I think its worth pointing out that instead of taking (arguably) $10,000 worth of computer time to brute force SSL, Goldberg-Wagner's attack exploits a weakness in the system to spend maybe a few dollars to crack it. Clever attacks on cryptosystems like this are the bread and butter of 'practical' cryptanalysis. It might take until slightly after the heat death of the universe to break IDEA or your 2048 bit RSA key, but there exist other attacks, and they are the ones which will be exploited. (Also, as Robert Morris pointed otut, never underestimate the time, money or effort your opponent will put into cryptanalysis. Cypherpunks, collectively, have put a great deal of time, effort, and CPU into proving SSL bogus, and I don't think anyone here made any money doing it.) Perhaps we should refocus our efforts on attacking PGP, to see if there are holes there? (I'm not suggesting there are, but it would be nice to see some code written to extend Crack to phrases, do some more code review, etc.) Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume