What RSA key size is recommended today?

NIST recommends a minimum of 2048-bit RSA for general use through 2030, and 3072-bit or higher beyond that. For long-lived secrets or high-security contexts, 4096-bit is common. Key sizes below 2048 bits are deprecated.

Why is 1024-bit RSA no longer safe?

A 1024-bit RSA key provides only about 80 bits of security, which falls below the modern 112-bit minimum threshold. Factoring 1024-bit numbers is within reach of well-funded adversaries, and major CAs stopped issuing 1024-bit certificates in 2013.

Is 4096-bit RSA overkill?

For most applications 2048-bit is sufficient today. 4096-bit offers a larger safety margin and is appropriate for certificate authorities, code-signing keys, or any key expected to remain secure for 10+ years. The trade-off is slower key generation and slightly higher CPU cost per operation.

What does "equivalent symmetric strength" mean?

Asymmetric algorithms like RSA are inherently weaker per-bit than symmetric algorithms like AES. The equivalent symmetric strength is the number of AES key bits that would take the same effort to brute-force. For example, RSA-2048 has roughly 112 bits of symmetric equivalent strength.

Should I use RSA or elliptic-curve cryptography (ECC)?

ECC achieves the same security level with much shorter keys (e.g., a 256-bit ECDSA key is roughly equivalent to RSA-3072). If your system supports it, ECC is preferred for performance and forward-looking security. RSA remains widely supported and is still appropriate when ECC is not an option.

How long does it take to generate an RSA key?

On a modern CPU, RSA-2048 key generation takes well under a second, RSA-4096 takes 1–5 seconds on average, and RSA-8192 can take 30+ seconds depending on hardware. Key generation is a one-time cost; signing and verification are much faster.

RSA Key Size Explainer

Name: RSA Key Size Explainer
Availability: InStock
Author: Nham Vu

Explore RSA key sizes from 512 to 8192 bits — see their security level, equivalent symmetric strength, and when to use each.

Select RSA Key Size

Choose a key size to explore its security properties.

51210242048307240968192

RSA Key Size 2048

Symmetric Equivalent 112 bits

Security Level

NIST Status

Recommended Through

Relative Sign Speed

Attack difficulty 75%

Recommendation

Suitable For

Full Comparison Table

Key Size	Sym. Equiv.	Security Rating	NIST Status	Rec. Through	Best For

Use-Case Finder

Pick your scenario to see the minimum recommended key size.

Summary

Explore RSA key sizes from 512 to 8192 bits — see their security level, equivalent symmetric strength, and when to use each.

How it works

Select an RSA key size using the slider or preset buttons at the top.
The tool displays the equivalent symmetric strength in bits (e.g., AES-112 for RSA-2048).
A security rating shows whether the key size meets current NIST guidance.
Performance impact and year-of-obsolescence estimates are shown alongside the rating.
Scroll down to the full comparison table to see all key sizes ranked side by side.
The use-case panel highlights which key size is appropriate for your specific scenario.

Use cases

Choose the right RSA key size when generating TLS/SSL certificates.
Understand why 1024-bit RSA keys are no longer considered secure.
Decide between 2048-bit and 4096-bit keys for email signing (PGP/GPG).
Learn the performance trade-offs between different RSA key lengths.
Verify that your SSH key configuration meets current security standards.
Educate teams on public-key cryptography fundamentals.
Audit existing infrastructure key sizes against NIST recommendations.
Plan migration timelines as computing power grows over time.

Frequently Asked Questions

Last updated: 2026-06-09 · Reviewed by Nham Vu