npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

ssl-rsa-strength

v1.0.0

Published

Measure the relative strength of asymmetric crypto, e.g. RSA and ECC keys.

Downloads

4

Readme

SSL RSA Strength

Asymmetric ciphers like RSA are evaluated by National Institute of Standards and Technology by converting them to equivalent symmetric cipher values.

This module implements the technique used by NIST (a General Number Field Sieve), allowing you to compare the relative strength of different RSA modulus sizes (RSA 1024, 2048, 4096, etc) as if they were symmetric ciphers.

In short: if you're interested in comparing the relative strengths of RSA key sizes, this module is for you.

Please also note that strength is only a small portion of choosing a key size: there are considerable drawbacks in using a 4096 bit key, including slower handshakes affecting the time taken for browsers to connect, as well as increased CPU usage on both the server and the browser.

This module now also includes ECC cipher strength.

See 'Interpreting the results' below for further information.

Usage

Just install:

  npm install ssl-rsa-strength

Then:

  var getStrength = require('ssl-rsa-strength');

  getStrength.rsa(modulus);
  getStrength.ecc(pSize);

Modulus is, for RSA, what is commonly referred to as key size, eg, 2048, 4096 etc.

pSize is, for ECC, what is commonly referred to as key size, eg, 256, 512 etc.

OpenSSL default key size (non-EV)

  getStrength.rsa(512);

LibreSSL default key size (non-EV)

  getStrength.rsa(1024);

Minimum for a EV SSL certificate per cabforum guidelines

  getStrength.rsa(2048);

Interpreting the results

Results should be read as if comparing a symmetric cipher, eg, a strength of 116 bits means you theoretically have 2^116 possibilities to bruteforce.

Why theoretically? The GNFS is a heuristic: it's a tool to help you measure the relative strengths of different RSA key sizes but it is not exact. See The number field sieve by Arjen K. Lenstra page 5,section 3 for further discussion.

Implementation details, future vulnerabilities in RSA, and other factors can affect the strength of an RSA key. The attack that breaks RSA 2048 could also break RSA 4096.

In addition: the original NIST cypher rounded down to commonly used symmetric key sizes to allow comparison with existing common symmetric cipher values - so you could say 'RSA 1024 is equivalent to AES 80', whereas this module gives the raw results.

Unit tests

	npm test

The values are checked against the Mathematica implementation from Crypto StackExchange mentioned below.

Recommended Reading

The original National Institute of Standards and Technology Special Publication 800-57 Recommendation for Key Management

The number field sieve by Arjen K. Lenstra

In particular, these two threads on Crypto StackExchange have excellent discussion used in researching the development of this module: