{"id":886,"date":"2025-07-26T16:01:17","date_gmt":"2025-07-26T14:01:17","guid":{"rendered":"https:\/\/blog.koeckeis-fresel.net\/?p=886"},"modified":"2025-07-26T16:20:10","modified_gmt":"2025-07-26T14:20:10","slug":"rsa-2048-do-not-use-anymore","status":"publish","type":"post","link":"https:\/\/blog.koeckeis-fresel.net\/?p=886","title":{"rendered":"RSA 2048? Do not use anymore"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\">RSA 3072-bit vs ECC Certificates<\/h2>\n\n\n\n<p><strong>What&#8217;s Happening<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Germany&#8217;s BSI now requires RSA 3072-bit minimum (since January 2024) <\/li>\n\n\n\n<li>RSA 3072-bit = 128-bit security level<\/li>\n<\/ul>\n\n\n\n<p><strong>The Problem with RSA 3072<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Much larger certificate files (3x bigger than RSA 2048) <\/li>\n\n\n\n<li>Slower encryption\/decryption operations <\/li>\n\n\n\n<li>Higher CPU usage and battery drain <\/li>\n\n\n\n<li>Increased network overhead<\/li>\n<\/ul>\n\n\n\n<p><strong>The Better Solution: ECC P-256<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Same security level<\/strong> as RSA 3072 (128-bit) <\/li>\n\n\n\n<li><strong>Much smaller<\/strong> certificates and keys <\/li>\n\n\n\n<li><strong>Faster<\/strong> operations (better performance) <\/li>\n\n\n\n<li><strong>Lower<\/strong> resource consumption <\/li>\n\n\n\n<li><strong>Widely supported<\/strong> by modern browsers and systems<\/li>\n<\/ul>\n\n\n\n<p><strong>Security Equivalence<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>RSA 3072-bit \u2248 ECC P-256 (256-bit) <\/li>\n\n\n\n<li>Both provide 128-bit security strength <\/li>\n\n\n\n<li>Both meet current and future security requirements<\/li>\n<\/ul>\n\n\n\n<p><strong>Recommendation<\/strong> \u2705 <strong>Use ECC P-256<\/strong> for new deployments<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Better performance <\/li>\n\n\n\n<li>Smaller certificates <\/li>\n\n\n\n<li>Future-ready <\/li>\n\n\n\n<li>Mobile-friendly<\/li>\n<\/ul>\n\n\n\n<p>\u26a0\ufe0f <strong>Use RSA 3072<\/strong> only if:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Legacy system compatibility required <\/li>\n\n\n\n<li>Specific compliance mandates RSA <\/li>\n\n\n\n<li>ECC not supported in your environment<\/li>\n<\/ul>\n\n\n\n<p><strong>Bottom Line<\/strong> ECC P-256 gives you the same security as RSA 3072 with significantly better performance. Unless you have specific legacy requirements, choose ECC.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">BSI (Germany) Requirements<\/h3>\n\n\n\n<p>BSI Technical Guideline <a href=\"https:\/\/www.bsi.bund.de\/SharedDocs\/Downloads\/EN\/BSI\/Publications\/TechGuidelines\/TG02102\/BSI-TR-02102-1.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">TR-02102-1<\/a> &#8220;Cryptographic Mechanisms: Recommendations and Key Lengths&#8221;<\/p>\n\n\n\n<p><strong>Key Points<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>As of January 1, 2024, BSI requires government systems to use at least 3000-bit RSA keys<\/li>\n\n\n\n<li>For asymmetric algorithms over finite fields (e.g. RSA signatures, RSA encryption, DH key exchange) the minimal requirements are 3,000 bits <\/li>\n\n\n\n<li>A key length of \u2265 3000 bits will be binding for cryptographic implementations which are to conform to this Technical Guideline as from 2023<\/li>\n<\/ul>\n\n\n\n<p>RSA 3072-bit is approximately equivalent to <strong>ECC P-256<\/strong> (256-bit) in terms of security strength.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td>RSA Key Size<\/td><td>ECC Key Size<\/td><td>Security Level (bits)<\/td><\/tr><tr><td>RSA 1024<\/td><td>ECC 160<\/td><td>~80 bits<\/td><\/tr><tr><td>RSA 2048<\/td><td>ECC 224<\/td><td>~112 bits<\/td><\/tr><tr><td><strong>RSA 3072<\/strong><\/td><td><strong>ECC 256<\/strong><\/td><td><strong>~128 bits<\/strong><\/td><\/tr><tr><td>RSA 7680<\/td><td>ECC 384<\/td><td>~192 bits<\/td><\/tr><tr><td>RSA 15360<\/td><td>ECC 521<\/td><td>~256 bits<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>Key Points<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>RSA 3072<\/strong> provides approximately <strong>128 bits of security<\/strong><\/li>\n\n\n\n<li><strong>ECC P-256<\/strong> (also called secp256r1 or prime256v1) also provides <strong>128 bits of security<\/strong> <\/li>\n\n\n\n<li>This makes them cryptographically equivalent in terms of resistance to attacks<\/li>\n<\/ul>\n\n\n\n<p><strong>Practical Implications:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Both RSA 3072 and ECC P-256 are considered secure for current and near-future use<\/li>\n\n\n\n<li>ECC P-256 is much more efficient (smaller certificates, faster operations, less bandwidth)<\/li>\n\n\n\n<li>Most modern systems prefer ECC P-256 over RSA 3072 for performance reasons<\/li>\n\n\n\n<li>Both meet current industry security standards and regulatory requirements<\/li>\n<\/ul>\n\n\n\n<p><strong>Current Recommendations:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>ECC P-256<\/strong> is generally preferred for new deployments due to better performance <\/li>\n\n\n\n<li><strong>RSA 3072<\/strong> is still widely supported and secure, but less efficient <\/li>\n\n\n\n<li>Both are expected to remain secure well into the 2030s according to current cryptographic assessments<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>RSA 3072-bit vs ECC Certificates What&#8217;s Happening The Problem with RSA 3072 The Better Solution: ECC P-256 Security Equivalence Recommendation \u2705 Use ECC P-256 for new deployments \u26a0\ufe0f Use RSA 3072 only if: Bottom Line ECC P-256 gives you the same security as RSA 3072 with significantly better performance. Unless you have specific legacy requirements, [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"advanced_seo_description":"","jetpack_seo_html_title":"","jetpack_seo_noindex":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-886","post","type-post","status-publish","format-standard","hentry","category-general"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_likes_enabled":true,"jetpack-related-posts":[],"_links":{"self":[{"href":"https:\/\/blog.koeckeis-fresel.net\/index.php?rest_route=\/wp\/v2\/posts\/886","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.koeckeis-fresel.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.koeckeis-fresel.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.koeckeis-fresel.net\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.koeckeis-fresel.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=886"}],"version-history":[{"count":3,"href":"https:\/\/blog.koeckeis-fresel.net\/index.php?rest_route=\/wp\/v2\/posts\/886\/revisions"}],"predecessor-version":[{"id":891,"href":"https:\/\/blog.koeckeis-fresel.net\/index.php?rest_route=\/wp\/v2\/posts\/886\/revisions\/891"}],"wp:attachment":[{"href":"https:\/\/blog.koeckeis-fresel.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=886"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.koeckeis-fresel.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=886"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.koeckeis-fresel.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=886"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}