I believe it's a matter of efficiency. There are optimisations that can be performed on the math of integers of length power-of-2. It's possible that there are implementations out there that won't work with non-standard sizes.
I have seen 4096 bit keys in the wild. In fact, the Microsoft Root Certificate Authority key in the Microsoft Certificate Store is 4096 bits in length. Steven -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Victor Duchovni Sent: Wednesday, 17 August 2005 4:45 PM To: openssl-users@openssl.org Subject: Re: RSA key sizes On Wed, Aug 17, 2005 at 02:21:30PM +0800, Tan Eng Ten wrote: > This is a general crypto question and I hope someone could help me > out. > > Often we use RSA of 512, 1024, 2048, 4096, etc. bit lengths. Are > other sizes such as 520/1045 bit "valid"? Mathematically, it should > work, but are there reasons why odd sizes are not to be used? Well RSA 512 is not (or should not be) used. As for the others, 768 is in fact used, then 1024 and 2048, I've not seen 4096 in real applications, one is likely better off with a different algorithm at that point. Non-standard sizes add no value, each incremental "standard" key size supports a particular expected security range. Stick to the standard sizes. -- Viktor. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
