Network Security (NETSEC) 3 Practice Test

Public-key cryptography relies on hard mathematical problems rather than a brute-force search of keys. Because the attacker doesn’t try every possible private key in a straightforward way, the way we measure security is different from symmetric systems. To reach the same level of practical protection as a 128-bit symmetric key, public-key schemes must use much larger key sizes. In practice, RSA keys are thousands of bits long (often 2048–3072 bits) to achieve comparable security, while ECC can reach similar strength with hundreds of bits. So the longer key length in public-key systems reflects the nature of the underlying hardness assumptions and the attack models, making public keys considerably longer than symmetric keys to provide similar protection.