What RSA key length should I use for my SSL certificates?

Question

I\'m in the process of creating a CSR, and I wonder which is arguably the best length for my RSA key.

Of course, 384 is probably too weak, and 16384 is probably too

Answer 1

As many customers require compliance with NIST cryptographic standards, I use the guidance in the NIST Special Publication 800‑57, Recommendation for Key Management Part 1, §5.6. Most of our applications are a good fit for 112 "bits" of security, so that corresponds to triple-DES (or a small bump up to 128-bit AES) for symmetric ciphers and a 2048-bit key for RSA. See Table 2 for a rough equivalence.

Valid or not, being able to refer them to a NIST publication helps customers feel better about security (if they bother to ask).