|> Another RSAREF limitation is that it cannot cope with keys longer than |> 1024 bits. Projecting current progress in factoring, how long will 1024-bit keys be secure against something like NSA? Is it the case that by standarizing on 1024-bit keys for the forseeable future, are we merely providing a window of opportunity for cryptopunks which will work fine for awhile but which will slam shut forever once the NSA becomes able (as a result of vast computer power, if nothing else) to routinely factor numbers this large, maybe in about 2150 or so? Remember people thought RSA-129 would take a long time. Cypherpunks write code that will remain secure for a long, long time I hope. Standardizing on RSAREF might, in the very long run, eventually have the same crippling effect that standarizing on clipper could have in the short to intermediate term. If people become complacent about this limitation, it could become institutionalized. If everybody uses PGP 2.5 for the next hundred years, what happens then? If the public PGP depends on RSAREF whose evolution is controlled by RSA, and if eventually a new version comes out which is incompatible with the older versions, and for which source code isn't as readily available, and the world standardizes on it, and it isn't interoperable with older versions, then we lose control, even if we now distribute a version of PGP 2.5 with the key restriction removed. I would be happier if PGP 2.5 did not impose such a limit on key length. If we standardize on something with limitations, we have to remove them in the future. If we standarize on something without limitations, future generations don't have to worry about it. In addition to distributing crypto to the masses, we need to ensure that no infrastructure gets imposed which obviates our methods. I don't know if the 1024-bit key restriction will over time become an important limitation or not -- do you? A better question -- how long will it take? I don't think I'm being paranoid, I'm just curious about the details about what is known about just how hard factoring is, and how that corresponds to the exponential growth in technological capability, and where the crossover point lies for 1024-bit keys. Maybe I should just read the book instead of posting... (Naah!..) -- dat@ebt.com (David Taffs)