On Thu, 9 Nov 1995, Perry E. Metzger wrote:
I agree entirely. That's why my PGP key at school is 382 bits. It's a lot easier to compromise my machine than factor a 382 bit number.
On the other hand, it costs nothing by most people's standards to use a 1024 bit key, so why not use one? I find that there is only a point in using low security for anything in particular when there is a perceivable cost to it -- if the cost is typing a different number while doing key generation, I don't see why one should suffer the tradeoff.
Actually, it makes a sort of sense; if I see a 384 bit PGP key, it strikes me as insecure, and I really consider it; unless it says so on the 1024 bit key, I wouldn't think about it much. It's useful as a human identifier, assuming it's not the weakest link in the chain. Jon ------------------------------------------------------------------------------ Jon Lasser <jlasser@rwd.goucher.edu> (410)494-3072 Visit my home page at http://www.goucher.edu/~jlasser/ You have a friend at the NSA: Big Brother is watching. Finger for PGP key.