Dear OpenSSL users,
I have a question about OpenSSL. Recently, I asked myself if there was a maximum bit length for the modulus of a RSA key.
I tried to type :
user@host:~$ openssl genrsa 32768
Warning: It is not recommended to use more than 16384 bit for RSA keys.
Your key size is 32768! Larger key size may behave not as expected.
Generating RSA private key, 32768 bit long modulus (2 primes)I got this warning, and I wonder why a larger key size may behave not as expected.
Could anyone explain or give resources on why this doesn't work ?
My guess is that, having the following : (M = message, C = Ciphered)
If M^e is < n, we could easily compute the original message ?
Also, I want to apologize if my question is redundant, I tried to search on GitHub and through the mailing list, but there is no search feature in the mailing list.
Have a nice day !
Grégory Widmer
PS : This question is for knowledge purpose only, I don't use RSA keys anymore (except with GPG), I prefer ECC :)
The RSA algorithm will work with keys of any length and longer is stronger.
But less than 2048 is not acceptably secure by today's standards and the sad part is that going beyond 2048 bits doesn't improve it by very much.
Add one bit to the key size of a symmetric cipher like AES and you double the work factor. Go from 128 bits to 192 and your work factor increases by 2^64 times. That is really big.
Add one bit to an RSA key size and the result is barely noticeable. And the longer the keys get, the less effect extra bits have.
2024 is considered equivalent to a 2^112 work factor
3072 gets you to roughly 2^128
So 50% more bits, 10424 of them buys you a measly 2^16 improvement.
To get to a 2^256 bit work factor you need 15360 bits.
Your computation times go up with the square of the number of bits and bignum libraries tend to be limited to 16K bits. There really isn't a good reason to go beyond 16K and a lot of stuff is going to break.
On Sun, Dec 26, 2021 at 10:22 AM Grégory Widmer via openssl-users <openssl-users@xxxxxxxxxxx> wrote:
