diff options
author | Sybren A. Stüvel <sybren@stuvel.eu> | 2011-08-03 13:56:32 +0200 |
---|---|---|
committer | Sybren A. Stüvel <sybren@stuvel.eu> | 2011-08-03 13:56:32 +0200 |
commit | 58fe9468aaeb0910e08502d6d82184e2ef8b1901 (patch) | |
tree | 132be36f986c68ab654a782eb84739d69dbba8f9 /doc/usage.rst | |
parent | dbea213e8875d53087b5b3adf85c7004f13b05d8 (diff) | |
download | rsa-58fe9468aaeb0910e08502d6d82184e2ef8b1901.tar.gz |
More documentation about key size and OpenSSL compatibility
Diffstat (limited to 'doc/usage.rst')
-rw-r--r-- | doc/usage.rst | 35 |
1 files changed, 33 insertions, 2 deletions
diff --git a/doc/usage.rst b/doc/usage.rst index 9b5fc17..e4436e4 100644 --- a/doc/usage.rst +++ b/doc/usage.rst @@ -44,8 +44,9 @@ encrypt. If you don't mind having a slightly smaller key than you requested, you can pass ``accurate=False`` to speed up the key generation process. -These are some timings from my netbook (Linux 2.6, 1.6 GHz Intel Atom -N270 CPU, 2 GB RAM): +These are some average timings from my netbook (Linux 2.6, 1.6 GHz +Intel Atom N270 CPU, 2 GB RAM). Since key generation is a random +process, times may differ. +----------------+------------------+ | Keysize (bits) | Time to generate | @@ -69,6 +70,36 @@ N270 CPU, 2 GB RAM): | 2048 | 132.97 sec. | +----------------+------------------+ +If key generation is too slow for you, you could use OpenSSL to +generate them for you, then load them in your Python code. See +:ref:`openssl` for more information. + +Key size requirements +-------------------------------------------------- + +Python-RSA version 3.0 introduced PKCS#1-style random padding. This +means that 11 bytes (88 bits) of your key are no longer usable for +encryption, so keys smaller than this are unusable. The larger the +key, the higher the security. + +Creating signatures also requires a key of a certain size, depending +on the used hash method: + ++-------------+-----------------------------------+ +| Hash method | Suggested minimum key size (bits) | ++=============+===================================+ +| MD5 | 360 | ++-------------+-----------------------------------+ +| SHA-1 | 368 | ++-------------+-----------------------------------+ +| SHA-256 | 496 | ++-------------+-----------------------------------+ +| SHA-384 | 624 | ++-------------+-----------------------------------+ +| SHA-512 | 752 | ++-------------+-----------------------------------+ + + Encryption and decryption -------------------------------------------------- |