Typical key sizes for estimated equivalent security against a particular kind of attack (brute force key space search) are 128 bits for symmetric ciphers and 2056 bits or more for public key cryptography. One public key algorithm type may need much small sized keys for equivalent security, but elliptic assymmetric key algorithms have only been known for a relatively short time and current estimates of the difficulty of brute force searching for their keys may not survive.
A good cryptographic algorithm is such that it will be secure provided the key is kept secret, even if all other details of the system are assumed to be known to an attacker.
If the key size is too small, the algorithm may be vulnerable to a 'brute-force' attack in which all possible values of the key are tried one by one, or a 'birthday' attack, where the fact that probability of a collision between a large group of values goes up roughly as the square of the number of possible values. Many algorithms permit reduced effort attacks as compared to brute force search. If the effort is sufficiently reduced, the algorithm will be 'insecure' against that improved attack and should not be used. It may be expected that algorithms for which no improved attack is now known, and for which a brute force attack is impractical, will be found to be insecure when some new cryptoanalytic technique is developed. The problem of choosing a cryptographic algorithm reduces itself, in practice, to estimates of how likely such an advance will be over the relevant time. Personal secrets need be kept confidental for different durations than tactical deployment information in a battle, and still differently than some commercially valuable information (eg, the formula for Coke).
![[Home]](wikipedia.png)