There are a number of ways to attack a PGP (or PEM) encrypted document. The first, and most likely easiest, is to try to get someone's private key. Other attacks include attacks on IDEA (128-bit keys) or RSA. Its unclear what any of these attacks require, at this point. Breaking IDEA would take a brute force attack (2^128 keys) unless something better comes up. Breaking RSA requires factoring the modulus, unless something easier comes up. I would expect that the time to factor a 1200bit modulus would be on the order of a million years or more, even given technology upgreades of the near-future. I've seen a number-of-addition-bits to amount-of-extra-time-to-factor ratio, but I don't remember what it is. (order of magnitude per 10 decimal digits, maybe????) Comments, suggestions, corrections, all welcome. -derek