SuggestKeySizes - CAcert Wiki

Suggested Key Sizes

NIST SP 800-57 is the NIST's suggestion on what keylengths to use and expected timeframe that is will be useful.

Recommended algorithms and minimum key sizes
Algorithm security lifetimes	Symmetric key algorithms (Encryption & MAC)	FFC (e.g., DSA, D-H)	IFC (e.g., RSA)	ECC (e.g., ECDSA)
Through 2010 (min. of 80 bits of strength)	2TDEA* 3TDEA AES-128 AES-192 AES-256	Min.: L = 1024; N =160	Min.: k=1024	Min.: f=160
Through 2030 (min. of 112 bits of strength)	3TDEA AES-128 AES-192 AES-256	Min.: L = 2048 N = 224	Min.: k=2048	Min.: f=224
Beyond 2030 (min. of 128 bits of strength)	AES-128 AES-192 AES-256	Min.: L = 3072 N = 256	Min.: k=3072	Min.: f=256

Explanations:

FFC = Finite Field Cryptography; "L" = bit width of the public key, "N" = bit width of the private key.
IFC = Integer Factorization Cryptography; "k" = module size (bits).
ECC = Elliptic Curve Cryptography; "f" = minimal key size (bits).
The guarantee of at least 80-bits of security for 2TDEA is based on the assumption that an attacker has at most 240 matched plaintext and ciphertext blocks. Encryption with the strength of 80 is disallowed after 2013. That strength is no more considered as the secure one.
MAC = Message Authentication Code
DSA = Digital Signature Algorithm
D-H = Diffie-Hellmann (authors of the secure key exchange algorithm)
RSA = Rivest, Shamir, Adleman (authors of the non-symmetrical encryption-decryption algorithm with public and private keys)
ECDSA = Elliptic Curve Digital Signature Algorithm
2TDEA = 2-keys Triple Data Encryption Algorithm
3TDEA = 3-keys Triple Data Encryption Algorithm
AES = Advanced Encryption Standard