Skip to content
Percona Software for MySQL Documentation

For help, click the link below to get free database assistance or contact our experts for personalized support.

Get help from Percona

Key length considerations

Selecting appropriate cryptographic key lengths requires balancing security requirements with computational overhead. The following considerations should guide implementation decisions:

  • Key length security characteristics:

  • Security strength increases exponentially with bit length - a 2048-bit RSA key provides significantly higher security than a 1024-bit key

  • Computational requirements increase proportionally with key length, affecting system performance

  • Security margin increases logarithmically - doubling key length provides exponentially more possible combinations

  • Common implementation error: Implementing maximum key lengths for all applications without considering performance implications

  • Two types of cryptographic relationships:

  • Symmetric: Same key locks and unlocks (AES, etc.)

    • Like having one key that works on both sides of your door

    • Blazingly fast compared to asymmetric encryption

    • The problem: How do you securely share that key with other parties without exposing it during transmission

  • Asymmetric: Different keys for locking and unlocking (RSA, DSA, etc.)

    • Like a safety deposit box where you have one key and the bank has another

    • Significantly slower (think 1000x or more) than symmetric encryption

    • But solves the key distribution problem brilliantly

    • This is what we’re focusing on in this document

  • Size limits that will bite you:

    • RSA can only encrypt messages smaller than your key size (minus padding)

    • A 2048-bit key can’t encrypt a 2048-bit message - more on this particular trap later

    • If you try to encrypt something too large, you’ll get an error that explains absolutely nothing.