Perry says: | | Mike Markley says: | > The 129 digit key was broken in 8 calendar months and not 8 CPU months, | > correct? If so then for most purposes a 129 digit key is more than | > adequate. If you are faxing a contract to someone then if the deal | > isn't signed in 8 months the odds are that information about it will | > leak from a different source than your fax. | | This isn't true. If you are signing the contract digitally, for | instance, you would want to be sure that no one could forge your | signature to change the terms after the fact -- a few months isn't | enough for such purposes, only something that will last for fifteen or | twenty years is okay. | | Perry | I'll definitely agree that for something as binding as a signature that I would want to have a very large key. For daily communication it seems that fairly weak keys should be more than adequate as long as they can't be broken in a reasonable amount of time. I'm interested in what most of the people on this list would consider a reasonable amount of time though. It seems that the average person doesn't have adversaries with the know-how and computing power to break even a 64 digit key let alone a 129 digit key. Consider the group of people that broke the RSA key, they would not fit the profile of the average person, let alone the average computer user. I doubt if the local police department here could convince the NSA that they need to crack my e-mail because I might be conspiring to commit some illegal act and I doubt that they could put my e-mail out on the net saying, "here's some encoded data, does anybody know what it says?" Right now that's the only two ways that I could think of for someone to get some encrypted data unencrypted. Mike ===================================================== Mike Markley <mmarkley@microsoft.com> I'm not a Microsoft spokesperson. All opinions expressed here are mine. =====================================================