, 16 tweets, 4 min read Read on Twitter
When discussing cryptography with the general public, one of the biggest sources of confusion is the difference of security between 256-bit AES (secure) versus 256-bit RSA.
Aside: If you're curious about which key sizes to use, read this guide to cryptographic key size recommendations.

paragonie.com/blog/2019/03/d…
The security of RSA is based on the difficulty of factoring large numbers into its prime components.

Prime numbers aren't evenly distributed throughout the space of all real numbers. You have four primes between 1 and 10, four between 11 and 20, then only two between 21 and 30.
Consequently, the sizes of the numbers used in RSA doesn't translate one-for-one into the security level of the keys being used.

256-bit RSA keys do not offer 256 bits of security.
256-bit AES keys do.
Charlatans often like to exploit this discrepancy.

When a product claims to offer 512 bits of AES security, they're exploiting this confusion.

When someone demonstrates breaking 256-bit RSA, they're trying to impress you by exploiting this confusion.
If you want 256 bits of RSA security, you need 15360-bit keys. Which are impractical and slow.

If you want 128 bits of RSA security, you need 3072-bit keys.
What does "bits of security" mean?

First, you take the cost of attack (number of guesses, etc.), which is hopefully (but not always) a large number, then you take the logarithm of this number, base two.

Google makes this easy. google.com/search?q=lg%28…
Every additional bit of security means "twice as hard to break".

The cost to break 256-bit RSA is seconds on a modern computer.

The cost to break 256-bit AES is on the order of magnitude of the energy released by a billion supernovae. pthree.org/2016/06/19/the…
"What's RSA? What's AES? How are they different?"

They're extremely different. They're actually different in more ways than they are similar (i.e. they're both classified as "cryptography algorithms" and get misused in similar ways). Don't compare the two.
RSA, named after its inventors (Rivest, Shamir, and Adleman), provides asymmetric ("public key") cryptography.

You encrypt with a public key, decrypt with a private key.

AES (the Advanced Encryption Standard) provides symmetric cryptography. You use the same key for both ops.
If you'd like to see AES in action, check out this video:
If you'd like to better understand RSA, we can link a video too but first and foremost...

If you can help it, don't use RSA.

Use elliptic curve cryptography instead. In the near future, plan on switching to post-quantum cryptography. But we're not there yet, so ECC it is.
It's not just us telling you this. @trailofbits has the following to say about RSA: blog.trailofbits.com/2019/07/08/fuc…
@trailofbits Latacora also explains why you don't want to use RSA in this section of their "right answers" page: latacora.micro.blog/2018/04/03/cry…
@trailofbits With that in mind, you can learn more about RSA here:
@trailofbits The key takeaway:

Comparing AES and RSA isn't even "apples to oranges", it's more like "apples to slime molds".
Missing some Tweet in this thread?
You can try to force a refresh.

# Like this thread? Get email updates or save it to PDF!

###### Subscribe to Paragon Initiative Enterprises

Get real-time email alerts when new unrolls are available from this author!

###### This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

# Try unrolling a thread yourself!

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" `@threadreaderapp unroll`

You can practice here first or read more on our help page!