RSA Key Size Strength Calculator
RSA security is usually quoted as an equivalent symmetric-key strength in bits, because RSA is broken by factoring the modulus rather than by brute force over the key. This calculator reads the symmetric-equivalent security from the NIST SP 800-57 comparable-strength table and interpolates between its published key-size anchor points. Enter a modulus size to see the approximate security level and how it compares to common thresholds.
RSA strength mapping
NIST SP 800-57 anchor points (modulus bits : security bits)
1,024 : 80
2,048 : 112
3,072 : 128
7,680 : 192
15,360 : 256
in-between sizes are linearly interpolated
RSA is broken by factoring the modulus with the general number field sieve, not by brute force, so its strength does not scale linearly with key length. Rather than approximate the sieve cost, this calculator reads the equivalent security straight from the NIST SP 800-57 Part 1 comparable-strength table and interpolates linearly between the published anchor points. The anchor values are the authoritative figures; only the interpolation between them is computed.
Worked example
A 2,048-bit modulus is a NIST anchor at exactly 112-bit security, meeting the minimum acceptable level. A 3,072-bit modulus is the 128-bit anchor. A 2,560-bit modulus, halfway between the 2,048 and 3,072 anchors, interpolates to 120 bits. A 1,024-bit modulus is 80 bits, below the NIST minimum and no longer recommended.
RSA key strength: frequently asked questions
What does RSA key strength in bits mean?
RSA security is expressed as the bits of an equivalent symmetric cipher: an n-bit symmetric key takes about 2^n work to break by brute force, and an RSA key is rated by the symmetric key that would take comparable effort to break with the best known factoring algorithm, the general number field sieve.
How does this calculator estimate RSA strength?
It reads the equivalent security directly from the NIST SP 800-57 Part 1 comparable-strength table (1,024 to 80 bits, 2,048 to 112, 3,072 to 128, 7,680 to 192, 15,360 to 256) and interpolates linearly for sizes in between. The anchor values are the published NIST figures; only the interpolation is computed.
What key sizes does NIST recommend?
NIST SP 800-57 maps RSA-2048 to 112-bit security, RSA-3072 to 128-bit, RSA-7680 to 192-bit and RSA-15360 to 256-bit. NIST treats 112-bit security as the minimum acceptable level for current use. Always confirm against the current NIST publication for your application.
Is a bigger RSA key always better?
Larger keys are stronger but slower for signing and decryption, and the gain per added bit shrinks. Most systems standardise on 2,048 or 3,072 bits. For very long-term protection, elliptic-curve cryptography reaches high security with far smaller keys.
Sources and references
- NIST Computer Security Resource Center: SP 800-57 Part 1, key management and strength mapping.
- NIST Computer Security Resource Center: cryptographic standards and guidelines.
- Method: linear interpolation of the NIST SP 800-57 Part 1 comparable-strength anchor points.
Reviewed by the CalculatorHub team, edited by James Graham, 19 June 2026. See our methodology.