Raph Levien writes:
I think you are fine if the odds of corrupting the message are less than the odds of getting hit by a a falling meteor while running the program. In general there is little point in making any one part of the system many orders of magnitude more reliable than any other part.
I agree entirely. That's why my PGP key at school is 382 bits. It's a lot easier to compromise my machine than factor a 382 bit number.
On the other hand, it costs nothing by most people's standards to use a 1024 bit key, so why not use one? I find that there is only a point in using low security for anything in particular when there is a perceivable cost to it -- if the cost is typing a different number while doing key generation, I don't see why one should suffer the tradeoff. Perry