Someone at Microsoft just turned me on to this cool site. www.keylength.com The site lists various standards and their recommended crypto sizes. You can click on any listed crypto algorithm and see how long a crypto key of that size should remain relatively protective. It's all generic and doesn't include a large number of external factors that would impact the key's overall useful life, but it is a starting poi Someone at Microsoft just turned me on to this cool site. www.keylength.comThe site lists various standards and their recommended crypto sizes. You can click on any listed crypto algorithm and see how long a crypto key of that size should remain relatively protective. It’s all generic and doesn’t include a large number of external factors that would impact the key’s overall useful life, but it is a starting point for reference.I frequently have customers and readers ask me how long their key size should be for a particular application. It’s like asking what car someone should buy? There’s a lot of factors involved, with no single answer. In order to determine how long a particular cypto key should be you need to ask yourself many other questions first, including: What is the value of the information you are protecting?What is the security maturity of the company expecting the protection? What is the likelihood of a sustained, multi-machine crack attack?What are the regulatory requirements?How often are the keys changed? What cipher is used?Crypto ciphers are just one mechanism to prevent a confidentiality leak. What other protections do you use? How is the information protected from physical attack? Is the cipher algorithm protection mechanism implemented in hardware or software? And so on. Related content analysis The 5 types of cyber attack you're most likely to face Don't be distracted by the exploit of the week. Invest your time and money defending against the threats you're apt to confront By Roger Grimes Aug 21, 2017 7 mins Phishing Malware Social Engineering analysis 'Jump boxes' and SAWs improve security, if you set them up right Organizations consistently and reliably using one or both of these approaches have far less risk than those that do not. By Roger Grimes Jul 26, 2017 13 mins Authentication Access Control Data and Information Security analysis Attention, 'red team' hackers: Stay on target You hire elite hackers to break your defenses and expose vulnerabilities -- not to be distracted by the pursuit of obscure flaws By Roger Grimes Dec 08, 2015 4 mins Hacking Data and Information Security Network Security analysis 4 do's and don'ts for safer holiday computing It's the season for scams, hacks, and malware attacks. But contrary to what you've heard, you can avoid being a victim pretty easily By Roger Grimes Dec 01, 2015 4 mins Phishing Malware Patch Management Software Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe