No, I do not have numbers to back it up, that is why my guess is that 3K-RSA is the next step after 2K-RSA. It also depends on what data you are planning to transport, and in what kind of organisation you are.
2014-09-09 18:21 GMT+02:00 Viktor Dukhovni <openssl-us...@dukhovni.org>: > On Tue, Sep 09, 2014 at 05:54:15PM +0200, Jeroen de Neef wrote: > > > I think that 3K-RSA is the next step after 2K-RSA, and I am sure that the > > computational costs of a 4K-RSA certificate is much of an obstruction > with > > current hardware and I think that it isn't a problem at all a couple > years > > in the future. > > Have any numbers to back that up? The performance ratios are likely > similar for recent and not so recent CPUs: > > sign verify sign/s verify/s > rsa 1024 bits 0.000385s 0.000025s 2599.2 40210.7 > rsa 2048 bits 0.002494s 0.000078s 401.0 12762.7 > rsa 4096 bits 0.017500s 0.000284s 57.1 3527.3 > > On my CPU the sign/s ratios for the two steps are 6.5 and 7.0, > which are quite significant. The performance gulf between 1024 > and 4096 is rather wide, while the security gain from 2048 to 4096 > is far from clear. > > -- > Viktor. > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >