-----BEGIN PGP SIGNED MESSAGE----- Roger Bryner said, ...You should always take some reasonable ammount of time(say 5 min) to encrypt your most sensitive messages, even if you have a 12 crays and a connection machene. The algorithim can be viewed as giving you an economic advantage, and worying over spending $.01 vs $.0001 is not just stingy, it is dangerous. I disagree. The problem is not time to ENcrypt, which is not much greater for large keys than small ones. This is because the ENcryption exponent is usually a small number, like 17. The problem is the time for your recipient to DEcrypt. On my 386/SX 16mz, DEcrypting a msg with a 4096-bit key takes 5-10 minutes. I have a report that a Pentium takes about 1.5 minutes. During that 5-10 minutes, many recipients will not sit there watching grass grow, but will leave the PC unattended to do something else. If during that time Janet Reno's storm troopers break through the front door, your recipient may not have time to power-off the PC and PGP will deliver your plaintext message right into JR's hands! Thus in some cases use of a large key can -reduce- security of your msg. I haven't worked out the math, but I suspect that an 8000-bit key is completely impractical for use on any desktop machine. At this time, open use of a large key marks you as not using an MIT version of PGP, thus making you a target of RSA. This is easily avoided by exchanging large keys and messages encrypted with large keys "inside an envelope" of 1024-bit key encryption. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLg6Mjd4nNf3ah8DHAQErZwP/RiKYC+iTX61iuNV/a8Ga1H3Cz1M/r1iL 0gYiHId1QckiKcWMt1f9XwbT4TpY9OWrVKb7wK1N94nKQq7T56eg/fuoEC4e2TlL j5WXHX8S5SEUPWpTeU0V2XsnYeojsyBCHh8keVcDROr6nBZmxACmSxWEFMTjYfUf 3x8YdS2ThoE= =0CI+ -----END PGP SIGNATURE----- -- edgar@spectrx.sbay.org (Edgar W. Swank) SPECTROX SYSTEMS +1.408.252.1005 Cupertino, Ca