The fact that the key is only 80 is *major* compromise. I would recommend that package to no-one. With only a 80 bit key you dont *need* trapdoors, granted they may be more "convenient" but the fact is the 80 key *can* [and certainly will] be broken...
80 is an interesting number. Clipper-sized :-) It's much less than 128, which seems to be popular for other software and works well with MD5-based random session key generators. It's also interestingly bigger than 64, which the Feds are trying to tell us is good enough for non-government work. Are RSA giving in to the Feds? Or are they trying to up the bid, at least allowing us something as good as Clipper if we can't get 128? Not my poker game. Let's look at some threat models. It's probably more than strong enough for any data you're willing to keep on a machine running MS-DOS, where serious attackers will go around it; it's about right for random "left your laptop in the airport" security, and for business use, if the police are going to confiscate your machine, they can probably subpoena the keys from somebody in your company anyway. Random hackers aren't going to be able to crack it, unlike 40-48 or maybe 56. It's big enough that the NSA probably can't break it right now, but in 10-20 years of computer speed growth they'll be able to if they want. It's probably fine for dealing with amounts less than $1-100M for maybe 10 years, and for misdemeanors and light felonies if you're not using the key escrow :-) And in 5 years, you'll be using a different operating system (even if it _is_ named "Windows"), so you'll need a new version, and you can re-encrypt your data when you move it to a decent-sized disk instead of that wimpy 9GB mechanical drive. Anybody who's got a 5-year-old dump of your system has probably stolen any secrets you care about long since anyway. #--- # Thanks; Bill # Bill Stewart, Freelance Information Architect, stewarts@ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #---