numbers that can be used with the algorithm to decrypt ciphertext. Factoring attacks are similar to key search attacks, but the number of possible factors varies with each algorithm and with the length of the public key and private key that are used. In general, for a given key length, a factoring attack on a public key requires fewer attempts to be successful than a key search attack on a symmetric key.

Although a 128-bit, symmetric key is generally considered unbreakable today, a 256-bit public key offers no protection from a knowledgeable attacker. As the size of public keys and private keys are increased, the effort required to compromise the keys by factoring attacks increases greatly — but at less than the exponential rate for symmetric keys. Therefore, the minimum length of public keys recommended for use today is 512 bits. However, to protect valuable information and highly confidential communications, it is recommended that you use public keys longer than 512 bits when feasible.


note-icon

Note

Using large public and private keys can have the adverse effect of placing a significantly higher performance load on computer processors. To ensure adequate performance of large keys, be sure to test proposed public keys in a controlled environment prior to deployment.

Public key cryptography is also more susceptible to attack because the public key encryption algorithms are more likely to produce patterns and clues in the ciphertext that help attackers decipher the plaintext with cryptanalysis. Furthermore, the public key is available for attackers to exploit in their attempts to crack the private key.

In addition, because public key algorithms are based on difficult-to-prove mathematical anomalies and number theory, an attacker might be able to discover an unforeseen shortcut for resolving the mathematical problem that provides the basis for a public key algorithm. If so, an attacker might break a public key cryptography scheme in less time than cryptography experts had predicted it would take and could keep the shortcut a secret.

© 1985-2000 Microsoft Corporation. All rights reserved.