In TLS, since a lot of algorithms are involved, it is not easy to set a consistent security level. For this reason this section will present some correspondance between key sizes of symmetric algorithms and public key algorithms based on the most conservative values of [SELKEY] (see Bibliography). Those can be used to generate certificates with appropriate key sizes as well as parameters for Diffie-Hellman and SRP authentication.
| Year | Symmetric key size | RSA key size, DH and SRP prime size | ECC key size
|
| 1982 | 56 | 417 | 105
|
| 1988 | 61 | 566 | 114
|
| 2002 | 72 | 1028 | 139
|
| 2015 | 82 | 1613 | 173
|
| 2028 | 92 | 2362 | 210
|
| 2040 | 101 | 3214 | 244
|
| 2050 | 109 | 4047 | 272
|
The first column provides an estimation of the year until these parameters are considered safe and the rest of the columns list the parameters for the various algorithms.
Note however that the values suggested here are nothing more than an educated guess that is valid today. There are no guarrantees that an algorithm will remain unbreakable or that these values will remain constant in time. There could be scientific breakthroughs that cannot be predicted or total failure of the current public key systems by quantum computers. On the other hand though the cryptosystems used in TLS are selected in a conservative way and such catastrophic breakthroughs or failures are believed to be unlikely.
NIST publication SP 800-57 [NISTSP80057] (see Bibliography) contains a similar table that extends beyond the key sizes given above.
| Bits of security | Symmetric key algorithms | RSA key size, DSA, DH and SRP prime size | ECC key size
|
| 80 | 2TDEA | 1024 | 160-223
|
| 112 | 3DES | 2048 | 224-255
|
| 128 | AES-128 | 3072 | 256-383
|
| 192 | AES-192 | 7680 | 384-511
|
| 256 | AES-256 | 15360 | 512+
|
The recommendations are fairly consistent.