I think you are fine if the odds of corrupting the message are less than the odds of getting hit by a a falling meteor while running the program. In general there is little point in making any one part of the system many orders of magnitude more reliable than any other part.
I agree entirely. That's why my PGP key at school is 382 bits. It's a lot easier to compromise my machine than factor a 382 bit number. So let me rephrase the question: what's the minimum number of entropy bits that can be used and still give you that warm and fuzzy feeling that you don't have to worry about the possibility that the message might be corrupted? The winning answer gets a free mention in the PGP/MIME Implementation notes Web page: http://www.c2.org/~raph/impl.html Raph