[sec400]

On the included estimations of the frequency that this occurs. I scraped a collection of (mainly developer) public keys for a previous project and got the following numbers.

  sqlite> select count(*) from keys;
  1627715

Quite a difference between the ratio of 2047/2048 bit keys and 1023/1024 bit keys.

  sqlite> select count(*) from keys where strength = "2048";
  936441
  sqlite> select count(*) from keys where strength = "2047";
  466

  sqlite> select count(*) from keys where strength = "1024";
  39068
  sqlite> select count(*) from keys where strength = "1023";
  5908

Interestingly also:

  sqlite> select count(*) from keys where strength = "2049";
  13
  sqlite> select count(*) from keys where strength = "2050";
  5
  sqlite> select count(*) from keys where strength = "2051";
  1
  sqlite> select count(*) from keys where strength = "2052";
  0

[eqvinox]

I vaguely remember a recommendation to use non-power-of-two key lengths, but that was ~15 years ago and I have absolutely no memory of any details (might even have been a DSA thing.) I do, however, have a whole bunch of 2111-bit keys still in use (cycled a few times of course.)