How Long Does It Take to Generate an Asymmetric Cryptography Key Pair?

Home > Blogs > Security > How Long Does It Take to Generate an Asymmetric Cryptography Key Pair?

How Long Does It Take to Generate an Asymmetric Cryptography Key Pair?

Like This Blog 0 Mike Danseglio
Added by August 28, 2013

This is part 3 of using Public Key Infrastructure (PKI) and Private Key Cryptography for your Windows Server 2012 environment.

Part 1: Selecting a Key Size for Your Root Certificate Server in Windows Server 2012 AD CS.
Part 2: Selecting a Cryptographic Key Provider in Windows Server 2012 AD CS.

In this post, we’ll look at the time involved to generate asymmetric key pars.

Many technologies use asymmetric, or public-private key cryptography today. If you’re using Public Key Infrastructure (PKI), IP Security (IPSec), virtual private networking (VPN), or even a secure web site that supports SSL, you’re using asymmetric key cryptography.

At the outset, asymmetric key cryptography was devised as an infrequent-use solution because of two important limitations:

  1. Creating an asymmetric key pair is mathematically intensive
  2. Asymmetric key cryptography is not efficient on large amounts of data

It is this first limitation that I’m addressing in this blog.

In brief, generating a useful key pair today is a nearly trivial operation that takes very little time and resources.

Timing Key Generation

To dispel this myth I used two scenarios:

  1. Windows Server 2012 Active Directory Certificate Services generating a 2048-bit RSA key for a self-signed certificate. This is on a single-CPU server with 2048MB of RAM running inside VMware.
  2. OpenSSL generating a similar 2048-bit RSA key on an Intel i7 3.6Ghz with 32MB of RAM.

I chose these two scenarios because of their diversity. The first is a more common IT scenario with limited resources and the test is being run inside a guest operating system with its associated resource overhead. The second is a streamlined command-line geek-centric approach that should be significantly faster.

Before I disclose the results, note that the first time I generated a key pair of this size was over 10 years ago. That process took more than a day.

  • Scenario 1: 7 seconds to generate the key pair.
  • Scenario 2: 4 seconds to generate the key pair.

Conclusion

Don’t avoid generating key pairs because of the complexity or time involved. Even with relatively limited resources, today’s technology makes short work of key generation.

If you want more Windows PKI articles please be sure to drop me a comment.

Take care!
Mike Danseglio -CISSP / CEH
Interface Technical Training – Technical Director and Instructor

Videos You May Like

Agile Methodology in Project Management

0 153 0

In this video, you will gain an understanding of Agile and Scrum Master Certification terminologies and concepts to help you make better decisions in your Project Management capabilities. Whether you’re a developer looking to obtain an Agile or Scrum Master Certification, or you’re a Project Manager/Product Owner who is attempting to get your product or … Continue reading Agile Methodology in Project Management

Using Navigation Controls in a Collaboration Site in SharePoint

0 337 1

In this SharePoint training video, I want to talk about the Navigation Controls in SharePoint. They tend to fall into two kind of different categories; one with the navigation controls in a typical Collaboration Site such as a Team Site or a Project Site. These are Sites that are based on the Team Site Template … Continue reading Using Navigation Controls in a Collaboration Site in SharePoint

Detailed Forensic Investigation of Malware Infections – April 21, 2015

4 608 5

How does an investigator hunt down and identify unknown malware? In this recording of our IT Security training webinar on April 21, 2015, Security expert Mike Danseglio (CISSP / CEH) performed several malware investigations on infected computers and identify symptoms, find root cause, and follow the leads to determine what’s happening. He demonstrated his preferred … Continue reading Detailed Forensic Investigation of Malware Infections – April 21, 2015

Write a Comment

Share your thoughts...

Please fill out the comment form below to post a reply.