Performance: 4096 Bit RSA-Key compared to 2048 bit RSA-Key
Solution 1
Use OpenSSL's speed
command to benchmark the two types and compare results. Here's an example command to run on the server to compare only the key types and sizes you mention:
openssl speed rsa2048 rsa4096
For reference, here are some benchmark results from a modest VPS:
sign verify sign/s verify/s
rsa 2048 bits 0.000685s 0.000032s 1459.1 31629.7
rsa 4096 bits 0.007574s 0.000113s 132.0 8851.0
As you can see, doubling the certificate key size places an enormous additional burden on the server's CPU and is many times slower. Avoid 4096 bit keys unless you have a specific threat model which requires their use.
Solution 2
I decided to run openssl speed
with three key sizes: 1024, 2048 and 4096 bits. Here are the results on my home PC, which is decent but far from exceptional as far as number-crunching power goes:
sign verify sign/s verify/s
rsa 1024 bits 0.000273s 0.000017s 3662.2 59513.0
rsa 2048 bits 0.001994s 0.000052s 501.5 19254.5
rsa 4096 bits 0.014438s 0.000219s 69.3 4560.3
So by doubling the key length, the time to sign a message increases by 7x, and the time to verify a signature increases by more than 3x.
Either way you slice it, the performance impact of moving from 2048-bit RSA to 4096-bit RSA is highly significant.
It is also highly doubtful that you have a SSL workload which requires the additional security from 4096-bit RSA.
You would almost certainly do better by implementing forward secrecy instead, as doing so would reduce the impact of a key compromise at very little extra cost to either the server or the client.
Related videos on Youtube
Dongfu He
Updated on September 18, 2022Comments
-
Dongfu He over 1 year
Is there a comparison between 4096 Bit RSA-Key and a 2048 Bit RSA-Key? I'd like to know what impact on performance it has, if I'm choosing a 4096-Bit key for ssl-encryption. Is there any info which says, how much more CPU usage will be required if a 4096 bit key is used instead of a 2048 bit one?
-
MrWhite over 7 yearsRelated question on the security stack: security.stackexchange.com/questions/65174/…
-