ssl-rsa-strength
Advanced tools
Measure the relative strength of asymmetric crypto, e.g. RSA and ECC keys.
Asymmetric ciphers like RSA are evaluated by National Institute of Standards and Technology by converting them to equivalent symmetric cipher values.
This module implements the technique used by NIST (a General Number Field Sieve), allowing you to compare the relative strength of different RSA modulus sizes (RSA 1024, 2048, 4096, etc) as if they were symmetric ciphers.
In short: if you're interested in comparing the relative strengths of RSA key sizes, this module is for you.
Please also note that strength is only a small portion of choosing a key size: there are considerable drawbacks in using a 4096 bit key, including slower handshakes affecting the time taken for browsers to connect, as well as increased CPU usage on both the server and the browser.
This module now also includes ECC cipher strength.
See 'Interpreting the results' below for further information.
Just install:
npm install ssl-rsa-strength
Then:
var getStrength = require('ssl-rsa-strength');
getStrength.rsa(modulus);
getStrength.ecc(pSize);
Modulus is, for RSA, what is commonly referred to as key size, eg, 2048, 4096 etc.
pSize is, for ECC, what is commonly referred to as key size, eg, 256, 512 etc.
getStrength.rsa(512);
getStrength.rsa(1024);
getStrength.rsa(2048);
Results should be read as if comparing a symmetric cipher, eg, a strength of 116 bits means you theoretically have 2^116 possibilities to bruteforce.
Why theoretically? The GNFS is a heuristic: it's a tool to help you measure the relative strengths of different RSA key sizes but it is not exact. See The number field sieve by Arjen K. Lenstra page 5,section 3 for further discussion.
Implementation details, future vulnerabilities in RSA, and other factors can affect the strength of an RSA key. The attack that breaks RSA 2048 could also break RSA 4096.
In addition: the original NIST cypher rounded down to commonly used symmetric key sizes to allow comparison with existing common symmetric cipher values - so you could say 'RSA 1024 is equivalent to AES 80', whereas this module gives the raw results.
npm test
The values are checked against the Mathematica implementation from Crypto StackExchange mentioned below.
The original National Institute of Standards and Technology Special Publication 800-57 Recommendation for Key Management
The number field sieve by Arjen K. Lenstra
In particular, these two threads on Crypto StackExchange have excellent discussion used in researching the development of this module:
FAQs
Measure the relative strength of asymmetric crypto, e.g. RSA and ECC keys.
The npm package ssl-rsa-strength receives a total of 0 weekly downloads. As such, ssl-rsa-strength popularity was classified as not popular.
We found that ssl-rsa-strength demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
/Security News
A flawed sandbox in @nestjs/devtools-integration lets attackers run code on your machine via CSRF, leading to full Remote Code Execution (RCE).
Product
Customize license detection with Socket’s new license overlays: gain control, reduce noise, and handle edge cases with precision.
Product
Socket now supports Rust and Cargo, offering package search for all users and experimental SBOM generation for enterprise projects.