paragonie.com/blog/2019/03/d…
Prime numbers aren't evenly distributed throughout the space of all real numbers. You have four primes between 1 and 10, four between 11 and 20, then only two between 21 and 30.
256-bit RSA keys do not offer 256 bits of security.
256-bit AES keys do.
When a product claims to offer 512 bits of AES security, they're exploiting this confusion.
When someone demonstrates breaking 256-bit RSA, they're trying to impress you by exploiting this confusion.
If you want 128 bits of RSA security, you need 3072-bit keys.
First, you take the cost of attack (number of guesses, etc.), which is hopefully (but not always) a large number, then you take the logarithm of this number, base two.
Google makes this easy. google.com/search?q=lg%28…
The cost to break 256-bit RSA is seconds on a modern computer.
The cost to break 256-bit AES is on the order of magnitude of the energy released by a billion supernovae. pthree.org/2016/06/19/the…
They're extremely different. They're actually different in more ways than they are similar (i.e. they're both classified as "cryptography algorithms" and get misused in similar ways). Don't compare the two.
You encrypt with a public key, decrypt with a private key.
AES (the Advanced Encryption Standard) provides symmetric cryptography. You use the same key for both ops.
If you can help it, don't use RSA.
Use elliptic curve cryptography instead. In the near future, plan on switching to post-quantum cryptography. But we're not there yet, so ECC it is.
Comparing AES and RSA isn't even "apples to oranges", it's more like "apples to slime molds".