Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2003
Views
0
Helpful
2
Replies

crypto key bit length ?

Go to solution
tedauction
Level 1
Level 1

‎03-09-2017 03:02 PM - edited ‎03-08-2019 09:41 AM

Hello, when generating crypto keys on newly purchased switches and routers, are most people these days using 2048 length or still 1024 ?

Thanks kindly.

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Milos Megis
Level 3
Level 3

‎03-10-2017 01:14 AM

Hi,
technically for SSH v2 you need at least 768 bits.

1024 bits should be secure, but if you want to use this key as long term (tens of years) without need to change it, then choose as much as it is supported on device.
I think that it is 4096 bit what takes about 5 minutes to generate key.

But network devices are usually replaced after 10 - 15 years so 2048 bits length key should be secure during whole time, and it will be generated in few seconds.
(When you will replace device, you will have to change also key)

Everything above is just my opinion, so if I am wrong please correct me someone.
(And regarding question I prefer 2048 bit key)

View solution in original post

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP

‎03-10-2017 10:46 AM

Many publications recommend a minimum of 2048 bit. (one good ressource is https://www.keylength.com). I would say if someone is using a keylength below this nowadays, he/she doesn't care about security.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Milos Megis
Level 3
Level 3

‎03-10-2017 01:14 AM

Hi,
technically for SSH v2 you need at least 768 bits.

1024 bits should be secure, but if you want to use this key as long term (tens of years) without need to change it, then choose as much as it is supported on device.
I think that it is 4096 bit what takes about 5 minutes to generate key.

But network devices are usually replaced after 10 - 15 years so 2048 bits length key should be secure during whole time, and it will be generated in few seconds.
(When you will replace device, you will have to change also key)

Everything above is just my opinion, so if I am wrong please correct me someone.
(And regarding question I prefer 2048 bit key)

0 Helpful

Go to solution
Karsten Iwen
VIP
VIP

‎03-10-2017 10:46 AM

Many publications recommend a minimum of 2048 bit. (one good ressource is https://www.keylength.com). I would say if someone is using a keylength below this nowadays, he/she doesn't care about security.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card