Since the only way to “crack” a key is usually a so-called brute-force attack, attempting every possible option, the key length specifies the processing power and computing time. However, it’s impossible to clearly determine the key length required for a protocol to be sufficiently secure. On one hand, computers are becoming more and more powerful and can “crack” a specific key length in a short amount of time, on the other hand there is no guarantee a certain encryption will not be bypassed or eliminated by a new arithmetic method. A key with a specific length considered secure just a few years ago can now be decoded by supercomputers within an acceptable amount of time.
At this time the assumption is that a key for a symmetric encryption method should be at least 100 bit to be considered adequately secure. Asymmetric keys, as for example used in many public key methods, require longer keys for their security to be equivalent to symmetrical processes. 40 or 64 bit keys are now considered inadequate and unsecure.
Long keys do negatively impact the performance of applications based on the processing power required from the device for encryption and decryption. So depending on a device’s processing power it may take considerably longer to encrypt a message with a long key and to decrypt the message on the other end.