Key length defines the upper-bound on an algorithm’s security i.e., a logarithmic measure of the fastest known attack against an algorithm, relative to the key length, since the security of all algorithms can be violated by brute force attacks. Ideally, key length would coincide with the lower-bound on an algorithm’s security. Indeed, most symmetric-key algorithms are designed to have security equal to their key length. Keys are used to control the operation of a cipher so that only the correct key can convert encrypted text known as ciphertext to plaintext. The widely accepted notion that the security of the system should depend on the key alone has been explicitly formulated by Auguste Kerckhoffs in the 1880s and Claude Shannon in the 1940s, the statements are known as Kerckhoffs’ principle and Shannon’s Maxim respectively. Encryption systems are often grouped into families. Common families include symmetric systems AES and asymmetric systems RSA. As of 2003 RSA Security claims that 1024-bit RSA keys are equivalent in strength to 80-bit symmetric keys, 2048-bit RSA keys to 112-bit symmetric keys and 3072-bit RSA keys to 128-bit symmetric keys.
It is estimated, that standard desktop computing power would take 4,294,967,296 x 1.5 million years to break a 2048-bit SSL certificate
image: pixabay stock photo