As I'm sure you know, PGP picks its primes by choosing a random starting point and testing each odd number upwards until it gets a probable prime. The random number generator used to seed this search is mixed using MD5 which gives a uniform 1/0 distribution. I'd hazard a guess that the chances of a start point having so many contiguous 1's as to be close to 2^N is so vanishingly small that it's more likely a non-prime would pass the probabalistic tests!
Well, not exactly random starting points. Starting points generated by user keystrokes with characteristics that may be analyzed so as to reduce the key space to a searchable size, starting points that are determined by a transformation of those keystroke sequences using an algorithm, starting points that are determined by an algorithm that uses a deterministic (albeit complex) algorithm which performs input and output based on timeslices and interrupt mechanisms and queues that may tend to alter the statistics of arrival times.
I suppose if I were really paranoid I'd feed in fixed starting points for the search to MIT PGP and PGP 2.6.2 to make sure that they come out with the same keys.
The term paranoid is inappropriate in this context. Paranoia refers to an irrational fear, while I am expressing a rational concern over a system that has been taken over by a (partially) government funded university and which has not been properly verified. The history of cryptography (as they say) is (quite literally) littered with the dead bodies of people killed because somebody else thought a cryptosystem was good enough when it was not. -- -> See: Info-Sec Heaven at URL http://all.net Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236