The key length is an important parameter of symmetrical or asymmetric encryption processes. It provides information on how many different key values a key can accept in a specific protocol. The key length is typically specified as a logarithm in form of bits. So e.g. 3 bit key length (2 x 2 x 2 = 8) will accept eight different keys. The longer the key, the more secure data can be viewed with it. The key length is an encryption security standard and varies by the protocol used and the algorithm.

Key security

Since the only way to “crack” a key is usually a so-called brute-force attack, attempting every possible option, the key length specifies the processing power and computing time. However, it’s impossible to clearly determine the key length required for a protocol to be sufficiently secure. On one hand, computers are becoming more and more powerful and can “crack” a specific key length in a short amount of time, on the other hand there is no guarantee a certain encryption will not be bypassed or eliminated by a new arithmetic method. A key with a specific length considered secure just a few years ago can now be decoded by supercomputers within an acceptable amount of time.

Minimum key length

At this time the assumption is that a key for a symmetric encryption method should be at least 100 bit to be considered adequately secure. Asymmetric keys, as for example used in many public key methods, require longer keys for their security to be equivalent to symmetrical processes. 40 or 64 bit keys are now considered inadequate and unsecure.

Long keys do negatively impact the performance of applications based on the processing power required from the device for encryption and decryption. So depending on a device’s processing power it may take considerably longer to encrypt a message with a long key and to decrypt the message on the other end.