What RSA key size should I use?

Use at least 2048-bit RSA for new keys; 3072-bit gives roughly 128-bit symmetric-equivalent security and is recommended for long-lived keys. 1024-bit RSA is broken in practice and must be retired.

Is Ed25519 better than RSA?

For signatures, Ed25519 offers around 128-bit security with tiny 32-byte keys, fast verification and resistance to many implementation pitfalls. It is preferred for new systems, though RSA remains common for compatibility.

What is the difference between X25519 and Ed25519?

Both use Curve25519 but for different jobs. X25519 is for Diffie-Hellman key exchange (establishing a shared secret), while Ed25519 is for digital signatures (EdDSA). Do not reuse one key for both.

Why does a 256-bit ECC key match a 3072-bit RSA key?

Elliptic-curve cryptography resists the best-known attacks more efficiently, so a 256-bit curve gives about 128 bits of security — the same level as 3072-bit RSA but with far smaller keys and faster operations.

Are these algorithms quantum-safe?

No. RSA and elliptic-curve algorithms are broken by a large quantum computer running Shor's algorithm. Post-quantum schemes such as ML-KEM (Kyber) and ML-DSA (Dilithium) are being standardised to replace them.

Asymmetric Cipher Reference

Email me this result

Get this tool's output sent to your inbox, plus one useful tool a week. No spam, unsubscribe any time.

Asymmetric (public-key) algorithm reference

Asymmetric algorithms use a key pair: a public key anyone can hold and a private key kept secret. They power TLS handshakes, SSH, code signing, certificates and end-to-end encryption. This reference compares RSA, ECDSA, Ed25519, X25519, ECDH and ElGamal by equivalent security level, key size, performance and intended purpose (signing, key exchange or encryption).

How it works

Security rests on hard math problems: RSA on integer factorisation, elliptic-curve schemes on the elliptic-curve discrete log problem. Because EC attacks scale better for defenders, EC keys are much smaller than RSA keys at the same security level:

~112-bit security: RSA-2048
~128-bit security: RSA-3072 or 256-bit curve (P-256, Curve25519)
~192-bit security: RSA-7680 or 384-bit curve (P-384)
~256-bit security: RSA-15360 or 521-bit curve (P-521)

Always match the role: use a signature algorithm for authenticity and a key-exchange algorithm to derive a shared symmetric key, then encrypt bulk data with a symmetric cipher.

Tips and notes

For new signatures, prefer Ed25519; for key exchange, prefer X25519.
RSA-2048 is the practical minimum; use RSA-3072+ for keys that must last years.
Never use a single key pair for both signing and encryption.
Plan for post-quantum migration — hybrid X25519 + ML-KEM is already deployed in TLS.